Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Remnants after infection? [Solved]


  • This topic is locked This topic is locked

#1
Alias50

Alias50

    Member

  • Member
  • PipPipPip
  • 343 posts
Hey guys. I guess this is a little ironic, being in GeekU and all. :whistling: Guess it can happen to anyone.

I'm opening this topic as a follow-up from a post in the Windows 7 forum here. After a hopefully satisfactory removal of an admittedly self-inflicted infection, (but when you think about it, is there any other kind?) my PC blue screened on startup. This happened a while ago, so the minidumps are gone. There haven't been any other problems since, but I want to follow up on things just in case. Because of this, my situation is by no means urgent, more of a once over to make sure everything's the way its supposed to be. OTL log follows.


*Please forgive the Run 4 notation in the log. I was screwing around with OTL previously. All I did was generate logs, so I never did run the cleanup function. If it's necessary I'll do it, though.



OTL logfile created on: 18/04/2012 6:13:19 PM - Run 4
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Michal\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 3.89 Gb Available Physical Memory | 64.93% Memory free
11.98 Gb Paging File | 9.45 Gb Available in Paging File | 78.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.77 Gb Total Space | 107.78 Gb Free Space | 23.14% Space Free | Partition Type: NTFS
Drive D: | 465.74 Gb Total Space | 100.95 Gb Free Space | 21.67% Space Free | Partition Type: NTFS

Computer Name: MICHAL-PC | User Name: Michal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/18 18:12:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Michal\Desktop\OTL.exe
PRC - [2012/04/02 20:51:10 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/03/17 22:21:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/03/01 23:59:26 | 000,285,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
PRC - [2012/01/19 12:41:52 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
PRC - [2011/09/22 16:41:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/09/22 12:29:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/02 13:36:23 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Games\Steam\Steam.exe
PRC - [2011/04/15 03:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/03/10 10:47:40 | 001,839,888 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011/03/10 10:47:14 | 000,050,592 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2011/02/03 19:30:52 | 000,115,624 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/02/03 19:30:32 | 000,108,456 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/16 17:03:57 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012/03/21 19:19:38 | 020,297,512 | ---- | M] () -- D:\Games\Steam\bin\libcef.dll
MOD - [2012/03/21 19:19:37 | 001,099,576 | ---- | M] () -- D:\Games\Steam\bin\avcodec-53.dll
MOD - [2012/03/21 19:19:37 | 000,907,048 | ---- | M] () -- D:\Games\Steam\bin\chromehtml.dll
MOD - [2012/03/21 19:19:37 | 000,190,776 | ---- | M] () -- D:\Games\Steam\bin\avformat-53.dll
MOD - [2012/03/21 19:19:37 | 000,123,192 | ---- | M] () -- D:\Games\Steam\bin\avutil-51.dll
MOD - [2012/03/17 22:21:58 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/03/12 18:31:01 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d8345a7a14f0dc106f60d31a2c8eac2f\System.ServiceProcess.ni.dll
MOD - [2012/03/12 18:30:58 | 012,081,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\8d1c109891c3552e2f6aee4cae83f21c\System.Web.ni.dll
MOD - [2012/03/12 18:30:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dc5a405f092aeaf84db4dc539385e86d\System.Runtime.Remoting.ni.dll
MOD - [2012/03/12 17:41:34 | 011,469,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b761a3b6e5c751993ff65aafd7fe42b8\PresentationCore.ni.dll
MOD - [2012/03/12 17:41:32 | 013,138,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f7283ec1c4b47c6b21777626a76d6611\System.Windows.Forms.ni.dll
MOD - [2012/03/12 17:41:29 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\22d54437cf1de9478f5c2c23f07eb9d6\System.Core.ni.dll
MOD - [2012/03/12 17:41:26 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\1084708d3872b8e64f7ec88145298b2d\System.Xml.ni.dll
MOD - [2012/03/12 17:41:25 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\3ed9c2f173958ae6663134d302cc4f62\WindowsBase.ni.dll
MOD - [2012/03/12 17:41:24 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b798dff0ec58f4c76d96bb656d8d04bd\System.Drawing.ni.dll
MOD - [2012/03/12 17:41:24 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\f7bbdea460b86c08496e471d808bd386\System.Configuration.ni.dll
MOD - [2012/03/12 17:41:23 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff7c4aa829c327b186ef85cff3289bdf\System.ni.dll
MOD - [2012/03/12 17:41:18 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\90842cf922c71c82718ba71d5801c30c\mscorlib.ni.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/22 12:29:36 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/15 15:18:32 | 002,610,952 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV:64bit: - [2011/03/15 15:18:22 | 002,266,376 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV:64bit: - [2010/10/28 04:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/16 17:03:57 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/02 20:51:10 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/03/02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2012/01/19 12:41:52 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2011/12/09 16:10:29 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/09/22 16:41:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/09/22 12:29:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/04/15 03:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/03/10 10:47:40 | 001,839,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2011/03/07 12:08:46 | 003,250,416 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/02/18 16:51:50 | 000,428,960 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2011/02/03 19:30:32 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/02/03 19:30:32 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/01/19 23:55:06 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/09/13 11:02:00 | 000,039,408 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2010/07/16 06:48:26 | 000,354,288 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
SRV - [2010/07/16 06:48:04 | 001,099,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/02 19:05:58 | 000,457,200 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfoX64.sys -- (CrystalSysInfo)
DRV:64bit: - [2012/01/04 17:01:54 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/15 16:35:20 | 000,225,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
DRV:64bit: - [2011/03/31 14:44:18 | 000,173,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/03/30 05:05:55 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/08 17:44:34 | 000,482,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2011/03/08 17:44:34 | 000,453,240 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/08 17:44:34 | 000,032,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/07 12:08:46 | 000,054,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2011/01/21 07:36:02 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/12/10 15:48:52 | 000,064,152 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2010/11/20 21:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 21:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 21:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 21:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/26 20:01:00 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2010/10/26 20:01:00 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV:64bit: - [2010/10/26 20:01:00 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2010/10/04 09:40:18 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/08/24 11:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 11:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/07/16 10:12:14 | 000,167,920 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\C2SCSI64.SYS -- (c2scsi64)
DRV:64bit: - [2010/07/01 11:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2010/06/09 17:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3)
DRV:64bit: - [2010/04/07 06:22:04 | 000,138,256 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/09/03 17:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV:64bit: - [2009/06/10 14:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 01:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2009/06/02 01:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2009/06/02 01:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012/02/03 03:00:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/03 03:00:00 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/03 02:00:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120416.001\EX64.SYS -- (NAVEX15)
DRV - [2011/08/03 02:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120416.001\ENG64.SYS -- (NAVENG)
DRV - [2011/03/08 17:44:34 | 000,482,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2011/03/08 17:44:34 | 000,453,240 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2011/03/08 17:44:34 | 000,032,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2010/10/04 09:40:18 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {16bb67e0-6319-4077-be84-f41269e051f3} - C:\Program Files (x86)\Produtools_Manuals\prxtbProd.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 CA 6B 0E FD 1C CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKCU\..\SearchScopes\{63EC1A34-1A52-43DB-AEDA-82A9460427C5}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/05/03 20:12:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/17 22:21:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/27 08:09:37 | 000,000,000 | ---D | M]

[2011/03/31 11:17:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michal\AppData\Roaming\Mozilla\Extensions
[2012/03/18 00:16:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\72q3wy80.default\extensions
[2011/11/13 16:50:53 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\72q3wy80.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012/01/16 14:31:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/21 14:48:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\MICHAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\72Q3WY80.DEFAULT\EXTENSIONS\{27C60876-B5C9-4335-B4F3-52B26782220C}.XPI
() (No name found) -- C:\USERS\MICHAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\72Q3WY80.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/03/17 22:21:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/27 09:26:38 | 000,043,016 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npbasic.dll
[2011/03/31 11:22:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/08 20:06:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/03/31 17:09:30 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2011/11/09 22:57:21 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/12 18:46:47 | 000,000,853 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Produtools Manuals Toolbar) - {16bb67e0-6319-4077-be84-f41269e051f3} - C:\Program Files (x86)\Produtools_Manuals\prxtbProd.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Produtools Manuals Toolbar) - {16bb67e0-6319-4077-be84-f41269e051f3} - C:\Program Files (x86)\Produtools_Manuals\prxtbProd.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKCU..\Run: [Steam] D:\Games\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{742A4427-81C9-4B17-A9DB-591FA35F9D8D}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/18 18:12:52 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Michal\Desktop\OTL.exe
[2012/04/17 23:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2012/04/17 23:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP
[2012/04/16 17:45:22 | 000,000,000 | ---D | C] -- D:\Michal\Documents\Max Payne 2 Savegames
[2012/04/12 22:07:30 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Local\CAPCOM
[2012/04/12 18:35:04 | 000,000,000 | ---D | C] -- C:\Users\Michal\.shsh
[2012/04/09 11:07:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/04/04 20:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung New PC Studio
[2012/04/04 20:00:53 | 000,161,280 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscemdm.sys
[2012/04/04 20:00:53 | 000,127,488 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscebus.sys
[2012/04/04 20:00:53 | 000,018,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscemdfl.sys
[2012/04/04 20:00:53 | 000,015,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscewhnt.sys
[2012/04/04 20:00:53 | 000,015,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscewh.sys
[2012/04/04 20:00:53 | 000,015,360 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscecmnt.sys
[2012/04/04 20:00:53 | 000,015,360 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscecm.sys
[2012/04/04 20:00:06 | 000,025,960 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe
[2012/04/04 20:00:06 | 000,016,448 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys
[2012/04/04 19:59:51 | 000,000,000 | ---D | C] -- D:\Michal\Documents\Samsung
[2012/04/04 19:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012/04/04 19:33:54 | 000,000,000 | ---D | C] -- C:\Users\Michal\Desktop\registry font backups
[2012/04/04 17:43:29 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Local\libimobiledevice
[2012/04/02 19:09:24 | 000,000,000 | ---D | C] -- D:\Michal\Documents\Battlefield 3
[2012/04/02 19:08:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2012/04/02 16:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2012/04/01 23:18:17 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Local\shaw
[2012/04/01 23:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\shaw
[2012/04/01 23:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\Shaw
[2012/04/01 23:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shaw Internet
[2012/04/01 20:57:48 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Local\ElevatedDiagnostics
[2012/04/01 19:43:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/04/01 19:43:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Produtools_Manuals
[2012/03/31 15:31:10 | 000,000,000 | ---D | C] -- D:\Michal\Documents\Remedy
[2012/03/31 12:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remedy Entertainment
[2012/03/26 15:57:53 | 000,000,000 | ---D | C] -- D:\Michal\Documents\WB Games
[2012/03/26 15:37:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Batman Arkham City
[2012/03/25 23:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AzTools
[2012/03/03 14:06:00 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Michal\AppData\Roaming\pcouffin.sys
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/18 18:12:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Michal\Desktop\OTL.exe
[2012/04/18 17:41:54 | 000,005,676 | ---- | M] () -- C:\Users\Michal\AppData\Local\Temp5.html
[2012/04/18 17:41:12 | 000,001,955 | ---- | M] () -- C:\Users\Michal\AppData\Local\Temp1.html
[2012/04/18 17:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/18 08:05:32 | 000,022,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/18 08:05:32 | 000,022,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/18 08:03:58 | 000,783,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/18 08:03:58 | 000,667,436 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/18 08:03:58 | 000,126,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/18 08:02:45 | 000,002,053 | ---- | M] () -- C:\Users\Michal\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung AllShare.lnk
[2012/04/18 07:57:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/18 07:56:53 | 529,932,287 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/17 23:33:07 | 000,000,600 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\winscp.rnd
[2012/04/17 23:27:26 | 000,001,853 | ---- | M] () -- C:\Users\Michal\Desktop\WinSCP.lnk
[2012/04/17 23:00:27 | 000,065,397 | ---- | M] () -- C:\Users\Michal\Desktop\RutherfordScholarship.pdf
[2012/04/16 17:41:53 | 000,000,724 | ---- | M] () -- C:\Users\Public\Desktop\Max Payne 2.lnk
[2012/04/15 20:08:37 | 000,099,328 | ---- | M] () -- C:\Users\Michal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/15 14:45:16 | 000,003,829 | ---- | M] () -- C:\Users\Michal\Desktop\photo-360817.jpg
[2012/04/12 18:46:47 | 000,000,853 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/12 18:46:47 | 000,000,852 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2012/04/12 17:29:45 | 001,291,289 | ---- | M] () -- C:\s6fc.4
[2012/04/12 17:29:45 | 000,698,465 | ---- | M] () -- C:\s6fc.5
[2012/04/12 11:59:06 | 000,032,331 | ---- | M] () -- C:\Users\Michal\Desktop\hitman_blood_money.jpg
[2012/04/09 11:07:12 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/04/05 13:04:35 | 000,418,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/04 20:01:58 | 000,002,170 | ---- | M] () -- C:\Users\Michal\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2012/04/04 20:01:58 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2012/04/04 17:49:00 | 001,290,899 | ---- | M] () -- C:\s3pc.3
[2012/04/04 17:49:00 | 000,698,258 | ---- | M] () -- C:\s3pc.4
[2012/04/02 20:51:10 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/04/02 20:51:02 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/04/02 20:51:02 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/02 20:46:55 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/04/02 16:55:07 | 000,000,779 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012/03/31 12:50:44 | 000,000,711 | ---- | M] () -- C:\Users\Public\Desktop\Alan Wake.lnk
[2012/03/29 16:16:16 | 000,083,139 | ---- | M] () -- C:\Users\Michal\Desktop\Exp .pdf
[2012/03/26 15:37:16 | 000,000,905 | ---- | M] () -- C:\Users\Public\Desktop\Batman Arkham City.lnk
[2012/03/25 23:07:41 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\Blueline.lnk
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/18 17:41:54 | 000,005,676 | ---- | C] () -- C:\Users\Michal\AppData\Local\Temp5.html
[2012/04/18 17:39:59 | 000,001,955 | ---- | C] () -- C:\Users\Michal\AppData\Local\Temp1.html
[2012/04/17 23:33:07 | 000,000,600 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\winscp.rnd
[2012/04/17 23:27:26 | 000,001,853 | ---- | C] () -- C:\Users\Michal\Desktop\WinSCP.lnk
[2012/04/17 23:00:27 | 000,065,397 | ---- | C] () -- C:\Users\Michal\Desktop\RutherfordScholarship.pdf
[2012/04/16 17:41:53 | 000,000,724 | ---- | C] () -- C:\Users\Public\Desktop\Max Payne 2.lnk
[2012/04/15 14:45:15 | 000,003,829 | ---- | C] () -- C:\Users\Michal\Desktop\photo-360817.jpg
[2012/04/12 17:29:45 | 000,698,465 | ---- | C] () -- C:\s6fc.5
[2012/04/12 17:29:44 | 001,291,289 | ---- | C] () -- C:\s6fc.4
[2012/04/12 11:59:05 | 000,032,331 | ---- | C] () -- C:\Users\Michal\Desktop\hitman_blood_money.jpg
[2012/04/09 11:07:12 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/04/04 20:01:58 | 000,002,170 | ---- | C] () -- C:\Users\Michal\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2012/04/04 20:01:58 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2012/04/04 17:49:00 | 000,698,258 | ---- | C] () -- C:\s3pc.4
[2012/04/04 17:48:59 | 001,290,899 | ---- | C] () -- C:\s3pc.3
[2012/04/02 16:55:07 | 000,000,779 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012/04/01 23:17:51 | 000,072,192 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012/04/01 00:23:36 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/31 12:50:44 | 000,000,711 | ---- | C] () -- C:\Users\Public\Desktop\Alan Wake.lnk
[2012/03/29 16:16:16 | 000,083,139 | ---- | C] () -- C:\Users\Michal\Desktop\Exp .pdf
[2012/03/26 15:37:16 | 000,000,905 | ---- | C] () -- C:\Users\Public\Desktop\Batman Arkham City.lnk
[2012/03/25 23:07:41 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\Blueline.lnk
[2012/03/04 17:06:11 | 000,164,352 | -HS- | C] () -- C:\Windows\SysWow64\SCS.dll
[2012/03/04 12:39:22 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/03/04 12:39:22 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/03/03 14:06:00 | 000,099,384 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\inst.exe
[2012/03/03 14:06:00 | 000,007,859 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\pcouffin.cat
[2012/03/03 14:06:00 | 000,001,167 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\pcouffin.inf
[2012/02/26 00:24:24 | 000,000,533 | ---- | C] () -- C:\Windows\Tcsofla.INI
[2012/01/30 01:57:26 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI
[2012/01/14 22:02:31 | 000,008,341 | ---- | C] () -- C:\ProgramData\2be2b9a
[2012/01/14 22:02:31 | 000,008,338 | ---- | C] () -- C:\Users\Michal\AppData\Local\e5061498
[2012/01/14 22:02:31 | 000,008,276 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\91d7245d
[2011/09/22 12:29:58 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/08/29 21:06:38 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2011/08/14 14:02:50 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini
[2011/08/14 14:02:50 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini
[2011/08/14 14:02:23 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011/08/14 13:58:37 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011/08/13 22:48:17 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/08/13 22:48:16 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/08/13 22:42:24 | 000,714,526 | ---- | C] () -- C:\Windows\unins000.exe
[2011/08/13 22:42:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011/08/13 22:42:24 | 000,001,992 | ---- | C] () -- C:\Windows\unins000.dat
[2011/08/10 11:58:30 | 000,001,057 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\vso_ts_preview.xml
[2011/07/30 22:02:19 | 000,282,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/07/30 22:02:18 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/07/30 22:02:18 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/07/15 22:47:26 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\libsndfile-1.dll
[2011/06/09 18:54:38 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/05/09 22:23:28 | 000,202,240 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/05/09 22:20:22 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/04/20 18:28:26 | 000,000,442 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/20 17:58:14 | 000,000,204 | ---- | C] () -- C:\Windows\struct~.ini
[2011/04/20 08:19:45 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/16 15:23:56 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/15 23:09:19 | 000,000,549 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\AutoGK.ini
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/31 18:22:12 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011/03/31 15:26:02 | 000,099,328 | ---- | C] () -- C:\Users\Michal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/31 13:37:53 | 000,768,738 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/31 12:07:21 | 000,000,849 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/03/31 12:07:21 | 000,000,159 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/03/31 12:07:10 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/03/31 11:59:06 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/03/31 11:59:06 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/03/31 11:53:36 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/03/31 11:17:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

========== LOP Check ==========

[2012/03/07 17:45:41 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\8C973
[2011/03/31 18:39:30 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Acclaim Entertainment
[2011/05/12 18:49:20 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Assassin's Creed
[2011/07/26 17:49:18 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Audacity
[2011/11/28 21:13:37 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\avidemux
[2012/01/29 22:33:50 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\BigHugeEngine
[2012/01/30 02:37:07 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Broad Intelligence
[2011/10/29 20:11:28 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\calibre
[2011/09/30 14:55:59 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\com.dansl.QRreader.49F9C73396E2B5C8FD7A794D4AA84ADE24BBC9FB.1
[2011/06/30 17:52:20 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\CUE Tools
[2011/06/30 17:48:09 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\CUERipper
[2011/07/16 21:28:03 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\cYo
[2012/02/16 15:28:32 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\DarknessII
[2012/01/24 14:53:50 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\DarknessIIDemo
[2011/04/16 14:44:01 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\DVDFab
[2011/06/30 17:29:24 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\EAC
[2011/04/20 18:35:41 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Easeware
[2012/04/04 19:03:01 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\foobar2000
[2011/06/16 23:51:38 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\HandBrake
[2011/05/03 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\ImgBurn
[2011/03/31 11:26:17 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Leadertech
[2012/02/08 20:43:01 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\LolClient
[2011/03/31 18:06:15 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\MotioninJoy
[2011/05/26 22:48:05 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\MP3SkypeRecorder
[2012/01/30 02:45:14 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\MP42MKVac3
[2012/01/12 13:29:42 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\NationRed
[2011/08/14 15:28:44 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\OnLive App
[2011/10/23 13:33:17 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Origin
[2012/02/25 22:38:09 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\PgcEdit
[2011/04/20 17:58:15 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\PrettyMay
[2011/03/31 20:46:53 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Publish Providers
[2011/11/24 17:48:10 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\PunkBuster
[2012/04/04 19:59:57 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Samsung
[2011/07/21 14:17:51 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Sony
[2011/09/21 20:55:29 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\SystemRequirementsLab
[2011/05/08 15:35:48 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\TeamViewer
[2011/05/12 18:50:34 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Ubisoft
[2012/04/18 00:37:55 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\uTorrent
[2012/03/03 14:06:00 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Vso
[2012/02/24 20:45:29 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >
  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi. :)

I'm Dakeyras and I am going to try to assist you with your problem. I will treat you like any other OP(original poster) I assist, if in the event the current issues are not malware related by all means continue with your other topic here when I give the all clear if the need...

Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Windows 7 Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Re-scan with OTL:

Please delete all current OTL logs and empty the Recycle Bin...

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#3
Alias50

Alias50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
My PC is performing fine and has been for a good chunk of time. The only problem I have noticed was that blue screen a month back. I just want to check if there's anything else in these logs. I will post the OTL logs in subsequent posts.
  • 0

#4
Alias50

Alias50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
OTL logfile created on: 19/04/2012 10:32:54 PM - Run 5
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Michal\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 4.04 Gb Available Physical Memory | 67.37% Memory free
11.98 Gb Paging File | 9.89 Gb Available in Paging File | 82.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.77 Gb Total Space | 107.63 Gb Free Space | 23.11% Space Free | Partition Type: NTFS
Drive D: | 465.74 Gb Total Space | 129.09 Gb Free Space | 27.72% Space Free | Partition Type: NTFS

Computer Name: MICHAL-PC | User Name: Michal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Michal\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)
SRV:64bit: - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SimpleSlideShowServer) -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.)
SRV - (SamsungAllShareV2.0) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (BOT4Service) -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe ()
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe (Sonic Solutions)
SRV - (RoxMediaDB13) -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe (Sonic Solutions)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfoX64.sys File not found
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (WpsHelper) -- C:\Windows\SysNative\drivers\wpshelper.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (WPS) -- C:\Windows\SysNative\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Teefer2) -- C:\Windows\SysNative\drivers\Teefer2.sys (Symantec Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (sscemdm) -- C:\Windows\SysNative\drivers\sscemdm.sys (MCCI Corporation)
DRV:64bit: - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\SysNative\drivers\sscebus.sys (MCCI Corporation)
DRV:64bit: - (sscemdfl) -- C:\Windows\SysNative\drivers\sscemdfl.sys (MCCI Corporation)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (c2scsi64) -- C:\Windows\SysNative\drivers\C2SCSI64.SYS (Sonic Solutions)
DRV:64bit: - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys ()
DRV:64bit: - (nm3) -- C:\Windows\SysNative\drivers\nm3.sys (Microsoft Corporation)
DRV:64bit: - (DefragFS) -- C:\Windows\SysNative\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (TIEHDUSB) -- C:\Windows\SysNative\drivers\tiehdusb.sys (Texas Instruments)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (BrSerIb) Brother MFC Serial Interface Driver(WDM) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV:64bit: - (BrUsbSIb) Brother MFC Serial USB Driver(WDM) -- C:\Windows\SysNative\drivers\BrUsbSIb.sys (Brother Industries Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SaibVdAd64) -- C:\Windows\SysNative\drivers\SaibVdAd64.sys (Sonic Solutions)
DRV:64bit: - (Sahdad64) -- C:\Windows\SysNative\drivers\Sahdad64.sys (Sonic Solutions)
DRV:64bit: - (Saibad64) -- C:\Windows\SysNative\drivers\Saibad64.sys (Sonic Solutions)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120419.019\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120419.019\ENG64.SYS (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {16bb67e0-6319-4077-be84-f41269e051f3} - C:\Program Files (x86)\Produtools_Manuals\prxtbProd.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-786879198-253778329-1393635891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKU\S-1-5-21-786879198-253778329-1393635891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKU\S-1-5-21-786879198-253778329-1393635891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 CA 6B 0E FD 1C CD 01 [binary data]
IE - HKU\S-1-5-21-786879198-253778329-1393635891-1000\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKU\S-1-5-21-786879198-253778329-1393635891-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-786879198-253778329-1393635891-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKU\S-1-5-21-786879198-253778329-1393635891-1000\..\SearchScopes\{63EC1A34-1A52-43DB-AEDA-82A9460427C5}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-786879198-253778329-1393635891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-786879198-253778329-1393635891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/05/03 20:12:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/17 22:21:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/27 08:09:37 | 000,000,000 | ---D | M]

[2011/03/31 11:17:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michal\AppData\Roaming\Mozilla\Extensions
[2012/03/18 00:16:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\72q3wy80.default\extensions
[2011/11/13 16:50:53 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\72q3wy80.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012/01/16 14:31:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/21 14:48:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\MICHAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\72Q3WY80.DEFAULT\EXTENSIONS\{27C60876-B5C9-4335-B4F3-52B26782220C}.XPI
() (No name found) -- C:\USERS\MICHAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\72Q3WY80.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/03/17 22:21:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/27 09:26:38 | 000,043,016 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npbasic.dll
[2011/03/31 11:22:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/08 20:06:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/03/31 17:09:30 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2011/11/09 22:57:21 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/12 18:46:47 | 000,000,853 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Produtools Manuals Toolbar) - {16bb67e0-6319-4077-be84-f41269e051f3} - C:\Program Files (x86)\Produtools_Manuals\prxtbProd.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Produtools Manuals Toolbar) - {16bb67e0-6319-4077-be84-f41269e051f3} - C:\Program Files (x86)\Produtools_Manuals\prxtbProd.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-786879198-253778329-1393635891-1000..\Run: [Steam] D:\Games\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-786879198-253778329-1393635891-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-786879198-253778329-1393635891-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-786879198-253778329-1393635891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-786879198-253778329-1393635891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-786879198-253778329-1393635891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-786879198-253778329-1393635891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-21-786879198-253778329-1393635891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{742A4427-81C9-4B17-A9DB-591FA35F9D8D}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/19 22:31:39 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Michal\Desktop\OTL.exe
[2012/04/19 17:52:56 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Local\SniperV2 Demo
[2012/04/18 20:11:40 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Local\Rockstar Games
[2012/04/17 23:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2012/04/17 23:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP
[2012/04/16 17:45:22 | 000,000,000 | ---D | C] -- D:\Michal\Documents\Max Payne 2 Savegames
[2012/04/12 22:07:30 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Local\CAPCOM
[2012/04/12 18:35:04 | 000,000,000 | ---D | C] -- C:\Users\Michal\.shsh
[2012/04/09 11:07:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/04/04 20:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung New PC Studio
[2012/04/04 20:00:53 | 000,161,280 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscemdm.sys
[2012/04/04 20:00:53 | 000,127,488 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscebus.sys
[2012/04/04 20:00:53 | 000,018,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscemdfl.sys
[2012/04/04 20:00:53 | 000,015,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscewhnt.sys
[2012/04/04 20:00:53 | 000,015,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscewh.sys
[2012/04/04 20:00:53 | 000,015,360 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscecmnt.sys
[2012/04/04 20:00:53 | 000,015,360 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscecm.sys
[2012/04/04 20:00:06 | 000,025,960 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe
[2012/04/04 20:00:06 | 000,016,448 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys
[2012/04/04 19:59:51 | 000,000,000 | ---D | C] -- D:\Michal\Documents\Samsung
[2012/04/04 19:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012/04/04 19:33:54 | 000,000,000 | ---D | C] -- C:\Users\Michal\Desktop\registry font backups
[2012/04/04 17:43:29 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Local\libimobiledevice
[2012/04/02 19:09:24 | 000,000,000 | ---D | C] -- D:\Michal\Documents\Battlefield 3
[2012/04/02 19:08:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2012/04/02 16:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2012/04/01 23:18:17 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Local\shaw
[2012/04/01 23:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\shaw
[2012/04/01 23:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\Shaw
[2012/04/01 23:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shaw Internet
[2012/04/01 20:57:48 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Local\ElevatedDiagnostics
[2012/04/01 19:43:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/04/01 19:43:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Produtools_Manuals
[2012/04/01 00:23:34 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/31 15:31:10 | 000,000,000 | ---D | C] -- D:\Michal\Documents\Remedy
[2012/03/31 12:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remedy Entertainment
[2012/03/26 15:57:53 | 000,000,000 | ---D | C] -- D:\Michal\Documents\WB Games
[2012/03/26 15:37:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Batman Arkham City
[2012/03/25 23:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AzTools
[2012/03/03 14:06:00 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Michal\AppData\Roaming\pcouffin.sys
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/19 22:31:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Michal\Desktop\OTL.exe
[2012/04/19 21:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/19 17:40:33 | 000,100,352 | ---- | M] () -- C:\Users\Michal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/18 17:41:54 | 000,005,676 | ---- | M] () -- C:\Users\Michal\AppData\Local\Temp5.html
[2012/04/18 17:41:12 | 000,001,955 | ---- | M] () -- C:\Users\Michal\AppData\Local\Temp1.html
[2012/04/18 08:05:32 | 000,022,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/18 08:05:32 | 000,022,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/18 08:03:58 | 000,783,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/18 08:03:58 | 000,667,436 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/18 08:03:58 | 000,126,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/18 08:02:45 | 000,002,053 | ---- | M] () -- C:\Users\Michal\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung AllShare.lnk
[2012/04/18 07:57:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/18 07:56:53 | 529,932,287 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/17 23:33:07 | 000,000,600 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\winscp.rnd
[2012/04/17 23:27:26 | 000,001,853 | ---- | M] () -- C:\Users\Michal\Desktop\WinSCP.lnk
[2012/04/17 23:00:27 | 000,065,397 | ---- | M] () -- C:\Users\Michal\Desktop\RutherfordScholarship.pdf
[2012/04/16 17:41:53 | 000,000,724 | ---- | M] () -- C:\Users\Public\Desktop\Max Payne 2.lnk
[2012/04/16 17:03:57 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/16 17:03:57 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/15 14:45:16 | 000,003,829 | ---- | M] () -- C:\Users\Michal\Desktop\photo-360817.jpg
[2012/04/12 18:46:47 | 000,000,853 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/12 18:46:47 | 000,000,852 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2012/04/12 17:29:45 | 001,291,289 | ---- | M] () -- C:\s6fc.4
[2012/04/12 17:29:45 | 000,698,465 | ---- | M] () -- C:\s6fc.5
[2012/04/12 11:59:06 | 000,032,331 | ---- | M] () -- C:\Users\Michal\Desktop\hitman_blood_money.jpg
[2012/04/09 11:07:12 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/04/05 13:04:35 | 000,418,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/04 20:01:58 | 000,002,170 | ---- | M] () -- C:\Users\Michal\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2012/04/04 20:01:58 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2012/04/04 17:49:00 | 001,290,899 | ---- | M] () -- C:\s3pc.3
[2012/04/04 17:49:00 | 000,698,258 | ---- | M] () -- C:\s3pc.4
[2012/04/02 20:51:10 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/04/02 20:51:02 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/04/02 20:51:02 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/02 20:46:55 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/04/02 16:55:07 | 000,000,779 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012/03/31 12:50:44 | 000,000,711 | ---- | M] () -- C:\Users\Public\Desktop\Alan Wake.lnk
[2012/03/29 16:16:16 | 000,083,139 | ---- | M] () -- C:\Users\Michal\Desktop\Exp .pdf
[2012/03/26 15:37:16 | 000,000,905 | ---- | M] () -- C:\Users\Public\Desktop\Batman Arkham City.lnk
[2012/03/25 23:07:41 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\Blueline.lnk
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/18 17:41:54 | 000,005,676 | ---- | C] () -- C:\Users\Michal\AppData\Local\Temp5.html
[2012/04/18 17:39:59 | 000,001,955 | ---- | C] () -- C:\Users\Michal\AppData\Local\Temp1.html
[2012/04/17 23:33:07 | 000,000,600 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\winscp.rnd
[2012/04/17 23:27:26 | 000,001,853 | ---- | C] () -- C:\Users\Michal\Desktop\WinSCP.lnk
[2012/04/17 23:00:27 | 000,065,397 | ---- | C] () -- C:\Users\Michal\Desktop\RutherfordScholarship.pdf
[2012/04/16 17:41:53 | 000,000,724 | ---- | C] () -- C:\Users\Public\Desktop\Max Payne 2.lnk
[2012/04/15 14:45:15 | 000,003,829 | ---- | C] () -- C:\Users\Michal\Desktop\photo-360817.jpg
[2012/04/12 17:29:45 | 000,698,465 | ---- | C] () -- C:\s6fc.5
[2012/04/12 17:29:44 | 001,291,289 | ---- | C] () -- C:\s6fc.4
[2012/04/12 11:59:05 | 000,032,331 | ---- | C] () -- C:\Users\Michal\Desktop\hitman_blood_money.jpg
[2012/04/09 11:07:12 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/04/04 20:01:58 | 000,002,170 | ---- | C] () -- C:\Users\Michal\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2012/04/04 20:01:58 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2012/04/04 17:49:00 | 000,698,258 | ---- | C] () -- C:\s3pc.4
[2012/04/04 17:48:59 | 001,290,899 | ---- | C] () -- C:\s3pc.3
[2012/04/02 16:55:07 | 000,000,779 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012/04/01 23:17:51 | 000,072,192 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012/04/01 00:23:36 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/31 12:50:44 | 000,000,711 | ---- | C] () -- C:\Users\Public\Desktop\Alan Wake.lnk
[2012/03/29 16:16:16 | 000,083,139 | ---- | C] () -- C:\Users\Michal\Desktop\Exp .pdf
[2012/03/26 15:37:16 | 000,000,905 | ---- | C] () -- C:\Users\Public\Desktop\Batman Arkham City.lnk
[2012/03/25 23:07:41 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\Blueline.lnk
[2012/03/04 17:06:11 | 000,164,352 | -HS- | C] () -- C:\Windows\SysWow64\SCS.dll
[2012/03/04 12:39:22 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/03/04 12:39:22 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/03/03 14:06:00 | 000,099,384 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\inst.exe
[2012/03/03 14:06:00 | 000,007,859 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\pcouffin.cat
[2012/03/03 14:06:00 | 000,001,167 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\pcouffin.inf
[2012/02/26 00:24:24 | 000,000,533 | ---- | C] () -- C:\Windows\Tcsofla.INI
[2012/01/30 01:57:26 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI
[2012/01/14 22:02:31 | 000,008,341 | ---- | C] () -- C:\ProgramData\2be2b9a
[2012/01/14 22:02:31 | 000,008,338 | ---- | C] () -- C:\Users\Michal\AppData\Local\e5061498
[2012/01/14 22:02:31 | 000,008,276 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\91d7245d
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/22 12:29:58 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/08/29 21:06:38 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2011/08/14 14:02:50 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini
[2011/08/14 14:02:50 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini
[2011/08/14 14:02:23 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011/08/14 13:58:37 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011/08/13 22:48:17 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/08/13 22:48:16 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/08/13 22:42:24 | 000,714,526 | ---- | C] () -- C:\Windows\unins000.exe
[2011/08/13 22:42:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011/08/13 22:42:24 | 000,001,992 | ---- | C] () -- C:\Windows\unins000.dat
[2011/08/10 11:58:30 | 000,001,057 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\vso_ts_preview.xml
[2011/07/30 22:02:19 | 000,282,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/07/30 22:02:18 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/07/30 22:02:18 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/07/15 22:47:26 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\libsndfile-1.dll
[2011/06/09 18:54:38 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/05/09 22:23:28 | 000,202,240 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/05/09 22:20:22 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/04/20 18:28:26 | 000,000,442 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/20 17:58:14 | 000,000,204 | ---- | C] () -- C:\Windows\struct~.ini
[2011/04/20 08:19:45 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/16 15:23:56 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/15 23:09:19 | 000,000,549 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\AutoGK.ini
[2011/03/31 18:22:12 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011/03/31 15:26:02 | 000,100,352 | ---- | C] () -- C:\Users\Michal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/31 13:37:53 | 000,768,738 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/31 12:07:21 | 000,000,849 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/03/31 12:07:21 | 000,000,159 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/03/31 12:07:10 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/03/31 11:59:06 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/03/31 11:59:06 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/03/31 11:53:36 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/03/31 11:17:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >
  • 0

#5
Alias50

Alias50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
OTL Extras logfile created on: 19/04/2012 10:32:54 PM - Run 5
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Michal\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 4.04 Gb Available Physical Memory | 67.37% Memory free
11.98 Gb Paging File | 9.89 Gb Available in Paging File | 82.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.77 Gb Total Space | 107.63 Gb Free Space | 23.11% Space Free | Partition Type: NTFS
Drive D: | 465.74 Gb Total Space | 129.09 Gb Free Space | 27.72% Space Free | Partition Type: NTFS

Computer Name: MICHAL-PC | User Name: Michal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-786879198-253778329-1393635891-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26624215-248C-4F88-A415-35301812FB75}" = Symantec Endpoint Protection
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.38
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B7607FC8-72AD-486D-B6B7-A402D5876309}" = PerfectDisk 11 Professional
"{C616FD4F-11F5-11E0-A38F-0013D3D69929}" = Vegas Pro 10.0 (64-bit)
"{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"ComicRack" = ComicRack v0.9.142
"DVDFab 8 Retail_is1" = DVDFab 8.0.8.3 (17/03/2011)
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.1.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"sp6" = Logitech SetPoint 6.20
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A02D347-5E53-48A5-BC49-1469393103FA}" = Brother MFL-Pro Suite MFC-495CW
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{1759FA61-153B-436D-A663-E7C50D80D2D8}_is1" = Batman Arkham City
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{24F24016-1D43-493E-9553-EDA202B1658D}" = MP3 Skype Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2D0B560E-493A-47EE-9132-6A47A44A437F}" = DARK VOID
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}" = Roxio Creator 2011 Pro
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{519ACA84-2F7E-4482-8201-B0DCB6C8B3A5}" = Taksi Desktop Video Recorder v0.779
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{54844EBA-2C48-4655-A148-6D4BCCA23A6D}" = AttachmentOptions
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729B89D0-946A-407E-A121-343BD3320C40}" = Roxio BackOnTrack
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77B5AD60-8F14-11D4-9BC9-0050041A1090}" = American McGee's Alice™
"{77CDA026-3860-4C95-8233-34F3CEF121FB}" = Roxio Creator 2011 Pro
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A62C8DA-2DB7-4D94-B5BA-1D38FC36E830}" = Manhunt
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E8E1C64-85FA-4327-8D4B-11FC2BB5BDF6}" = calibre
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A7-0409-0000-0000000FF1CE}" = Calendar Printing Assistant for Microsoft Office Outlook 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{908B5359-244E-4E09-AA9F-DBF240679B46}" = VOB2MPG v3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9312191B-30A5-44E1-8D8D-6936FE06CDE8}" = Wanted: Weapons of Fate
"{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn - Secure
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5F1282-D6F8-4F04-B73E-D9286924E9AC}" = Roxio Creator 2011 Pro
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F717571-FEE8-45CD-8B03-5B2D06AD28F7}" = Roxio Creator 2011 Content
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A8DBF55D-73C0-4E37-A10E-365BFBB14119}" = Battlefield 2
"{A9024A22-FB0E-4DDC-AB93-44D686F7F491}" = Roxio CinePlayer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{BD3EAE4D-862D-4D41-8BB5-F5C2CFFE6022}" = Roxio BackOnTrackPE
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C920EFB6-59DB-472D-B445-21821477AD17}" = True Crime® New York City
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}" = The Matrix - Path of Neo
"{EE3E60BC-F29F-4E7B-A110-B538387D34DA}" = No One Lives Forever - Game of the Year Edition
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.25)
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEC173D3-683C-4C09-9167-7D2D573A3A9C}" = Alias
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFAC39DA-CF79-434B-A6E0-4055689667D9}" = Roxio CinePlayer Decoder Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advent Rising_is1" = Advent Rising
"Alan Wake.v 1.00.16.3209 + 2 DLC_is1" = Alan Wake.v 1.00.16.3209 + 2 DLC
"Alan Wake_is1" = Alan Wake
"Assassin's Creed_is1" = Assassin's Creed
"Auction Client" = Auction Client
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Avidemux 2.5 (64-bit)" = Avidemux 2.5
"AviSynth" = AviSynth 2.5
"AviSynth2" = AviSynth 2 (remove only)
"Battlelog Web Plugins" = Battlelog Web Plugins
"Blueline_is1" = Blueline 1.1.1
"Chaser_is1" = Chaser
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Deep Black : Reloaded_is1" = Deep Black : Reloaded
"Deus Ex Human Revolution - The Missing Link_is1" = Deus Ex Human Revolution - The Missing Link
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVDFab 8_is1" = DVDFab 8.0.7.3 (29/01/2011)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"Exact Audio Copy" = Exact Audio Copy 1.0beta2
"Fass" = Pawsoft Fass
"FileASSASSIN" = FileASSASSIN
"foobar2000" = foobar2000 v1.1.7
"Fraps" = Fraps (remove only)
"GameSpy Arcade" = GameSpy Arcade
"HandBrake" = HandBrake 0.9.5
"ImgBurn" = ImgBurn
"In Cold Blood_is1" = In Cold Blood
"InstallShield_{91C514E8-C92E-48E4-BDEE-DE3407837194}" = Wolfenstein™ 1.2 Patch
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"JDownloader" = JDownloader
"Just Cause 2_is1" = Just Cause 2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.6.0
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Mp42Mkvac3_is1" = Mp42Mkvac3 v1.5
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oni" = Oni
"OpenAL" = OpenAL
"Origin" = Origin
"Outcast_is1" = Outcast
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"Produtools_Manuals Toolbar" = Produtools Manuals Toolbar
"PunkBusterSvc" = PunkBuster Services
"RADVideo" = RAD Video Tools
"Roxio PhotoShow" = Roxio PhotoShow
"Saints Row The Third_is1" = Saints Row The Third
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 16450" = F.E.A.R. 2: Project Origin
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 2810" = X3: Reunion
"Steam App 2840" = X: Beyond the Frontier
"Steam App 34010" = Alpha Protocol
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 98200" = Frozen Synapse
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SystemRequirementsLab" = System Requirements Lab
"T4 Internet - T4 par Internet 10.0" = T4 Internet - T4 par Internet 10.0
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"VobSub" = VobSub v2.23 (Remove Only)
"WBFS Manager 3.0" = WBFS Manager 3.0
"Windows Grep_is1" = Windows Grep 2.3
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.7
"XIII_is1" = XIII

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-786879198-253778329-1393635891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced PDF Password Recovery" = Advanced PDF Password Recovery
"f58f3889281ea80b" = ContainerEx Decrypter
"InstallShield_{FEC173D3-683C-4C09-9167-7D2D573A3A9C}" = Alias

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-786879198-253778329-1393635891-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#6
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

My PC is performing fine and has been for a good chunk of time. The only problem I have noticed was that blue screen a month back. I just want to check if there's anything else in these logs.

OK/good and thanks for the update.

It appears you may be using a custom Host File, can you confirm for myself if this is the case or not? If the latter not a problem as we can reset this to default during a planned custom OTL script later on.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Peer to Peer Advice:

I see you have µTorrent installed...It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze.

Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop". It's also very important to avoid any "cracks" or "Keygens" that allow unauthorized use of programs. Besides being illegal, these files also are loaded with "planted" malware.

My advice would be to uninstall the aforementioned µTorrent. If however you opt not to please refrain from using it during the course of the Malware Removal process, thank you.

PunkBuster Advice:

There are some issues with infections in relation to PunkBuster...

Your computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.

My advice would be to download the removal tool from here. Use this to uninstall PunkBuster Services. Then when I give the all clear use it again to reinstall PunkBuster Services if you so wish.

Next:

Out of date Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update this is due course.

Now please go to Start(Windows 7 Orb) >> Control Panel >> Programs and Features and remove the following (if present):

Java™ 6 Update 24
Java™ 6 Update 24 (64-bit)

Produtools Manuals Toolbar <-- Such conduit based toolbars have undesirable characteristics that can be deemed spyware.

Next:

Let myself know when read/completed the above. Answer my Host File query and we will go from there, thank you.
  • 0

#7
Alias50

Alias50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts

It appears you may be using a custom Host File, can you confirm for myself if this is the case or not? If the latter not a problem as we can reset this to default during a planned custom OTL script later on.


Hmm. I do remember modifying my hosts file when I got this machine, but looking through it now there doesn't appear to be any custom lines in there, or anything at all for that matter, except for the examples in the comments. We can restore it if necessary. As far as that goes, would you recommend using a custom hosts file to redirect from suspicious websites? If so, which one?

I have backed up my registry using ERUNT and uninstalled PunkBuster. I have chosen not to uninstall utorrent at this time, as many legitimate files such as live cds have a P2P download option, which I often find faster than downloading from a server.

I have uninstalled the requested files. Someone else must have installed that toolbar. I hate toolbars.
  • 0

#8
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

would you recommend using a custom hosts file to redirect from suspicious websites? If so, which one?

I will do so when I give the all clear.

I have chosen not to uninstall utorrent at this time, as many legitimate files such as live cds have a P2P download option, which I often find faster than downloading from a server.

Fair play, just do not use it at all for the time being as I mentioned please.

Giving the nature of the particular infection your machine was infected with I feel it would be prudent to download/run two specific applications before anything further proactive as follows. Also if you still have the last MBAM log you posted in the other topic available I would like to review that also. If not, no problem.

Scan with aswMBR:

Please download aswMBR.exe to your desktop.

  • Right-click on aswMBR.exe and select Run as Administrator to run it
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
  • Now click on the Scan button to start scan
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
Note: There will also be a file on your desktop named MBR.dat(or similar) do not delete this for now it is a actual backup of the MBR(master boot record).

Scan with TDSSKiller:

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.

  • Right-click on TDSSKiller.exe and select Run as Administrator to run it
  • When the window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signitures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C:
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!
  • 0

#9
Alias50

Alias50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-21 11:58:28
-----------------------------
11:58:28.810 OS Version: Windows x64 6.1.7601 Service Pack 1
11:58:28.810 Number of processors: 8 586 0x1A05
11:58:28.811 ComputerName: MICHAL-PC UserName: Michal
11:58:29.398 Initialize success
11:58:39.727 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:58:39.728 Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
11:58:39.750 Disk 0 MBR read successfully
11:58:39.750 Disk 0 MBR scan
11:58:39.752 Disk 0 Windows 7 default MBR code
11:58:39.753 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476953 MB offset 63
11:58:39.755 Disk 0 Partition - 00 0F Extended LBA 476913 MB offset 976800195
11:58:39.777 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476913 MB offset 976800258
11:58:39.799 Disk 0 scanning C:\Windows\system32\drivers
11:58:46.006 Service scanning
11:58:56.605 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
11:58:58.150 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
11:58:58.174 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
11:58:58.828 Modules scanning
11:58:58.833 Disk 0 trace - called modules:
11:58:58.845 ntoskrnl.exe CLASSPNP.SYS disk.sys Sahdad64.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
11:58:58.848 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006b6e790]
11:58:58.851 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8006a64a20]
11:58:58.855 5 Sahdad64.sys[fffff8800197ce25] -> nt!IofCallDriver -> [0xfffffa8006927e40]
11:58:58.858 7 ACPI.sys[fffff88000f987a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006935060]
11:58:58.862 Scan finished successfully
11:59:09.046 Disk 0 MBR has been saved successfully to "C:\Users\Michal\Desktop\MBR.dat"
11:59:09.050 The log file has been saved successfully to "C:\Users\Michal\Desktop\aswMBR.txt"







TDSS Killer log

12:01:14.0289 3680 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
12:01:14.0780 3680 ============================================================
12:01:14.0780 3680 Current date / time: 2012/04/21 12:01:14.0780
12:01:14.0780 3680 SystemInfo:
12:01:14.0780 3680
12:01:14.0780 3680 OS Version: 6.1.7601 ServicePack: 1.0
12:01:14.0780 3680 Product type: Workstation
12:01:14.0780 3680 ComputerName: MICHAL-PC
12:01:14.0780 3680 UserName: Michal
12:01:14.0780 3680 Windows directory: C:\Windows
12:01:14.0780 3680 System windows directory: C:\Windows
12:01:14.0780 3680 Running under WOW64
12:01:14.0780 3680 Processor architecture: Intel x64
12:01:14.0780 3680 Number of processors: 8
12:01:14.0780 3680 Page size: 0x1000
12:01:14.0780 3680 Boot type: Normal boot
12:01:14.0780 3680 ============================================================
12:01:15.0897 3680 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:01:15.0964 3680 \Device\Harddisk0\DR0:
12:01:15.0965 3680 MBR partitions:
12:01:15.0965 3680 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A38C984
12:01:15.0984 3680 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A38CA02, BlocksNum 0x3A378FBF
12:01:16.0026 3680 C: <-> \Device\Harddisk0\DR0\Partition0
12:01:16.0052 3680 D: <-> \Device\Harddisk0\DR0\Partition1
12:01:16.0052 3680 Initialize success
12:01:16.0052 3680 ============================================================
12:01:34.0934 3336 ============================================================
12:01:34.0934 3336 Scan started
12:01:34.0934 3336 Mode: Manual; SigCheck; TDLFS;
12:01:34.0934 3336 ============================================================
12:01:35.0238 3336 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
12:01:35.0271 3336 1394ohci - ok
12:01:35.0358 3336 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 (a15069eec83ebc54150564b2585cfdba) C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
12:01:35.0402 3336 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 - ok
12:01:35.0429 3336 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:01:35.0439 3336 ACPI - ok
12:01:35.0458 3336 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:01:35.0494 3336 AcpiPmi - ok
12:01:35.0590 3336 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:01:35.0598 3336 AdobeFlashPlayerUpdateSvc - ok
12:01:35.0641 3336 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:01:35.0654 3336 adp94xx - ok
12:01:35.0666 3336 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:01:35.0676 3336 adpahci - ok
12:01:35.0702 3336 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:01:35.0709 3336 adpu320 - ok
12:01:35.0729 3336 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:01:35.0763 3336 AeLookupSvc - ok
12:01:35.0787 3336 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:01:35.0808 3336 AFD - ok
12:01:35.0815 3336 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:01:35.0822 3336 agp440 - ok
12:01:35.0832 3336 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:01:35.0848 3336 ALG - ok
12:01:35.0872 3336 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:01:35.0877 3336 aliide - ok
12:01:35.0888 3336 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:01:35.0894 3336 amdide - ok
12:01:35.0944 3336 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:01:35.0969 3336 AmdK8 - ok
12:01:35.0999 3336 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
12:01:36.0024 3336 AmdPPM - ok
12:01:36.0055 3336 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:01:36.0062 3336 amdsata - ok
12:01:36.0083 3336 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:01:36.0092 3336 amdsbs - ok
12:01:36.0111 3336 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:01:36.0118 3336 amdxata - ok
12:01:36.0135 3336 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:01:36.0176 3336 AppID - ok
12:01:36.0233 3336 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:01:36.0281 3336 AppIDSvc - ok
12:01:36.0291 3336 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:01:36.0325 3336 Appinfo - ok
12:01:36.0415 3336 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:01:36.0419 3336 Apple Mobile Device - ok
12:01:36.0450 3336 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
12:01:36.0459 3336 AppMgmt - ok
12:01:36.0478 3336 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:01:36.0485 3336 arc - ok
12:01:36.0537 3336 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:01:36.0543 3336 arcsas - ok
12:01:36.0619 3336 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:01:36.0640 3336 aspnet_state - ok
12:01:36.0655 3336 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:01:36.0689 3336 AsyncMac - ok
12:01:36.0703 3336 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:01:36.0708 3336 atapi - ok
12:01:36.0756 3336 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:01:36.0792 3336 AudioEndpointBuilder - ok
12:01:36.0800 3336 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:01:36.0828 3336 AudioSrv - ok
12:01:36.0843 3336 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:01:36.0868 3336 AxInstSV - ok
12:01:36.0896 3336 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:01:36.0910 3336 b06bdrv - ok
12:01:36.0946 3336 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:01:36.0968 3336 b57nd60a - ok
12:01:37.0002 3336 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:01:37.0024 3336 BDESVC - ok
12:01:37.0036 3336 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:01:37.0060 3336 Beep - ok
12:01:37.0090 3336 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
12:01:37.0139 3336 BITS - ok
12:01:37.0159 3336 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:01:37.0170 3336 blbdrive - ok
12:01:37.0222 3336 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:01:37.0231 3336 Bonjour Service - ok
12:01:37.0305 3336 BOT4Service (2309601e5d37e0304f8bcfb57190756e) C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
12:01:37.0318 3336 BOT4Service - ok
12:01:37.0345 3336 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:01:37.0353 3336 bowser - ok
12:01:37.0375 3336 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:01:37.0385 3336 BrFiltLo - ok
12:01:37.0396 3336 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:01:37.0405 3336 BrFiltUp - ok
12:01:37.0447 3336 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:01:37.0485 3336 Browser - ok
12:01:37.0529 3336 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\Windows\system32\DRIVERS\BrSerIb.sys
12:01:37.0541 3336 BrSerIb - ok
12:01:37.0570 3336 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:01:37.0581 3336 Brserid - ok
12:01:37.0592 3336 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:01:37.0620 3336 BrSerWdm - ok
12:01:37.0639 3336 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:01:37.0668 3336 BrUsbMdm - ok
12:01:37.0688 3336 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:01:37.0696 3336 BrUsbSer - ok
12:01:37.0718 3336 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
12:01:37.0726 3336 BrUsbSIb - ok
12:01:37.0744 3336 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:01:37.0771 3336 BTHMODEM - ok
12:01:37.0810 3336 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:01:37.0852 3336 bthserv - ok
12:01:37.0898 3336 c2scsi64 (59626ab5920f316bdbfdc8b47521a882) C:\Windows\system32\DRIVERS\c2scsi64.sys
12:01:37.0903 3336 c2scsi64 - ok
12:01:37.0985 3336 ccEvtMgr (399a7df138d2110a3eb9bd64d6327f62) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
12:01:37.0990 3336 ccEvtMgr - ok
12:01:37.0993 3336 ccSetMgr (399a7df138d2110a3eb9bd64d6327f62) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
12:01:37.0997 3336 ccSetMgr - ok
12:01:38.0016 3336 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:01:38.0041 3336 cdfs - ok
12:01:38.0048 3336 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:01:38.0071 3336 cdrom - ok
12:01:38.0092 3336 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:01:38.0127 3336 CertPropSvc - ok
12:01:38.0157 3336 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:01:38.0166 3336 circlass - ok
12:01:38.0188 3336 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:01:38.0199 3336 CLFS - ok
12:01:38.0232 3336 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:01:38.0260 3336 clr_optimization_v2.0.50727_32 - ok
12:01:38.0316 3336 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:01:38.0328 3336 clr_optimization_v2.0.50727_64 - ok
12:01:38.0384 3336 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:01:38.0390 3336 clr_optimization_v4.0.30319_32 - ok
12:01:38.0416 3336 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:01:38.0422 3336 clr_optimization_v4.0.30319_64 - ok
12:01:38.0440 3336 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
12:01:38.0452 3336 CmBatt - ok
12:01:38.0496 3336 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:01:38.0501 3336 cmdide - ok
12:01:38.0539 3336 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:01:38.0554 3336 CNG - ok
12:01:38.0574 3336 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
12:01:38.0581 3336 Compbatt - ok
12:01:38.0601 3336 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:01:38.0612 3336 CompositeBus - ok
12:01:38.0637 3336 COMSysApp - ok
12:01:38.0672 3336 cpuz135 - ok
12:01:38.0695 3336 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:01:38.0701 3336 crcdisk - ok
12:01:38.0735 3336 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:01:38.0765 3336 CryptSvc - ok
12:01:38.0787 3336 CrystalSysInfo - ok
12:01:38.0821 3336 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:01:38.0844 3336 CSC - ok
12:01:38.0866 3336 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
12:01:38.0891 3336 CscService - ok
12:01:38.0912 3336 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:01:38.0945 3336 DcomLaunch - ok
12:01:38.0961 3336 DefragFS (cec7f24e28b40829c0fd2d523e72b5d3) C:\Windows\system32\drivers\DefragFS.sys
12:01:38.0966 3336 DefragFS - ok
12:01:38.0989 3336 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:01:39.0021 3336 defragsvc - ok
12:01:39.0039 3336 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:01:39.0067 3336 DfsC - ok
12:01:39.0083 3336 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:01:39.0119 3336 Dhcp - ok
12:01:39.0132 3336 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:01:39.0157 3336 discache - ok
12:01:39.0197 3336 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:01:39.0204 3336 Disk - ok
12:01:39.0239 3336 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
12:01:39.0252 3336 dmvsc - ok
12:01:39.0277 3336 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:01:39.0290 3336 Dnscache - ok
12:01:39.0316 3336 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:01:39.0341 3336 dot3svc - ok
12:01:39.0367 3336 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:01:39.0399 3336 DPS - ok
12:01:39.0424 3336 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:01:39.0450 3336 drmkaud - ok
12:01:39.0469 3336 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:01:39.0486 3336 DXGKrnl - ok
12:01:39.0505 3336 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:01:39.0531 3336 EapHost - ok
12:01:39.0598 3336 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:01:39.0659 3336 ebdrv - ok
12:01:39.0765 3336 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:01:39.0773 3336 eeCtrl - ok
12:01:39.0805 3336 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:01:39.0824 3336 EFS - ok
12:01:39.0863 3336 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:01:39.0876 3336 ehRecvr - ok
12:01:39.0898 3336 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:01:39.0906 3336 ehSched - ok
12:01:39.0931 3336 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:01:39.0945 3336 elxstor - ok
12:01:39.0974 3336 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:01:39.0979 3336 EraserUtilRebootDrv - ok
12:01:39.0995 3336 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:01:40.0020 3336 ErrDev - ok
12:01:40.0069 3336 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:01:40.0099 3336 EventSystem - ok
12:01:40.0107 3336 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:01:40.0132 3336 exfat - ok
12:01:40.0158 3336 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:01:40.0183 3336 fastfat - ok
12:01:40.0203 3336 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:01:40.0225 3336 Fax - ok
12:01:40.0250 3336 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
12:01:40.0272 3336 fdc - ok
12:01:40.0293 3336 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:01:40.0326 3336 fdPHost - ok
12:01:40.0339 3336 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:01:40.0364 3336 FDResPub - ok
12:01:40.0380 3336 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:01:40.0387 3336 FileInfo - ok
12:01:40.0409 3336 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:01:40.0433 3336 Filetrace - ok
12:01:40.0469 3336 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
12:01:40.0477 3336 flpydisk - ok
12:01:40.0514 3336 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:01:40.0523 3336 FltMgr - ok
12:01:40.0555 3336 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:01:40.0575 3336 FontCache - ok
12:01:40.0607 3336 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:01:40.0617 3336 FontCache3.0.0.0 - ok
12:01:40.0623 3336 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:01:40.0629 3336 FsDepends - ok
12:01:40.0668 3336 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:01:40.0674 3336 Fs_Rec - ok
12:01:40.0711 3336 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:01:40.0722 3336 fvevol - ok
12:01:40.0732 3336 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:01:40.0739 3336 gagp30kx - ok
12:01:40.0791 3336 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:01:40.0794 3336 GEARAspiWDM - ok
12:01:40.0821 3336 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:01:40.0852 3336 gpsvc - ok
12:01:40.0904 3336 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
12:01:40.0908 3336 hamachi - ok
12:01:40.0940 3336 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:01:40.0960 3336 hcw85cir - ok
12:01:40.0986 3336 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:01:41.0004 3336 HdAudAddService - ok
12:01:41.0017 3336 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:01:41.0037 3336 HDAudBus - ok
12:01:41.0057 3336 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:01:41.0083 3336 HidBatt - ok
12:01:41.0098 3336 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:01:41.0119 3336 HidBth - ok
12:01:41.0125 3336 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:01:41.0135 3336 HidIr - ok
12:01:41.0178 3336 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
12:01:41.0211 3336 hidserv - ok
12:01:41.0221 3336 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:01:41.0229 3336 HidUsb - ok
12:01:41.0259 3336 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:01:41.0299 3336 hkmsvc - ok
12:01:41.0328 3336 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:01:41.0343 3336 HomeGroupListener - ok
12:01:41.0374 3336 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:01:41.0383 3336 HomeGroupProvider - ok
12:01:41.0405 3336 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:01:41.0412 3336 HpSAMD - ok
12:01:41.0445 3336 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:01:41.0479 3336 HTTP - ok
12:01:41.0517 3336 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:01:41.0523 3336 hwpolicy - ok
12:01:41.0540 3336 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:01:41.0547 3336 i8042prt - ok
12:01:41.0605 3336 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:01:41.0616 3336 iaStorV - ok
12:01:41.0654 3336 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:01:41.0673 3336 idsvc - ok
12:01:41.0710 3336 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:01:41.0717 3336 iirsp - ok
12:01:41.0761 3336 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:01:41.0806 3336 IKEEXT - ok
12:01:41.0881 3336 IntcAzAudAddService (9297bc7fb61f58670ee176dd18f4dd92) C:\Windows\system32\drivers\RTKVHD64.sys
12:01:41.0913 3336 IntcAzAudAddService - ok
12:01:41.0919 3336 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:01:41.0925 3336 intelide - ok
12:01:41.0940 3336 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:01:41.0966 3336 intelppm - ok
12:01:42.0011 3336 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:01:42.0052 3336 IPBusEnum - ok
12:01:42.0069 3336 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:01:42.0092 3336 IpFilterDriver - ok
12:01:42.0118 3336 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:01:42.0145 3336 IPMIDRV - ok
12:01:42.0164 3336 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:01:42.0204 3336 IPNAT - ok
12:01:42.0255 3336 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
12:01:42.0269 3336 iPod Service - ok
12:01:42.0293 3336 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:01:42.0304 3336 IRENUM - ok
12:01:42.0331 3336 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:01:42.0336 3336 isapnp - ok
12:01:42.0366 3336 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:01:42.0375 3336 iScsiPrt - ok
12:01:42.0397 3336 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:01:42.0403 3336 kbdclass - ok
12:01:42.0426 3336 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:01:42.0438 3336 kbdhid - ok
12:01:42.0478 3336 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:01:42.0486 3336 KeyIso - ok
12:01:42.0510 3336 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:01:42.0517 3336 KSecDD - ok
12:01:42.0530 3336 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:01:42.0538 3336 KSecPkg - ok
12:01:42.0554 3336 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:01:42.0598 3336 ksthunk - ok
12:01:42.0637 3336 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:01:42.0691 3336 KtmRm - ok
12:01:42.0718 3336 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
12:01:42.0748 3336 LanmanServer - ok
12:01:42.0770 3336 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:01:42.0803 3336 LanmanWorkstation - ok
12:01:42.0886 3336 LBTServ (4adc135f525d38a498f83b089228cc2d) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:01:42.0899 3336 LBTServ - ok
12:01:42.0922 3336 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:01:42.0926 3336 LHidFilt - ok
12:01:43.0012 3336 LiveUpdate (f3fe36dde7f59b7d4f9581c920670198) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
12:01:43.0047 3336 LiveUpdate - ok
12:01:43.0075 3336 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:01:43.0106 3336 lltdio - ok
12:01:43.0129 3336 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:01:43.0162 3336 lltdsvc - ok
12:01:43.0203 3336 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:01:43.0227 3336 lmhosts - ok
12:01:43.0262 3336 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:01:43.0267 3336 LMouFilt - ok
12:01:43.0303 3336 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:01:43.0310 3336 LSI_FC - ok
12:01:43.0317 3336 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:01:43.0324 3336 LSI_SAS - ok
12:01:43.0338 3336 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:01:43.0345 3336 LSI_SAS2 - ok
12:01:43.0352 3336 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:01:43.0359 3336 LSI_SCSI - ok
12:01:43.0404 3336 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:01:43.0433 3336 luafv - ok
12:01:43.0467 3336 MBAMProtector (3d3c4b63f11f63f50253e734f0ace9f2) C:\Windows\system32\drivers\mbam.sys
12:01:43.0471 3336 MBAMProtector - ok
12:01:43.0535 3336 MBAMService (246af5a08b0339231bdd7437ab6ff6b8) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:01:43.0554 3336 MBAMService - ok
12:01:43.0582 3336 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:01:43.0595 3336 Mcx2Svc - ok
12:01:43.0707 3336 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
12:01:43.0724 3336 MDM ( UnsignedFile.Multi.Generic ) - warning
12:01:43.0725 3336 MDM - detected UnsignedFile.Multi.Generic (1)
12:01:43.0746 3336 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:01:43.0751 3336 megasas - ok
12:01:43.0772 3336 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:01:43.0782 3336 MegaSR - ok
12:01:43.0803 3336 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:01:43.0839 3336 MMCSS - ok
12:01:43.0858 3336 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:01:43.0901 3336 Modem - ok
12:01:43.0914 3336 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:01:43.0945 3336 monitor - ok
12:01:43.0982 3336 MotioninJoyXFilter (fc44ad48746ffa5fd640ef1260ab5ec2) C:\Windows\system32\DRIVERS\MijXfilt.sys
12:01:43.0988 3336 MotioninJoyXFilter - ok
12:01:44.0013 3336 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:01:44.0020 3336 mouclass - ok
12:01:44.0030 3336 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:01:44.0041 3336 mouhid - ok
12:01:44.0079 3336 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:01:44.0085 3336 mountmgr - ok
12:01:44.0093 3336 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:01:44.0101 3336 mpio - ok
12:01:44.0137 3336 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:01:44.0162 3336 mpsdrv - ok
12:01:44.0178 3336 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:01:44.0197 3336 MRxDAV - ok
12:01:44.0245 3336 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:01:44.0253 3336 mrxsmb - ok
12:01:44.0262 3336 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:01:44.0272 3336 mrxsmb10 - ok
12:01:44.0279 3336 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:01:44.0288 3336 mrxsmb20 - ok
12:01:44.0321 3336 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:01:44.0328 3336 msahci - ok
12:01:44.0342 3336 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:01:44.0349 3336 msdsm - ok
12:01:44.0376 3336 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:01:44.0391 3336 MSDTC - ok
12:01:44.0411 3336 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:01:44.0435 3336 Msfs - ok
12:01:44.0467 3336 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:01:44.0492 3336 mshidkmdf - ok
12:01:44.0498 3336 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:01:44.0504 3336 msisadrv - ok
12:01:44.0544 3336 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:01:44.0589 3336 MSiSCSI - ok
12:01:44.0595 3336 msiserver - ok
12:01:44.0602 3336 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:01:44.0634 3336 MSKSSRV - ok
12:01:44.0649 3336 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:01:44.0683 3336 MSPCLOCK - ok
12:01:44.0698 3336 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:01:44.0729 3336 MSPQM - ok
12:01:44.0751 3336 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:01:44.0761 3336 MsRPC - ok
12:01:44.0776 3336 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:01:44.0783 3336 mssmbios - ok
12:01:44.0835 3336 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:01:44.0875 3336 MSTEE - ok
12:01:44.0912 3336 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:01:44.0919 3336 MTConfig - ok
12:01:44.0959 3336 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:01:44.0966 3336 Mup - ok
12:01:45.0023 3336 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:01:45.0055 3336 napagent - ok
12:01:45.0083 3336 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:01:45.0115 3336 NativeWifiP - ok
12:01:45.0222 3336 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120420.019\ENG64.SYS
12:01:45.0227 3336 NAVENG - ok
12:01:45.0262 3336 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120420.019\EX64.SYS
12:01:45.0287 3336 NAVEX15 - ok
12:01:45.0320 3336 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:01:45.0337 3336 NDIS - ok
12:01:45.0359 3336 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:01:45.0383 3336 NdisCap - ok
12:01:45.0407 3336 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:01:45.0430 3336 NdisTapi - ok
12:01:45.0438 3336 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:01:45.0461 3336 Ndisuio - ok
12:01:45.0478 3336 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:01:45.0512 3336 NdisWan - ok
12:01:45.0518 3336 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:01:45.0541 3336 NDProxy - ok
12:01:45.0565 3336 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:01:45.0594 3336 NetBIOS - ok
12:01:45.0602 3336 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:01:45.0627 3336 NetBT - ok
12:01:45.0658 3336 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:01:45.0666 3336 Netlogon - ok
12:01:45.0688 3336 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:01:45.0715 3336 Netman - ok
12:01:45.0775 3336 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:01:45.0787 3336 NetMsmqActivator - ok
12:01:45.0789 3336 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:01:45.0794 3336 NetPipeActivator - ok
12:01:45.0810 3336 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:01:45.0845 3336 netprofm - ok
12:01:45.0849 3336 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:01:45.0855 3336 NetTcpActivator - ok
12:01:45.0857 3336 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:01:45.0863 3336 NetTcpPortSharing - ok
12:01:45.0888 3336 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:01:45.0894 3336 nfrd960 - ok
12:01:45.0929 3336 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:01:45.0963 3336 NlaSvc - ok
12:01:46.0007 3336 nm3 (f554c5fd7bd1efa4da5cfe2eed86391f) C:\Windows\system32\DRIVERS\nm3.sys
12:01:46.0014 3336 nm3 - ok
12:01:46.0038 3336 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:01:46.0061 3336 Npfs - ok
12:01:46.0080 3336 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:01:46.0107 3336 nsi - ok
12:01:46.0120 3336 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:01:46.0144 3336 nsiproxy - ok
12:01:46.0186 3336 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:01:46.0227 3336 Ntfs - ok
12:01:46.0243 3336 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:01:46.0266 3336 Null - ok
12:01:46.0443 3336 nvlddmkm (aa043614b7f65eaf7fa83068286d5981) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:01:46.0580 3336 nvlddmkm - ok
12:01:46.0613 3336 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:01:46.0620 3336 nvraid - ok
12:01:46.0650 3336 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:01:46.0658 3336 nvstor - ok
12:01:46.0721 3336 NVSvc (d0a5adf4cd902c06acd651d2fb2a85a9) C:\Windows\system32\nvvsvc.exe
12:01:46.0746 3336 NVSvc - ok
12:01:46.0822 3336 nvUpdatusService (03fac29eed869029d5b000805de2de57) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
12:01:46.0865 3336 nvUpdatusService - ok
12:01:46.0889 3336 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:01:46.0896 3336 nv_agp - ok
12:01:47.0009 3336 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:01:47.0037 3336 odserv - ok
12:01:47.0079 3336 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:01:47.0087 3336 ohci1394 - ok
12:01:47.0125 3336 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:01:47.0164 3336 ose - ok
12:01:47.0218 3336 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:01:47.0235 3336 p2pimsvc - ok
12:01:47.0265 3336 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:01:47.0277 3336 p2psvc - ok
12:01:47.0290 3336 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
12:01:47.0297 3336 Parport - ok
12:01:47.0336 3336 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:01:47.0343 3336 partmgr - ok
12:01:47.0379 3336 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:01:47.0403 3336 PcaSvc - ok
12:01:47.0431 3336 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:01:47.0439 3336 pci - ok
12:01:47.0446 3336 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:01:47.0452 3336 pciide - ok
12:01:47.0469 3336 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:01:47.0478 3336 pcmcia - ok
12:01:47.0490 3336 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:01:47.0497 3336 pcw - ok
12:01:47.0588 3336 PDAgent (14bc059431e2a2ee80d061fa96aa6855) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
12:01:47.0633 3336 PDAgent - ok
12:01:47.0670 3336 PDEngine (f2f3d113fe08252d21790402ee3f61ea) C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
12:01:47.0712 3336 PDEngine - ok
12:01:47.0749 3336 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:01:47.0787 3336 PEAUTH - ok
12:01:47.0837 3336 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
12:01:47.0871 3336 PeerDistSvc - ok
12:01:47.0888 3336 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:01:47.0897 3336 PerfHost - ok
12:01:47.0937 3336 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:01:47.0990 3336 pla - ok
12:01:48.0018 3336 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:01:48.0034 3336 PlugPlay - ok
12:01:48.0051 3336 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:01:48.0074 3336 PNRPAutoReg - ok
12:01:48.0092 3336 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:01:48.0102 3336 PNRPsvc - ok
12:01:48.0142 3336 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:01:48.0177 3336 PolicyAgent - ok
12:01:48.0208 3336 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:01:48.0237 3336 Power - ok
12:01:48.0273 3336 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:01:48.0306 3336 PptpMiniport - ok
12:01:48.0333 3336 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:01:48.0357 3336 Processor - ok
12:01:48.0370 3336 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:01:48.0394 3336 ProfSvc - ok
12:01:48.0429 3336 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:01:48.0437 3336 ProtectedStorage - ok
12:01:48.0444 3336 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:01:48.0468 3336 Psched - ok
12:01:48.0506 3336 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:01:48.0510 3336 PxHlpa64 - ok
12:01:48.0541 3336 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:01:48.0588 3336 ql2300 - ok
12:01:48.0625 3336 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:01:48.0632 3336 ql40xx - ok
12:01:48.0675 3336 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:01:48.0689 3336 QWAVE - ok
12:01:48.0705 3336 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:01:48.0716 3336 QWAVEdrv - ok
12:01:48.0745 3336 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:01:48.0769 3336 RasAcd - ok
12:01:48.0792 3336 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:01:48.0816 3336 RasAgileVpn - ok
12:01:48.0837 3336 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:01:48.0880 3336 RasAuto - ok
12:01:48.0887 3336 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:01:48.0916 3336 Rasl2tp - ok
12:01:48.0937 3336 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:01:48.0964 3336 RasMan - ok
12:01:48.0981 3336 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:01:49.0009 3336 RasPppoe - ok
12:01:49.0037 3336 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:01:49.0069 3336 RasSstp - ok
12:01:49.0078 3336 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:01:49.0103 3336 rdbss - ok
12:01:49.0116 3336 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:01:49.0125 3336 rdpbus - ok
12:01:49.0134 3336 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:01:49.0159 3336 RDPCDD - ok
12:01:49.0202 3336 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:01:49.0209 3336 RDPDR - ok
12:01:49.0234 3336 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:01:49.0259 3336 RDPENCDD - ok
12:01:49.0280 3336 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:01:49.0303 3336 RDPREFMP - ok
12:01:49.0344 3336 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
12:01:49.0352 3336 RdpVideoMiniport - ok
12:01:49.0376 3336 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:01:49.0393 3336 RDPWD - ok
12:01:49.0401 3336 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:01:49.0409 3336 rdyboost - ok
12:01:49.0445 3336 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:01:49.0484 3336 RemoteAccess - ok
12:01:49.0505 3336 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:01:49.0550 3336 RemoteRegistry - ok
12:01:49.0669 3336 RoxMediaDB13 (053a0d66b1982d93a20062e4da40b29b) C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe
12:01:49.0699 3336 RoxMediaDB13 - ok
12:01:49.0719 3336 RoxWatch12 (495c85b15470374a9499451893742ee6) C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe
12:01:49.0739 3336 RoxWatch12 - ok
12:01:49.0758 3336 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:01:49.0784 3336 RpcEptMapper - ok
12:01:49.0798 3336 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:01:49.0807 3336 RpcLocator - ok
12:01:49.0842 3336 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:01:49.0869 3336 RpcSs - ok
12:01:49.0884 3336 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:01:49.0909 3336 rspndr - ok
12:01:49.0953 3336 RTL8167 (4fe1cef69d36e913738234303986fbb3) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:01:49.0960 3336 RTL8167 - ok
12:01:49.0993 3336 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:01:50.0013 3336 s3cap - ok
12:01:50.0038 3336 Sahdad64 (27db9153d259d632d15483deeab799ed) C:\Windows\system32\Drivers\Sahdad64.sys
12:01:50.0042 3336 Sahdad64 - ok
12:01:50.0048 3336 Saibad64 (f77849d909b90bcacfcf7295aecf299b) C:\Windows\system32\Drivers\Saibad64.sys
12:01:50.0052 3336 Saibad64 - ok
12:01:50.0070 3336 SaibVdAd64 (704d415290a568f68de20942dac23f7e) C:\Windows\system32\Drivers\SaibVdAd64.sys
12:01:50.0074 3336 SaibVdAd64 - ok
12:01:50.0103 3336 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:01:50.0111 3336 SamSs - ok
12:01:50.0177 3336 SamsungAllShareV2.0 (9d19e17449c8e8759d6872f662104321) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
12:01:50.0182 3336 SamsungAllShareV2.0 - ok
12:01:50.0201 3336 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:01:50.0208 3336 sbp2port - ok
12:01:50.0226 3336 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:01:50.0252 3336 SCardSvr - ok
12:01:50.0266 3336 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:01:50.0322 3336 scfilter - ok
12:01:50.0355 3336 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:01:50.0394 3336 Schedule - ok
12:01:50.0428 3336 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:01:50.0452 3336 SCPolicySvc - ok
12:01:50.0478 3336 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:01:50.0488 3336 SDRSVC - ok
12:01:50.0508 3336 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:01:50.0541 3336 secdrv - ok
12:01:50.0565 3336 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:01:50.0588 3336 seclogon - ok
12:01:50.0594 3336 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
12:01:50.0626 3336 SENS - ok
12:01:50.0653 3336 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:01:50.0661 3336 SensrSvc - ok
12:01:50.0671 3336 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
12:01:50.0697 3336 Serenum - ok
12:01:50.0709 3336 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
12:01:50.0735 3336 Serial - ok
12:01:50.0754 3336 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:01:50.0766 3336 sermouse - ok
12:01:50.0789 3336 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:01:50.0829 3336 SessionEnv - ok
12:01:50.0863 3336 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:01:50.0873 3336 sffdisk - ok
12:01:50.0883 3336 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:01:50.0893 3336 sffp_mmc - ok
12:01:50.0947 3336 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:01:50.0957 3336 sffp_sd - ok
12:01:50.0962 3336 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:01:50.0970 3336 sfloppy - ok
12:01:51.0018 3336 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:01:51.0046 3336 SharedAccess - ok
12:01:51.0074 3336 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:01:51.0100 3336 ShellHWDetection - ok
12:01:51.0169 3336 SimpleSlideShowServer (1980fe1f5a32067dad1d8776b63c2669) C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
12:01:51.0177 3336 SimpleSlideShowServer - ok
12:01:51.0216 3336 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:01:51.0222 3336 SiSRaid2 - ok
12:01:51.0245 3336 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:01:51.0251 3336 SiSRaid4 - ok
12:01:51.0275 3336 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:01:51.0317 3336 Smb - ok
12:01:51.0426 3336 SmcService (4f7bfe128cbaa98966112a80628fa5ff) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
12:01:51.0484 3336 SmcService - ok
12:01:51.0523 3336 SNAC (51775446c5ffbdf10848f450301318ea) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
12:01:51.0546 3336 SNAC - ok
12:01:51.0580 3336 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:01:51.0595 3336 SNMPTRAP - ok
12:01:51.0621 3336 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:01:51.0626 3336 spldr - ok
12:01:51.0647 3336 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:01:51.0674 3336 Spooler - ok
12:01:51.0785 3336 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:01:51.0845 3336 sppsvc - ok
12:01:51.0903 3336 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:01:51.0927 3336 sppuinotify - ok
12:01:51.0982 3336 SRTSP (c0691f43ea87761b67df6384cfc30b8d) C:\Windows\system32\Drivers\SRTSP64.SYS
12:01:51.0990 3336 SRTSP - ok
12:01:52.0011 3336 SRTSPL (b0304f6120848db7d7709843e2294705) C:\Windows\system32\Drivers\SRTSPL64.SYS
12:01:52.0021 3336 SRTSPL - ok
12:01:52.0036 3336 SRTSPX (165fde7386d792efac992eea34d03bc1) C:\Windows\system32\Drivers\SRTSPX64.SYS
12:01:52.0040 3336 SRTSPX - ok
12:01:52.0066 3336 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:01:52.0081 3336 srv - ok
12:01:52.0090 3336 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:01:52.0111 3336 srv2 - ok
12:01:52.0129 3336 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:01:52.0137 3336 srvnet - ok
12:01:52.0163 3336 sscebus (f74634f46692c8315e7f37f698af3225) C:\Windows\system32\DRIVERS\sscebus.sys
12:01:52.0167 3336 sscebus - ok
12:01:52.0207 3336 sscemdfl (82732b391efd69b0548044be9cb37bfc) C:\Windows\system32\DRIVERS\sscemdfl.sys
12:01:52.0210 3336 sscemdfl - ok
12:01:52.0235 3336 sscemdm (43d56ace4469d90f9790e8352d87d9b5) C:\Windows\system32\DRIVERS\sscemdm.sys
12:01:52.0240 3336 sscemdm - ok
12:01:52.0255 3336 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:01:52.0287 3336 SSDPSRV - ok
12:01:52.0309 3336 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:01:52.0333 3336 SstpSvc - ok
12:01:52.0362 3336 Steam Client Service - ok
12:01:52.0418 3336 Stereo Service (29777df4aff373151806ad85db16e7e9) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:01:52.0426 3336 Stereo Service - ok
12:01:52.0465 3336 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:01:52.0471 3336 stexstor - ok
12:01:52.0500 3336 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:01:52.0517 3336 stisvc - ok
12:01:52.0539 3336 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
12:01:52.0544 3336 storflt - ok
12:01:52.0571 3336 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:01:52.0578 3336 storvsc - ok
12:01:52.0596 3336 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:01:52.0602 3336 swenum - ok
12:01:52.0618 3336 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:01:52.0652 3336 swprv - ok
12:01:52.0748 3336 Symantec AntiVirus (96900995907415fb4a8a18d97b3aa4a3) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
12:01:52.0770 3336 Symantec AntiVirus - ok
12:01:52.0811 3336 SymEvent (d1f1a5e72e33d6be449f5f1f4a513dd1) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:01:52.0817 3336 SymEvent - ok
12:01:52.0838 3336 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
12:01:52.0845 3336 Synth3dVsc - ok
12:01:52.0883 3336 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:01:52.0928 3336 SysMain - ok
12:01:52.0965 3336 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:01:52.0978 3336 TabletInputService - ok
12:01:53.0027 3336 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
12:01:53.0031 3336 taphss - ok
12:01:53.0047 3336 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:01:53.0093 3336 TapiSrv - ok
12:01:53.0125 3336 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:01:53.0150 3336 TBS - ok
12:01:53.0201 3336 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:01:53.0244 3336 Tcpip - ok
12:01:53.0284 3336 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:01:53.0309 3336 TCPIP6 - ok
12:01:53.0343 3336 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:01:53.0367 3336 tcpipreg - ok
12:01:53.0391 3336 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:01:53.0417 3336 TDPIPE - ok
12:01:53.0445 3336 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:01:53.0464 3336 TDTCP - ok
12:01:53.0486 3336 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:01:53.0509 3336 tdx - ok
12:01:53.0592 3336 TeamViewer6 (efd6843c137991cd253ca959e300e886) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
12:01:53.0621 3336 TeamViewer6 - ok
12:01:53.0652 3336 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
12:01:53.0657 3336 teamviewervpn - ok
12:01:53.0672 3336 Teefer2 (9856eb086557dc7e2287f81be155b4b4) C:\Windows\system32\DRIVERS\teefer2.sys
12:01:53.0677 3336 Teefer2 - ok
12:01:53.0684 3336 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
12:01:53.0690 3336 TermDD - ok
12:01:53.0721 3336 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
12:01:53.0729 3336 terminpt - ok
12:01:53.0757 3336 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:01:53.0792 3336 TermService - ok
12:01:53.0828 3336 TFsExDisk (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
12:01:53.0833 3336 TFsExDisk - ok
12:01:53.0845 3336 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:01:53.0858 3336 Themes - ok
12:01:53.0875 3336 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:01:53.0901 3336 THREADORDER - ok
12:01:53.0938 3336 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
12:01:53.0947 3336 TIEHDUSB - ok
12:01:53.0972 3336 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:01:54.0020 3336 TrkWks - ok
12:01:54.0051 3336 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:01:54.0085 3336 TrustedInstaller - ok
12:01:54.0107 3336 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:01:54.0150 3336 tssecsrv - ok
12:01:54.0170 3336 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:01:54.0178 3336 TsUsbFlt - ok
12:01:54.0190 3336 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
12:01:54.0197 3336 TsUsbGD - ok
12:01:54.0226 3336 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
12:01:54.0234 3336 tsusbhub - ok
12:01:54.0276 3336 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:01:54.0302 3336 tunnel - ok
12:01:54.0328 3336 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:01:54.0334 3336 uagp35 - ok
12:01:54.0375 3336 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:01:54.0406 3336 udfs - ok
12:01:54.0432 3336 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:01:54.0442 3336 UI0Detect - ok
12:01:54.0466 3336 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:01:54.0473 3336 uliagpkx - ok
12:01:54.0502 3336 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:01:54.0521 3336 umbus - ok
12:01:54.0528 3336 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
12:01:54.0541 3336 UmPass - ok
12:01:54.0595 3336 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
12:01:54.0611 3336 UmRdpService - ok
12:01:54.0681 3336 UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys
12:01:54.0685 3336 UnlockerDriver5 - ok
12:01:54.0720 3336 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:01:54.0752 3336 upnphost - ok
12:01:54.0780 3336 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
12:01:54.0799 3336 USBAAPL64 - ok
12:01:54.0819 3336 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:01:54.0834 3336 usbaudio - ok
12:01:54.0871 3336 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:01:54.0878 3336 usbccgp - ok
12:01:54.0896 3336 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:01:54.0906 3336 usbcir - ok
12:01:54.0934 3336 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:01:54.0947 3336 usbehci - ok
12:01:54.0963 3336 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:01:54.0985 3336 usbhub - ok
12:01:54.0998 3336 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:01:55.0014 3336 usbohci - ok
12:01:55.0020 3336 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:01:55.0039 3336 usbprint - ok
12:01:55.0070 3336 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:01:55.0080 3336 usbscan - ok
12:01:55.0093 3336 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
12:01:55.0112 3336 USBSTOR - ok
12:01:55.0124 3336 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
12:01:55.0145 3336 usbuhci - ok
12:01:55.0177 3336 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
12:01:55.0188 3336 usbvideo - ok
12:01:55.0214 3336 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:01:55.0249 3336 UxSms - ok
12:01:55.0281 3336 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:01:55.0289 3336 VaultSvc - ok
12:01:55.0304 3336 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:01:55.0310 3336 vdrvroot - ok
12:01:55.0329 3336 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:01:55.0366 3336 vds - ok
12:01:55.0391 3336 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:01:55.0401 3336 vga - ok
12:01:55.0416 3336 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:01:55.0440 3336 VgaSave - ok
12:01:55.0446 3336 VGPU - ok
12:01:55.0463 3336 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:01:55.0472 3336 vhdmp - ok
12:01:55.0491 3336 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:01:55.0497 3336 viaide - ok
12:01:55.0545 3336 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
12:01:55.0553 3336 vmbus - ok
12:01:55.0576 3336 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:01:55.0600 3336 VMBusHID - ok
12:01:55.0620 3336 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:01:55.0626 3336 volmgr - ok
12:01:55.0682 3336 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:01:55.0692 3336 volmgrx - ok
12:01:55.0701 3336 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:01:55.0709 3336 volsnap - ok
12:01:55.0750 3336 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:01:55.0757 3336 vsmraid - ok
12:01:55.0804 3336 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:01:55.0861 3336 VSS - ok
12:01:55.0882 3336 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:01:55.0910 3336 vwifibus - ok
12:01:55.0947 3336 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:01:55.0975 3336 W32Time - ok
12:01:55.0997 3336 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:01:56.0018 3336 WacomPen - ok
12:01:56.0035 3336 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:01:56.0064 3336 WANARP - ok
12:01:56.0066 3336 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:01:56.0089 3336 Wanarpv6 - ok
12:01:56.0152 3336 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:01:56.0191 3336 WatAdminSvc - ok
12:01:56.0218 3336 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:01:56.0261 3336 wbengine - ok
12:01:56.0282 3336 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:01:56.0294 3336 WbioSrvc - ok
12:01:56.0311 3336 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:01:56.0333 3336 wcncsvc - ok
12:01:56.0374 3336 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:01:56.0381 3336 WcsPlugInService - ok
12:01:56.0433 3336 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:01:56.0439 3336 Wd - ok
12:01:56.0469 3336 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:01:56.0483 3336 Wdf01000 - ok
12:01:56.0495 3336 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:01:56.0511 3336 WdiServiceHost - ok
12:01:56.0513 3336 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:01:56.0526 3336 WdiSystemHost - ok
12:01:56.0548 3336 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:01:56.0566 3336 WebClient - ok
12:01:56.0579 3336 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:01:56.0609 3336 Wecsvc - ok
12:01:56.0633 3336 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:01:56.0659 3336 wercplsupport - ok
12:01:56.0679 3336 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:01:56.0705 3336 WerSvc - ok
12:01:56.0736 3336 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:01:56.0760 3336 WfpLwf - ok
12:01:56.0786 3336 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:01:56.0791 3336 WIMMount - ok
12:01:56.0811 3336 WinHttpAutoProxySvc - ok
12:01:56.0851 3336 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:01:56.0877 3336 Winmgmt - ok
12:01:56.0921 3336 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:01:56.0975 3336 WinRM - ok
12:01:57.0010 3336 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:01:57.0020 3336 WinUsb - ok
12:01:57.0041 3336 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:01:57.0066 3336 Wlansvc - ok
12:01:57.0180 3336 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:01:57.0224 3336 wlidsvc - ok
12:01:57.0256 3336 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:01:57.0269 3336 WmiAcpi - ok
12:01:57.0294 3336 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:01:57.0323 3336 wmiApSrv - ok
12:01:57.0339 3336 WMPNetworkSvc - ok
12:01:57.0352 3336 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:01:57.0361 3336 WPCSvc - ok
12:01:57.0402 3336 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:01:57.0413 3336 WPDBusEnum - ok
12:01:57.0457 3336 WPS (b8b1de04c67489a5d0cbcb0ce2c3cd66) C:\Windows\system32\drivers\wpsdrvnt.sys
12:01:57.0461 3336 WPS - ok
12:01:57.0473 3336 WpsHelper (d9b5a13804b7d97770c42da484a9d86e) C:\Windows\system32\drivers\WpsHelper.sys
12:01:57.0479 3336 WpsHelper - ok
12:01:57.0500 3336 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:01:57.0524 3336 ws2ifsl - ok
12:01:57.0550 3336 WSearch - ok
12:01:57.0592 3336 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:01:57.0663 3336 wuauserv - ok
12:01:57.0678 3336 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:01:57.0728 3336 WudfPf - ok
12:01:57.0745 3336 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:01:57.0769 3336 WUDFRd - ok
12:01:57.0787 3336 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:01:57.0811 3336 wudfsvc - ok
12:01:57.0832 3336 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:01:57.0865 3336 WwanSvc - ok
12:01:57.0916 3336 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
12:01:57.0921 3336 xusb21 - ok
12:01:57.0944 3336 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:01:58.0051 3336 \Device\Harddisk0\DR0 - ok
12:01:58.0052 3336 Boot (0x1200) (755d780427a364e9d6be1749a65a1608) \Device\Harddisk0\DR0\Partition0
12:01:58.0053 3336 \Device\Harddisk0\DR0\Partition0 - ok
12:01:58.0055 3336 Boot (0x1200) (8a65a0e1ba10b9eecc47f575219d9ac0) \Device\Harddisk0\DR0\Partition1
12:01:58.0056 3336 \Device\Harddisk0\DR0\Partition1 - ok
12:01:58.0056 3336 ============================================================
12:01:58.0056 3336 Scan finished
12:01:58.0056 3336 ============================================================
12:01:58.0061 0456 Detected object count: 1
12:01:58.0061 0456 Actual detected object count: 1
12:02:16.0430 0456 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
12:02:16.0430 0456 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:02:19.0074 4180 Deinitialize success
  • 0

#10
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

I would like to check a file flagged by TDSSKiller as unsigned. Normally such a Microsoft related should not be but can occur, however giving the prior infection on your machine I think it would be prudent to err on the side of caution in this instance.

Next:

Now please go to my file submission channel here.

Next to the box:- Link to topic where this file was requested: Add in the below:-

http://www.geekstogo.com/forum/topic/317059-remnants-after-infection/page__pid__2147064#entry2147064
Next to the box: Browse to the file you want to submit: click on the Browse... tab and navigate to the below:-

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

Then click on the Send File tab. I will be notified when the file has been uploaded and checked.

Next:

Right-click on OTL.exe and select Run as Administrator to start OTL. Then ensure both Include 64bit Scans & Scan All Users are selected and click on Run Scan.

Post the new OTL log in your next reply(should be Run 6 this time round).

Note: Only one log will be created by OTL and that is all I require at this time to continue the Malware Removal process.
  • 0

Advertisements


#11
Alias50

Alias50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
Hello,

I have submitted the file you asked for. However, I had to re-download OTL from G2G and was unable to do so as my anivir blocked it as Backdoor.Graybird. I tried a few more times, and each time it was blocked. Now, it's telling me a reboot is required to finish removal. I can download other files, such as images, just fine.

Please let me know how to proceed.
  • 0

#12
Alias50

Alias50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
Update:

I managed to download OTL by using one with a different extension and will post the log you asked for next. It's odd, I must have picked something new up somewhere while browsing.
  • 0

#13
Alias50

Alias50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
Here is the OTL log.



OTL logfile created on: 21/04/2012 2:43:49 PM - Run 6
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Michal\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 3.79 Gb Available Physical Memory | 63.26% Memory free
11.98 Gb Paging File | 9.49 Gb Available in Paging File | 79.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.77 Gb Total Space | 105.50 Gb Free Space | 22.65% Space Free | Partition Type: NTFS
Drive D: | 465.74 Gb Total Space | 113.70 Gb Free Space | 24.41% Space Free | Partition Type: NTFS

Computer Name: MICHAL-PC | User Name: Michal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Michal\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - D:\Games\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)


========== Modules (No Company Name) ==========

MOD - D:\Games\Steam\bin\libcef.dll ()
MOD - D:\Games\Steam\bin\avcodec-53.dll ()
MOD - D:\Games\Steam\bin\chromehtml.dll ()
MOD - D:\Games\Steam\bin\avformat-53.dll ()
MOD - D:\Games\Steam\bin\avutil-51.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d8345a7a14f0dc106f60d31a2c8eac2f\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\8d1c109891c3552e2f6aee4cae83f21c\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dc5a405f092aeaf84db4dc539385e86d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b761a3b6e5c751993ff65aafd7fe42b8\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f7283ec1c4b47c6b21777626a76d6611\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\22d54437cf1de9478f5c2c23f07eb9d6\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\1084708d3872b8e64f7ec88145298b2d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\3ed9c2f173958ae6663134d302cc4f62\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b798dff0ec58f4c76d96bb656d8d04bd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\f7bbdea460b86c08496e471d808bd386\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff7c4aa829c327b186ef85cff3289bdf\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\90842cf922c71c82718ba71d5801c30c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)
SRV:64bit: - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SimpleSlideShowServer) -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.)
SRV - (SamsungAllShareV2.0) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (EraserSvc11122) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (BOT4Service) -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe ()
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe (Sonic Solutions)
SRV - (RoxMediaDB13) -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe (Sonic Solutions)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfoX64.sys File not found
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (WpsHelper) -- C:\Windows\SysNative\drivers\wpshelper.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (WPS) -- C:\Windows\SysNative\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Teefer2) -- C:\Windows\SysNative\drivers\Teefer2.sys (Symantec Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (sscemdm) -- C:\Windows\SysNative\drivers\sscemdm.sys (MCCI Corporation)
DRV:64bit: - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\SysNative\drivers\sscebus.sys (MCCI Corporation)
DRV:64bit: - (sscemdfl) -- C:\Windows\SysNative\drivers\sscemdfl.sys (MCCI Corporation)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (c2scsi64) -- C:\Windows\SysNative\drivers\C2SCSI64.SYS (Sonic Solutions)
DRV:64bit: - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys ()
DRV:64bit: - (nm3) -- C:\Windows\SysNative\drivers\nm3.sys (Microsoft Corporation)
DRV:64bit: - (DefragFS) -- C:\Windows\SysNative\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (TIEHDUSB) -- C:\Windows\SysNative\drivers\tiehdusb.sys (Texas Instruments)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (BrSerIb) Brother MFC Serial Interface Driver(WDM) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV:64bit: - (BrUsbSIb) Brother MFC Serial USB Driver(WDM) -- C:\Windows\SysNative\drivers\BrUsbSIb.sys (Brother Industries Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SaibVdAd64) -- C:\Windows\SysNative\drivers\SaibVdAd64.sys (Sonic Solutions)
DRV:64bit: - (Sahdad64) -- C:\Windows\SysNative\drivers\Sahdad64.sys (Sonic Solutions)
DRV:64bit: - (Saibad64) -- C:\Windows\SysNative\drivers\Saibad64.sys (Sonic Solutions)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120420.019\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120420.019\ENG64.SYS (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-786879198-253778329-1393635891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKU\S-1-5-21-786879198-253778329-1393635891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKU\S-1-5-21-786879198-253778329-1393635891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 CA 6B 0E FD 1C CD 01 [binary data]
IE - HKU\S-1-5-21-786879198-253778329-1393635891-1000\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKU\S-1-5-21-786879198-253778329-1393635891-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-786879198-253778329-1393635891-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKU\S-1-5-21-786879198-253778329-1393635891-1000\..\SearchScopes\{63EC1A34-1A52-43DB-AEDA-82A9460427C5}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-786879198-253778329-1393635891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-786879198-253778329-1393635891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/05/03 20:12:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/17 22:21:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/27 08:09:37 | 000,000,000 | ---D | M]

[2011/03/31 11:17:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michal\AppData\Roaming\Mozilla\Extensions
[2012/03/18 00:16:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\72q3wy80.default\extensions
[2011/11/13 16:50:53 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\72q3wy80.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012/01/16 14:31:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/21 14:48:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\MICHAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\72Q3WY80.DEFAULT\EXTENSIONS\{27C60876-B5C9-4335-B4F3-52B26782220C}.XPI
() (No name found) -- C:\USERS\MICHAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\72Q3WY80.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/03/17 22:21:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/27 09:26:38 | 000,043,016 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npbasic.dll
[2011/03/31 11:22:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/08 20:06:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/03/31 17:09:30 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2011/11/09 22:57:21 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/12 18:46:47 | 000,000,853 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-786879198-253778329-1393635891-1000..\Run: [Steam] D:\Games\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-786879198-253778329-1393635891-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-786879198-253778329-1393635891-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-786879198-253778329-1393635891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-786879198-253778329-1393635891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-786879198-253778329-1393635891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-786879198-253778329-1393635891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-21-786879198-253778329-1393635891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{742A4427-81C9-4B17-A9DB-591FA35F9D8D}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/21 14:41:08 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Michal\Desktop\OTL - Copy.scr
[2012/04/21 14:40:16 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Michal\Desktop\OTL.exe
[2012/04/20 15:53:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/20 15:52:30 | 000,000,000 | R--D | C] -- C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/04/20 15:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/04/20 15:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/04/20 00:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Beta
[2012/04/20 00:15:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III Beta
[2012/04/20 00:15:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012/04/20 00:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/04/19 17:52:56 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Local\SniperV2 Demo
[2012/04/18 20:11:40 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Local\Rockstar Games
[2012/04/17 23:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2012/04/17 23:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP
[2012/04/16 17:45:22 | 000,000,000 | ---D | C] -- D:\Michal\Documents\Max Payne 2 Savegames
[2012/04/12 22:07:30 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Local\CAPCOM
[2012/04/12 18:35:04 | 000,000,000 | ---D | C] -- C:\Users\Michal\.shsh
[2012/04/09 11:07:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/04/04 20:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung New PC Studio
[2012/04/04 20:00:53 | 000,161,280 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscemdm.sys
[2012/04/04 20:00:53 | 000,127,488 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscebus.sys
[2012/04/04 20:00:53 | 000,018,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscemdfl.sys
[2012/04/04 20:00:53 | 000,015,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscewhnt.sys
[2012/04/04 20:00:53 | 000,015,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscewh.sys
[2012/04/04 20:00:53 | 000,015,360 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscecmnt.sys
[2012/04/04 20:00:53 | 000,015,360 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscecm.sys
[2012/04/04 20:00:06 | 000,025,960 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe
[2012/04/04 20:00:06 | 000,016,448 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys
[2012/04/04 19:59:51 | 000,000,000 | ---D | C] -- D:\Michal\Documents\Samsung
[2012/04/04 19:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012/04/04 19:33:54 | 000,000,000 | ---D | C] -- C:\Users\Michal\Desktop\registry font backups
[2012/04/04 17:43:29 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Local\libimobiledevice
[2012/04/02 19:09:24 | 000,000,000 | ---D | C] -- D:\Michal\Documents\Battlefield 3
[2012/04/02 19:08:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2012/04/02 16:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2012/04/01 23:18:17 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Local\shaw
[2012/04/01 23:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\shaw
[2012/04/01 23:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\Shaw
[2012/04/01 23:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shaw Internet
[2012/04/01 20:57:48 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Local\ElevatedDiagnostics
[2012/04/01 19:43:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/04/01 00:23:34 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/31 15:31:10 | 000,000,000 | ---D | C] -- D:\Michal\Documents\Remedy
[2012/03/31 12:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remedy Entertainment
[2012/03/26 15:57:53 | 000,000,000 | ---D | C] -- D:\Michal\Documents\WB Games
[2012/03/26 15:37:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Batman Arkham City
[2012/03/25 23:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AzTools
[2012/03/03 14:06:00 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Michal\AppData\Roaming\pcouffin.sys
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/21 14:40:23 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Michal\Desktop\OTL.exe
[2012/04/21 14:40:23 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Michal\Desktop\OTL - Copy.scr
[2012/04/21 14:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/21 11:59:38 | 000,022,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/21 11:59:38 | 000,022,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/21 11:59:09 | 000,000,512 | ---- | M] () -- C:\Users\Michal\Desktop\MBR.dat
[2012/04/21 11:57:04 | 000,783,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/21 11:57:04 | 000,667,436 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/21 11:57:04 | 000,126,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/21 11:50:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/21 11:50:33 | 529,932,287 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/20 15:52:31 | 000,000,928 | ---- | M] () -- C:\Users\Michal\Desktop\NTREGOPT.lnk
[2012/04/20 15:52:31 | 000,000,909 | ---- | M] () -- C:\Users\Michal\Desktop\ERUNT.lnk
[2012/04/20 00:15:16 | 000,001,263 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk
[2012/04/19 17:40:33 | 000,100,352 | ---- | M] () -- C:\Users\Michal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/18 17:41:54 | 000,005,676 | ---- | M] () -- C:\Users\Michal\AppData\Local\Temp5.html
[2012/04/18 17:41:12 | 000,001,955 | ---- | M] () -- C:\Users\Michal\AppData\Local\Temp1.html
[2012/04/18 08:02:45 | 000,002,053 | ---- | M] () -- C:\Users\Michal\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung AllShare.lnk
[2012/04/17 23:33:07 | 000,000,600 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\winscp.rnd
[2012/04/17 23:27:26 | 000,001,853 | ---- | M] () -- C:\Users\Michal\Desktop\WinSCP.lnk
[2012/04/17 23:00:27 | 000,065,397 | ---- | M] () -- C:\Users\Michal\Desktop\RutherfordScholarship.pdf
[2012/04/16 17:41:53 | 000,000,724 | ---- | M] () -- C:\Users\Public\Desktop\Max Payne 2.lnk
[2012/04/16 17:03:57 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/16 17:03:57 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/15 14:45:16 | 000,003,829 | ---- | M] () -- C:\Users\Michal\Desktop\photo-360817.jpg
[2012/04/12 18:46:47 | 000,000,853 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/12 18:46:47 | 000,000,852 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2012/04/12 17:29:45 | 001,291,289 | ---- | M] () -- C:\s6fc.4
[2012/04/12 17:29:45 | 000,698,465 | ---- | M] () -- C:\s6fc.5
[2012/04/12 11:59:06 | 000,032,331 | ---- | M] () -- C:\Users\Michal\Desktop\hitman_blood_money.jpg
[2012/04/09 11:07:12 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/04/05 13:04:35 | 000,418,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/04 20:01:58 | 000,002,170 | ---- | M] () -- C:\Users\Michal\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2012/04/04 20:01:58 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2012/04/04 17:49:00 | 001,290,899 | ---- | M] () -- C:\s3pc.3
[2012/04/04 17:49:00 | 000,698,258 | ---- | M] () -- C:\s3pc.4
[2012/04/02 20:51:02 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/04/02 20:46:55 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/04/02 16:55:07 | 000,000,779 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012/03/31 12:50:44 | 000,000,711 | ---- | M] () -- C:\Users\Public\Desktop\Alan Wake.lnk
[2012/03/29 16:16:16 | 000,083,139 | ---- | M] () -- C:\Users\Michal\Desktop\Exp .pdf
[2012/03/26 15:37:16 | 000,000,905 | ---- | M] () -- C:\Users\Public\Desktop\Batman Arkham City.lnk
[2012/03/25 23:07:41 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\Blueline.lnk
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/21 11:59:09 | 000,000,512 | ---- | C] () -- C:\Users\Michal\Desktop\MBR.dat
[2012/04/20 15:52:31 | 000,000,928 | ---- | C] () -- C:\Users\Michal\Desktop\NTREGOPT.lnk
[2012/04/20 15:52:31 | 000,000,909 | ---- | C] () -- C:\Users\Michal\Desktop\ERUNT.lnk
[2012/04/20 00:15:09 | 000,001,263 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk
[2012/04/18 17:41:54 | 000,005,676 | ---- | C] () -- C:\Users\Michal\AppData\Local\Temp5.html
[2012/04/18 17:39:59 | 000,001,955 | ---- | C] () -- C:\Users\Michal\AppData\Local\Temp1.html
[2012/04/17 23:33:07 | 000,000,600 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\winscp.rnd
[2012/04/17 23:27:26 | 000,001,853 | ---- | C] () -- C:\Users\Michal\Desktop\WinSCP.lnk
[2012/04/17 23:00:27 | 000,065,397 | ---- | C] () -- C:\Users\Michal\Desktop\RutherfordScholarship.pdf
[2012/04/16 17:41:53 | 000,000,724 | ---- | C] () -- C:\Users\Public\Desktop\Max Payne 2.lnk
[2012/04/15 14:45:15 | 000,003,829 | ---- | C] () -- C:\Users\Michal\Desktop\photo-360817.jpg
[2012/04/12 17:29:45 | 000,698,465 | ---- | C] () -- C:\s6fc.5
[2012/04/12 17:29:44 | 001,291,289 | ---- | C] () -- C:\s6fc.4
[2012/04/12 11:59:05 | 000,032,331 | ---- | C] () -- C:\Users\Michal\Desktop\hitman_blood_money.jpg
[2012/04/09 11:07:12 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/04/04 20:01:58 | 000,002,170 | ---- | C] () -- C:\Users\Michal\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2012/04/04 20:01:58 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2012/04/04 17:49:00 | 000,698,258 | ---- | C] () -- C:\s3pc.4
[2012/04/04 17:48:59 | 001,290,899 | ---- | C] () -- C:\s3pc.3
[2012/04/02 16:55:07 | 000,000,779 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012/04/01 23:17:51 | 000,072,192 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012/04/01 00:23:36 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/31 12:50:44 | 000,000,711 | ---- | C] () -- C:\Users\Public\Desktop\Alan Wake.lnk
[2012/03/29 16:16:16 | 000,083,139 | ---- | C] () -- C:\Users\Michal\Desktop\Exp .pdf
[2012/03/26 15:37:16 | 000,000,905 | ---- | C] () -- C:\Users\Public\Desktop\Batman Arkham City.lnk
[2012/03/25 23:07:41 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\Blueline.lnk
[2012/03/04 17:06:11 | 000,164,352 | -HS- | C] () -- C:\Windows\SysWow64\SCS.dll
[2012/03/04 12:39:22 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/03/04 12:39:22 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/03/03 14:06:00 | 000,099,384 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\inst.exe
[2012/03/03 14:06:00 | 000,007,859 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\pcouffin.cat
[2012/03/03 14:06:00 | 000,001,167 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\pcouffin.inf
[2012/02/26 00:24:24 | 000,000,533 | ---- | C] () -- C:\Windows\Tcsofla.INI
[2012/01/30 01:57:26 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI
[2012/01/14 22:02:31 | 000,008,341 | ---- | C] () -- C:\ProgramData\2be2b9a
[2012/01/14 22:02:31 | 000,008,338 | ---- | C] () -- C:\Users\Michal\AppData\Local\e5061498
[2012/01/14 22:02:31 | 000,008,276 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\91d7245d
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/22 12:29:58 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/08/29 21:06:38 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2011/08/14 14:02:50 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini
[2011/08/14 14:02:50 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini
[2011/08/14 14:02:23 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011/08/14 13:58:37 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011/08/13 22:48:17 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/08/13 22:48:16 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/08/13 22:42:24 | 000,714,526 | ---- | C] () -- C:\Windows\unins000.exe
[2011/08/13 22:42:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011/08/13 22:42:24 | 000,001,992 | ---- | C] () -- C:\Windows\unins000.dat
[2011/08/10 11:58:30 | 000,001,057 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\vso_ts_preview.xml
[2011/07/30 22:02:18 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/07/15 22:47:26 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\libsndfile-1.dll
[2011/06/09 18:54:38 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/05/09 22:23:28 | 000,202,240 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/05/09 22:20:22 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/04/20 18:28:26 | 000,000,442 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/20 17:58:14 | 000,000,204 | ---- | C] () -- C:\Windows\struct~.ini
[2011/04/20 08:19:45 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/16 15:23:56 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/15 23:09:19 | 000,000,549 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\AutoGK.ini
[2011/03/31 18:22:12 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011/03/31 15:26:02 | 000,100,352 | ---- | C] () -- C:\Users\Michal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/31 13:37:53 | 000,768,738 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/31 12:07:21 | 000,000,849 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/03/31 12:07:21 | 000,000,159 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/03/31 12:07:10 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/03/31 11:59:06 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/03/31 11:59:06 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/03/31 11:53:36 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/03/31 11:17:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

< End of report >
  • 0

#14
Alias50

Alias50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
Also, here is that MBAM log you asked for earlier.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 912030707

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

07/03/2012 6:54:19 PM
mbam-log-2012-03-07 (18-54-19).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 593441
Time elapsed: 1 hour(s), 54 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FBC.exe (Backdoor.CycBot) -> Value: FBC.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Michal\downloads\grand theft auto san andreas v3.0 + 13 trainer\grand theft auto san andreas v3.0 + 13 trainer.exe (HackTool.GamesCheat) -> Quarantined and deleted successfully.
c:\Windows\System32\h4x0r.dll (HackTool.GamesCheat) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\h4x0r.dll (HackTool.GamesCheat) -> Quarantined and deleted successfully.
  • 0

#15
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi,

I have bad news I'm afraid. :(

One or more of the identified infections is a Backdoor Trojan.

OK since we are dealing with the aforementioned infection(s) I would be providing your good self with a disservice if I did not make you aware of the ramifications below:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows Operating System, and that is the course I strongly recommend.

Please read this for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

I can attempt to clean this machine but I can't guarantee that it will be at all secure afterwords.

Should you have any questions, please feel free to ask.

Please let myself know what you have decided to do in your next post.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP