Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

malware that spams from my email?

Started by retikka , Apr 27 2012 03:30 AM

Please log in to reply

#1
retikka

Posted 27 April 2012 - 03:30 AM

New Member

Member
4 posts

Ok i have noticed that something has spammed links (most likely to virus site) to all my contacts in my email. i changed password and it didn't help so i did full system scan on Avast! and Malwarebytes Anti-Malware and they came clean. So i decided to try with AVG 2012 and it found few trojans in java that were quarantined, but it also stated that i have few of these:
"";"<unknown>";"Corrupted section win32k.sys[.text] XLATEOBJ_cGetPalette+0x55EC, size 8 bytes";"Object is hidden"
I did quick scan with OTL and here is the log.

OTL logfile created on: 26.4.2012 23:48:11 - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = D:\lataus sälä
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 0000040b | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

8,00 Gb Total Physical Memory | 4,98 Gb Available Physical Memory | 62,29% Memory free
16,20 Gb Paging File | 12,84 Gb Available in Paging File | 79,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 32,07 Gb Free Space | 32,07% Space Free | Partition Type: NTFS
Drive D: | 831,51 Gb Total Space | 666,54 Gb Free Space | 80,16% Space Free | Partition Type: NTFS
Drive E: | 542,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: NIKO-PC | User Name: Niko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.04.26 23:45:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\lataus sälä\OTL.exe
PRC - [2012.04.25 15:49:39 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.03.13 06:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Niko\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.03.07 03:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.03.07 03:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012.02.16 04:57:46 | 002,575,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012.02.14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012.01.03 16:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.07.06 17:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009.07.30 18:10:04 | 000,380,928 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
PRC - [2009.07.27 11:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe
PRC - [2009.02.18 15:31:56 | 000,294,912 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009.02.17 17:29:26 | 001,753,600 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\TurboKey.exe
PRC - [2009.02.10 21:28:54 | 005,993,984 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
PRC - [2009.02.05 10:51:46 | 005,384,192 | ---- | M] () -- C:\Program Files\ASUS\TurboV\TurboV.exe
PRC - [2008.08.15 11:23:20 | 000,086,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
PRC - [2002.01.11 21:44:44 | 001,310,720 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe

========== Modules (No Company Name) ==========

MOD - [2012.04.25 15:49:38 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.04.14 14:04:20 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012.02.22 13:03:51 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\Java\jre6\bin\jp2native.dll
MOD - [2011.08.03 03:31:28 | 000,255,592 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.05.31 09:38:10 | 000,058,368 | ---- | M] () -- C:\Windows\SysWOW64\bdmpega.acm
MOD - [2010.06.28 15:21:42 | 009,905,152 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2010.06.28 15:21:42 | 007,793,152 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2010.06.28 15:21:42 | 002,530,304 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtXmlPatterns4.dll
MOD - [2010.06.28 15:21:42 | 002,094,592 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2010.06.28 15:21:42 | 001,116,160 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2010.06.28 15:21:42 | 000,915,456 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2010.06.28 15:21:42 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2010.06.28 15:21:42 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2010.06.28 15:21:42 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
MOD - [2009.04.29 20:46:20 | 001,077,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\GamerOSD\ImageTransform.dll
MOD - [2009.02.17 18:22:16 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\ASUS\GamerOSD\AudioOnVistaDLL.dll
MOD - [2009.02.17 17:29:26 | 001,753,600 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\TurboKey.exe
MOD - [2009.02.10 21:28:54 | 005,993,984 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
MOD - [2009.02.05 10:51:46 | 005,384,192 | ---- | M] () -- C:\Program Files\ASUS\TurboV\TurboV.exe
MOD - [2009.02.03 19:57:32 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\pngio.dll
MOD - [2009.02.03 10:55:38 | 000,253,952 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\pngio.dll
MOD - [2009.02.03 10:55:38 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\AiNap.dll
MOD - [2009.02.03 10:55:38 | 000,008,704 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\vvc.dll
MOD - [2009.01.19 17:39:02 | 001,298,944 | ---- | M] () -- C:\Program Files\ASUS\TurboV\OcProfile.dll
MOD - [2008.12.15 20:01:54 | 000,131,072 | ---- | M] () -- C:\Program Files\ASUS\TurboV\TvOcLib.dll
MOD - [2008.12.10 20:27:56 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\TurboV\pngio.dll
MOD - [2007.03.13 16:46:50 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\VOV32.dll
MOD - [2007.02.28 18:34:04 | 000,643,142 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\aticlocklib.dll
MOD - [2006.01.10 11:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012.03.07 03:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009.12.01 14:22:58 | 000,063,488 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\Windows\SysNative\ATKFUSService.exe -- (ATKFUSService)
SRV:64bit: - [2008.01.21 05:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.04.25 15:49:39 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.18 12:41:01 | 000,670,816 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\xsherlock.xem -- (xsherlock)
SRV - [2012.04.14 14:04:20 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.28 02:10:52 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012.03.25 21:21:30 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012.02.14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.01.03 16:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.06 10:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) @C:\Program Files (x86)
SRV - [2009.07.30 03:53:00 | 003,300,020 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009.07.27 11:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR)
SRV - [2009.03.30 07:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.18 15:31:56 | 000,294,912 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2008.08.15 11:23:20 | 000,086,016 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe -- (AsSysCtrlService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.03.07 03:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.03.07 03:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.03.07 03:02:05 | 000,043,864 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2012.03.07 03:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.03.07 03:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.03.07 03:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.02.29 16:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.22 05:25:50 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.02.22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.01.31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.12.23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.12.23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.12.23 13:32:02 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidseha.sys -- (AVGIDSEH)
DRV:64bit: - [2011.12.23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.09.27 21:16:09 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\EIO64.sys -- (EIO64)
DRV:64bit: - [2011.05.10 12:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.02.22 15:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap)
DRV:64bit: - [2009.10.01 03:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.09.10 04:24:12 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.03.26 19:28:08 | 001,149,440 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.09 12:36:56 | 000,099,680 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2009.02.17 18:22:22 | 000,039,424 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV:64bit: - [2009.02.17 18:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2008.09.23 19:15:00 | 000,056,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E)
DRV:64bit: - [2008.01.21 05:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2008.01.21 05:47:27 | 000,903,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)
DRV:64bit: - [2006.10.31 18:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2005.01.04 21:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: [email protected]:1.10
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPBrowserExt: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.03.17 18:38:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.04.25 16:43:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.04.25 16:42:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 15:49:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.11 18:16:11 | 000,000,000 | ---D | M]

[2009.10.14 16:22:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niko\AppData\Roaming\mozilla\Extensions
[2012.04.26 11:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niko\AppData\Roaming\mozilla\Firefox\Profiles\v6ayxpah.default\extensions
[2009.10.14 16:27:01 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Niko\AppData\Roaming\mozilla\Firefox\Profiles\v6ayxpah.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.03.21 13:47:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.04.25 15:49:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.22 13:03:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.02.02 02:31:02 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2012.03.18 13:55:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.18 13:55:54 | 000,002,062 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bookplus-fi.xml
[2012.03.18 13:55:54 | 000,000,972 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-fi.xml
[2012.03.18 13:55:54 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fi.xml
[2012.03.18 13:55:54 | 000,001,100 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-fi.xml

O1 HOSTS File: ([2006.09.19 00:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Turbo Key] C:\Program Files\ASUS\Turbo Key\TurboKey.exe ()
O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Niko\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9:64bit: - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory....ap/PhtPkMSN.cab (PhotoPickConvert Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 77.105.65.60 77.105.65.70
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{979E6019-CA00-4DC1-97A8-FD302012E15D}: DhcpNameServer = 77.105.65.60 77.105.65.70
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.04.18 10:23:00 | 000,000,041 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{42a0b706-b3da-11de-9dd3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{42a0b706-b3da-11de-9dd3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2001.04.30 12:33:00 | 000,032,768 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.04.25 16:44:57 | 000,000,000 | ---D | C] -- C:\Users\Niko\AppData\Roaming\AVG2012
[2012.04.25 16:43:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.04.25 16:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.04.25 16:43:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012.04.25 16:41:30 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012.04.25 16:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012.04.25 16:41:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012.04.25 16:39:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012.04.25 16:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.04.25 15:59:10 | 000,000,000 | ---D | C] -- C:\Users\Niko\AppData\Roaming\Malwarebytes
[2012.04.25 15:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.25 15:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.25 15:59:00 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.25 15:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.25 15:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.25 15:49:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.04.25 14:55:41 | 000,000,000 | ---D | C] -- C:\Users\Niko\Desktop\PSX Emulator
[2012.04.25 14:55:36 | 000,000,000 | ---D | C] -- C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phpnuke Downloader
[2012.04.25 14:55:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phpnuke Downloader
[2012.04.20 23:22:05 | 000,000,000 | ---D | C] -- C:\Users\Niko\Documents\Diablo III
[2012.04.20 23:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.04.20 20:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Beta
[2012.04.20 20:19:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012.04.20 20:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.04.26 23:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.26 22:29:10 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.26 22:29:10 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.26 19:16:29 | 096,299,657 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.04.26 12:39:16 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012.04.26 12:36:21 | 001,226,918 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.26 12:36:21 | 000,598,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.26 12:36:21 | 000,446,492 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2012.04.26 12:36:21 | 000,105,086 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.26 12:36:21 | 000,085,286 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2012.04.26 12:29:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.25 16:43:19 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.04.25 16:43:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012.04.25 16:43:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012.04.25 15:59:02 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.25 13:04:34 | 000,000,655 | ---- | M] () -- C:\Users\Niko\Desktop\12Sky2.lnk
[2012.04.18 12:41:01 | 000,670,816 | ---- | M] (Wellbia.com Co., Ltd.) -- C:\Windows\SysWow64\xsherlock.xem
[2012.04.13 00:03:29 | 000,000,174 | ---- | M] () -- C:\Users\Public\Desktop\Dekaron.url
[2012.04.04 19:57:33 | 000,122,368 | ---- | M] () -- C:\Users\Niko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.04.26 19:16:29 | 096,299,657 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.04.25 16:43:19 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.04.25 16:43:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012.04.25 16:43:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012.04.25 15:59:02 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.25 13:04:34 | 000,000,655 | ---- | C] () -- C:\Users\Niko\Desktop\12Sky2.lnk
[2012.04.13 00:03:29 | 000,000,174 | ---- | C] () -- C:\Users\Public\Desktop\Dekaron.url
[2012.04.07 15:58:51 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011.09.28 19:48:27 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.09.27 21:15:31 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asrussian.dll
[2011.09.27 21:15:31 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\askorean.dll
[2011.09.27 21:15:31 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asjapan.dll
[2011.09.27 21:15:31 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asgerman.dll
[2011.09.27 21:15:31 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asfrench.dll
[2011.09.27 21:15:31 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aseng.dll
[2011.09.27 21:15:31 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ASCHT.dll
[2011.09.27 21:15:31 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aschs.dll
[2011.09.27 21:15:30 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.09.27 21:15:29 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.08.03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.06.11 17:01:39 | 000,039,548 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011.06.11 16:24:27 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.05.31 09:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.05.31 09:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.03.05 02:22:08 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011.03.05 02:22:08 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011.03.05 02:22:08 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010.07.09 18:27:00 | 000,001,720 | ---- | C] () -- C:\Windows\SysWow64\BATTLEP.ini
[2010.07.09 18:23:42 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\BattleP.dll

========== LOP Check ==========

[2012.04.25 16:44:57 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\AVG2012
[2012.02.24 11:16:41 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\BitTorrent
[2010.10.21 20:27:33 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\C0A533651FDA1B2C96EF8DA7CAE2EC9F
[2011.05.23 21:17:55 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009.12.02 17:02:20 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\F-Secure
[2011.09.25 16:48:06 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\FOG Downloader
[2012.02.07 12:13:57 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\gamigo
[2012.02.07 11:20:35 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\GetRightToGo
[2012.03.08 20:45:04 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\gtk-2.0
[2011.06.15 17:28:49 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\Guitar Pro 6
[2012.02.07 12:05:15 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\launcher
[2012.02.07 12:05:15 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\Martial Empires Launcher
[2011.11.06 04:28:08 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\TS3Client
[2011.06.15 19:36:12 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\Windows Live Writer
[2012.04.26 12:27:21 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2010.06.16 22:58:46 | 000,406,625 | ---- | M] ()(C:\Users\Niko\Documents\?????a0139.jpg) -- C:\Users\Niko\Documents\Εικόνα0139.jpg
[2010.06.16 22:58:30 | 000,406,625 | ---- | C] ()(C:\Users\Niko\Documents\?????a0139.jpg) -- C:\Users\Niko\Documents\Εικόνα0139.jpg

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Niko\Documents\VIDEO0165.mp4:TOC.WMV

< End of report >

Edited by retikka, 27 April 2012 - 04:44 AM.

#2
Gammo

Posted 01 May 2012 - 09:32 AM

Member 2k

Malware Removal
2,299 posts

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Check the box that says Scan All Users.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

#3
retikka

Posted 01 May 2012 - 10:41 AM

New Member

Topic Starter
Member
4 posts

The problem i have is that something has sent spam mail with links from my email even after pass change and i think it is some malware or spyware. I scanned my pc with avast! and Malwarebytes they were clean and AVG scan alerted of some of these
"";"<unknown>";"Corrupted section win32k.sys[.text] XLATEOBJ_cGetPalette+0x55EC, size 8 bytes";"Object is hidden"
but i am not sure if those are false positive. Here is new OTL log:

OTL logfile created on: 1.5.2012 19:32:34 - Run 3
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Niko\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 0000040b | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

8,00 Gb Total Physical Memory | 5,49 Gb Available Physical Memory | 68,68% Memory free
16,20 Gb Paging File | 13,66 Gb Available in Paging File | 84,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 33,63 Gb Free Space | 33,63% Space Free | Partition Type: NTFS
Drive D: | 831,51 Gb Total Space | 664,39 Gb Free Space | 79,90% Space Free | Partition Type: NTFS
Drive E: | 542,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: NIKO-PC | User Name: Niko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.05.01 19:31:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Niko\Desktop\OTL.exe
PRC - [2012.04.08 11:27:14 | 005,158,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012.04.05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012.03.13 06:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Niko\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.03.07 03:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.03.07 03:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012.01.03 16:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.07.06 17:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009.07.30 18:10:04 | 000,380,928 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
PRC - [2009.07.27 11:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe
PRC - [2009.02.18 15:31:56 | 000,294,912 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009.02.17 17:29:26 | 001,753,600 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\TurboKey.exe
PRC - [2009.02.05 10:51:46 | 005,384,192 | ---- | M] () -- C:\Program Files\ASUS\TurboV\TurboV.exe
PRC - [2008.08.15 11:23:20 | 000,086,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
PRC - [2002.01.11 21:44:44 | 001,310,720 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe

========== Modules (No Company Name) ==========

MOD - [2012.04.14 14:04:20 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2011.05.31 09:38:10 | 000,058,368 | ---- | M] () -- C:\Windows\SysWOW64\bdmpega.acm
MOD - [2010.06.28 15:21:42 | 009,905,152 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2010.06.28 15:21:42 | 007,793,152 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2010.06.28 15:21:42 | 002,530,304 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtXmlPatterns4.dll
MOD - [2010.06.28 15:21:42 | 002,094,592 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2010.06.28 15:21:42 | 001,116,160 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2010.06.28 15:21:42 | 000,915,456 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2010.06.28 15:21:42 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2010.06.28 15:21:42 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2010.06.28 15:21:42 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
MOD - [2009.04.29 20:46:20 | 001,077,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\GamerOSD\ImageTransform.dll
MOD - [2009.02.17 18:22:16 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\ASUS\GamerOSD\AudioOnVistaDLL.dll
MOD - [2009.02.17 17:29:26 | 001,753,600 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\TurboKey.exe
MOD - [2009.02.05 10:51:46 | 005,384,192 | ---- | M] () -- C:\Program Files\ASUS\TurboV\TurboV.exe
MOD - [2009.02.03 10:55:38 | 000,253,952 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\pngio.dll
MOD - [2009.02.03 10:55:38 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\AiNap.dll
MOD - [2009.02.03 10:55:38 | 000,008,704 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\vvc.dll
MOD - [2009.01.19 17:39:02 | 001,298,944 | ---- | M] () -- C:\Program Files\ASUS\TurboV\OcProfile.dll
MOD - [2008.12.15 20:01:54 | 000,131,072 | ---- | M] () -- C:\Program Files\ASUS\TurboV\TvOcLib.dll
MOD - [2008.12.10 20:27:56 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\TurboV\pngio.dll
MOD - [2007.03.13 16:46:50 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\VOV32.dll
MOD - [2007.02.28 18:34:04 | 000,643,142 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\aticlocklib.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012.03.07 03:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009.12.01 14:22:58 | 000,063,488 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\Windows\SysNative\ATKFUSService.exe -- (ATKFUSService)
SRV:64bit: - [2008.01.21 05:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.04.25 15:49:39 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.18 12:41:01 | 000,670,816 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\xsherlock.xem -- (xsherlock)
SRV - [2012.04.14 14:04:20 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.08 11:27:14 | 005,158,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.03.28 02:10:52 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012.03.25 21:21:30 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012.01.03 16:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.06 10:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) @C:\Program Files (x86)
SRV - [2009.07.30 03:53:00 | 003,300,020 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009.07.27 11:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR)
SRV - [2009.03.30 07:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.18 15:31:56 | 000,294,912 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2008.08.15 11:23:20 | 000,086,016 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe -- (AsSysCtrlService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.03.19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.03.07 03:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.03.07 03:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.03.07 03:02:05 | 000,043,864 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2012.03.07 03:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.03.07 03:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.03.07 03:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.02.29 16:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.01.31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.12.23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.12.23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.12.23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.09.27 21:16:09 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\EIO64.sys -- (EIO64)
DRV:64bit: - [2011.05.10 12:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.02.22 15:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap)
DRV:64bit: - [2009.10.01 03:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.09.10 04:24:12 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.03.26 19:28:08 | 001,149,440 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.09 12:36:56 | 000,099,680 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2009.02.17 18:22:22 | 000,039,424 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV:64bit: - [2009.02.17 18:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2008.09.23 19:15:00 | 000,056,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E)
DRV:64bit: - [2008.01.21 05:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2008.01.21 05:47:27 | 000,903,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)
DRV:64bit: - [2006.10.31 18:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2005.01.04 21:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2104060637-964304425-4125403413-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2104060637-964304425-4125403413-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2104060637-964304425-4125403413-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-2104060637-964304425-4125403413-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2104060637-964304425-4125403413-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: [email protected]:1.10
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPBrowserExt: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.03.17 18:38:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.04.27 08:43:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.04.27 08:43:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 15:49:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.11 18:16:11 | 000,000,000 | ---D | M]

[2009.10.14 16:22:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niko\AppData\Roaming\mozilla\Extensions
[2012.04.26 11:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niko\AppData\Roaming\mozilla\Firefox\Profiles\v6ayxpah.default\extensions
[2009.10.14 16:27:01 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Niko\AppData\Roaming\mozilla\Firefox\Profiles\v6ayxpah.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.03.21 13:47:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.04.25 15:49:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.22 13:03:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.02.02 02:31:02 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2012.03.18 13:55:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.18 13:55:54 | 000,002,062 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bookplus-fi.xml
[2012.03.18 13:55:54 | 000,000,972 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-fi.xml
[2012.03.18 13:55:54 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fi.xml
[2012.03.18 13:55:54 | 000,001,100 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-fi.xml

O1 HOSTS File: ([2006.09.19 00:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Turbo Key] C:\Program Files\ASUS\Turbo Key\TurboKey.exe ()
O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2104060637-964304425-4125403413-1000..\Run: [Akamai NetSession Interface] C:\Users\Niko\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-2104060637-964304425-4125403413-1000..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-2104060637-964304425-4125403413-1000..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-21-2104060637-964304425-4125403413-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2104060637-964304425-4125403413-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory....ap/PhtPkMSN.cab (PhotoPickConvert Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 77.105.65.60 77.105.65.70
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{979E6019-CA00-4DC1-97A8-FD302012E15D}: DhcpNameServer = 77.105.65.60 77.105.65.70
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.04.18 10:23:00 | 000,000,041 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{42a0b706-b3da-11de-9dd3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{42a0b706-b3da-11de-9dd3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2001.04.30 12:33:00 | 000,032,768 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.05.01 19:31:16 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Niko\Desktop\OTL.exe
[2012.04.27 08:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.04.25 16:44:57 | 000,000,000 | ---D | C] -- C:\Users\Niko\AppData\Roaming\AVG2012
[2012.04.25 16:43:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.04.25 16:43:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012.04.25 16:41:30 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012.04.25 16:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012.04.25 16:41:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012.04.25 16:39:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012.04.25 16:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.04.25 15:59:10 | 000,000,000 | ---D | C] -- C:\Users\Niko\AppData\Roaming\Malwarebytes
[2012.04.25 15:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.25 15:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.25 15:59:00 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.25 15:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.25 15:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.25 15:49:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.04.25 14:55:36 | 000,000,000 | ---D | C] -- C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phpnuke Downloader
[2012.04.25 14:55:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phpnuke Downloader
[2012.04.20 23:22:05 | 000,000,000 | ---D | C] -- C:\Users\Niko\Documents\Diablo III
[2012.04.20 23:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.04.20 20:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Beta
[2012.04.20 20:19:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012.04.20 20:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.04.19 04:50:26 | 000,028,480 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.05.01 19:31:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Niko\Desktop\OTL.exe
[2012.05.01 19:00:26 | 096,800,245 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.05.01 18:30:05 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.01 18:30:05 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.01 00:54:44 | 000,001,279 | ---- | M] () -- C:\Users\Niko\Documents\aionmemo_78 aa611.dat
[2012.04.30 02:38:13 | 000,124,416 | ---- | M] () -- C:\Users\Niko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.29 18:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.27 21:43:14 | 000,027,309 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.04.27 08:43:32 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.04.27 01:38:56 | 000,001,424 | ---- | M] () -- C:\Users\Niko\Documents\scan27.4.12.csv
[2012.04.26 12:39:16 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012.04.26 12:36:21 | 001,226,918 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.26 12:36:21 | 000,598,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.26 12:36:21 | 000,446,492 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2012.04.26 12:36:21 | 000,105,086 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.26 12:36:21 | 000,085,286 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2012.04.26 12:29:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.25 16:43:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012.04.25 16:43:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012.04.25 15:59:02 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.25 13:04:34 | 000,000,655 | ---- | M] () -- C:\Users\Niko\Desktop\12Sky2.lnk
[2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012.04.18 12:41:01 | 000,670,816 | ---- | M] (Wellbia.com Co., Ltd.) -- C:\Windows\SysWow64\xsherlock.xem
[2012.04.13 00:03:29 | 000,000,174 | ---- | M] () -- C:\Users\Public\Desktop\Dekaron.url
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.05.01 19:00:26 | 096,800,245 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.04.27 21:43:14 | 000,027,309 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.04.27 01:38:56 | 000,001,424 | ---- | C] () -- C:\Users\Niko\Documents\scan27.4.12.csv
[2012.04.25 16:43:19 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.04.25 16:43:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012.04.25 16:43:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012.04.25 15:59:02 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.25 13:04:34 | 000,000,655 | ---- | C] () -- C:\Users\Niko\Desktop\12Sky2.lnk
[2012.04.13 00:03:29 | 000,000,174 | ---- | C] () -- C:\Users\Public\Desktop\Dekaron.url
[2012.04.07 15:58:51 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011.09.28 19:48:27 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.09.27 21:15:31 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asrussian.dll
[2011.09.27 21:15:31 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\askorean.dll
[2011.09.27 21:15:31 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asjapan.dll
[2011.09.27 21:15:31 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asgerman.dll
[2011.09.27 21:15:31 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asfrench.dll
[2011.09.27 21:15:31 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aseng.dll
[2011.09.27 21:15:31 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ASCHT.dll
[2011.09.27 21:15:31 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aschs.dll
[2011.09.27 21:15:30 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.09.27 21:15:29 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.08.03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.06.11 17:01:39 | 000,039,548 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011.06.11 16:24:27 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.05.31 09:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.05.31 09:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.03.05 02:22:08 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011.03.05 02:22:08 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011.03.05 02:22:08 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010.07.09 18:27:00 | 000,001,720 | ---- | C] () -- C:\Windows\SysWow64\BATTLEP.ini
[2010.07.09 18:23:42 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\BattleP.dll

========== LOP Check ==========

[2012.04.25 16:44:57 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\AVG2012
[2012.02.24 11:16:41 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\BitTorrent
[2010.10.21 20:27:33 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\C0A533651FDA1B2C96EF8DA7CAE2EC9F
[2011.05.23 21:17:55 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009.12.02 17:02:20 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\F-Secure
[2011.09.25 16:48:06 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\FOG Downloader
[2012.02.07 12:13:57 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\gamigo
[2012.02.07 11:20:35 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\GetRightToGo
[2012.03.08 20:45:04 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\gtk-2.0
[2011.06.15 17:28:49 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\Guitar Pro 6
[2012.02.07 12:05:15 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\launcher
[2012.02.07 12:05:15 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\Martial Empires Launcher
[2011.11.06 04:28:08 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\TS3Client
[2011.06.15 19:36:12 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\Windows Live Writer
[2012.04.26 12:27:21 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2010.06.16 22:58:46 | 000,406,625 | ---- | M] ()(C:\Users\Niko\Documents\?????a0139.jpg) -- C:\Users\Niko\Documents\Εικόνα0139.jpg
[2010.06.16 22:58:30 | 000,406,625 | ---- | C] ()(C:\Users\Niko\Documents\?????a0139.jpg) -- C:\Users\Niko\Documents\Εικόνα0139.jpg

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Niko\Documents\VIDEO0165.mp4:TOC.WMV

< End of report >

it did not create new extras.txt i only have extras for the first scan for when i made this topic and its like this if it helps:

OTL Extras logfile created on: 26.4.2012 23:48:11 - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = D:\lataus sälä
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 0000040b | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

8,00 Gb Total Physical Memory | 4,98 Gb Available Physical Memory | 62,29% Memory free
16,20 Gb Paging File | 12,84 Gb Available in Paging File | 79,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 32,07 Gb Free Space | 32,07% Space Free | Partition Type: NTFS
Drive D: | 831,51 Gb Total Space | 666,54 Gb Free Space | 80,16% Space Free | Partition Type: NTFS
Drive E: | 542,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: NIKO-PC | User Name: Niko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 44 DE BF EB 07 DB CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{43E378DD-CCA4-4686-8527-66CA474E4C76}" = lport=49164 | protocol=6 | dir=in | name=akamai netsession interface |
"{833162E6-A493-4C02-BADB-94648F8F527E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{93C93835-FD65-481F-BE80-6E25EBC873C7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A047C7DE-4CB8-4BCD-BEF3-E7950E8A30C6}" = lport=443 | protocol=6 | dir=in | app=system |
"{A74800E7-0ADD-4C4D-8651-CFF8F20162A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A96BAE60-8C96-47B3-88EA-9F03170CFEE7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BA26A120-4DE7-4B07-9028-30010A8F0742}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{BCCA1868-8070-42A6-915B-7AFB5BE7B5FD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D3863FC0-1D7A-4E4B-8845-A33CF38134D9}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
"{E6C46F08-65C2-46EB-9613-DCFCB0998BCE}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07CCDEA8-3A8B-42E9-A1EE-3265F666B401}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{09CC5A72-5A5A-4EBA-863D-39BA64A3B7FF}" = protocol=6 | dir=in | app=c:\program files (x86)\gamehi_usa\globaldk\minilauncher.exe |
"{16B8580B-699D-4BAE-AFA6-6FF88A46412E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{1935E3DD-9249-432C-A8EA-55ECCAA15C85}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{1ED4FA20-E7C8-4C64-B9CC-4FBC0F1C9BE6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{212065E6-ACFF-47D8-A0CC-53C7FE04FA7C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{24E0E2C3-0D41-491C-AABD-56685EFE609C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{27070958-32A8-4F17-B52D-8C258AB53ABE}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{27660F07-6982-47D4-B087-A083AC5E37EA}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{2DF05A0C-158E-466F-812B-B9D3F6905863}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{31F78FF6-FCE7-404D-8718-F54FCD403419}" = protocol=17 | dir=in | app=c:\users\niko\appdata\local\akamai\netsession_win.exe |
"{3E72C277-B9A0-4772-B6AD-F7C8778649F2}" = protocol=17 | dir=in | app=d:\nexon\vindictus eu\en-eu\nmservice.exe |
"{3F5345AE-9AC0-472E-8A66-28A2402E8380}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{4B6BA8BE-D131-4213-B508-2A4CE28FD639}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{4D99937D-1C51-4BBC-AEFE-783621FB615A}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{4FDC8C41-3A3E-4B31-8CB3-3B5E258FB6AE}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{55210E76-39C9-498A-834E-1F6A3D86AD8C}" = protocol=6 | dir=in | app=d:\cherrydegames\dragon nest\dragonnest.exe |
"{61F750E4-EE1E-4100-8C42-6A606B20F476}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{78ABB20D-5206-4AA2-BF59-C7CC7972BC81}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{795F8761-C551-463E-8BC4-F2CB67CFED8C}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{7CAE70A9-52CF-40A1-BF33-5172D4CB3F9C}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{84F6668C-F059-4522-AF69-CD03E664F2CD}" = protocol=17 | dir=in | app=d:\cherrydegames\dragon nest\dragonnest.exe |
"{8AAFD01C-1828-4CF6-857F-2D7EE9A2AA0C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8B3FB837-7ED2-4910-9EEA-A8C28A69877D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{927E51F5-8902-4E61-B525-D8566153BA50}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{98A77175-1EBD-4908-8D5C-D2BC55EDA7BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A0D8AAB9-C7F6-4C2A-B406-0BFE082626A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A282BE43-9028-45D6-9BF2-C73061DF1F0C}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{A29A75FA-7BCD-4289-AFB3-7737DA35EB49}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{B199E8FF-7657-47AD-A91D-60F1A0539881}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{BC6D0D2D-AB20-4C9D-B9EB-46D5533ACC1C}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{BC976153-DE69-4055-BBEA-7C0967EACB20}" = protocol=17 | dir=in | app=c:\program files (x86)\gamehi_usa\globaldk\minilauncher.exe |
"{BFDB3FED-337C-4B2D-907F-F075D0A71934}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{C0C5FF11-1CDB-47A3-8759-EBD90D1A9165}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CC03F28E-27FE-4A46-9CFF-2DB119797FC4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{DBC84005-0ED1-4E87-BDCA-58CCBF70C528}" = protocol=6 | dir=in | app=d:\nexon\vindictus eu\en-eu\nmservice.exe |
"{DF9BA9E1-0455-4DF5-B02C-67849B9E3867}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{E79C51FA-A08C-40EA-92E7-0A5155EF7313}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{E8471E65-3A53-43AB-BC9E-1D15F73396C8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{EE650F73-0BCB-40D6-8E05-4C429D84AD39}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{F0D15136-AFD3-4E40-99DC-1DF33A8BD03A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F9E601D3-6C21-407E-AC22-646BB098FA2A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FB53EDF2-7D4C-4829-88E5-3108E0E2BDE2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{FEF0C074-90DC-4EB0-8404-50EB2A61CA5C}" = protocol=6 | dir=in | app=c:\users\niko\appdata\local\akamai\netsession_win.exe |
"{FFB7B970-54DA-4FFF-B1D9-6B7B10E79966}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{013EAE33-CC85-46DA-8EDC-F39E9E225494}C:\program files (x86)\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo ii\game.exe |
"TCP Query User{0860E7CE-84A0-4C77-A0EC-F0BC10DE803B}C:\program files (x86)\diablo iiii\game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iiii\game.exe |
"TCP Query User{1E2ED868-F68B-406B-8C5F-748AC264475B}D:\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=d:\the witcher 2\bin\witcher2.exe |
"TCP Query User{29537299-1F76-45FF-9C15-AE5B54031ADB}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{34823CFC-6916-46BC-A851-3D0194124C27}C:\users\niko\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\niko\appdata\local\akamai\netsession_win.exe |
"TCP Query User{3DFB05D0-78B7-4FDF-8904-11542FA9AA0A}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{6254766F-95DA-4001-9499-098162B6C144}C:\users\niko\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\niko\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{6C268F64-9C07-46D1-B0A7-CA115414574F}D:\nexon\vindictus eu\en-eu\vindictus.exe" = protocol=6 | dir=in | app=d:\nexon\vindictus eu\en-eu\vindictus.exe |
"TCP Query User{809E71FF-58BB-47A1-82E9-0CD45598FC56}D:\lataus sälä\runes_of_magic_4_0_1_2430_eu_full.exe" = protocol=6 | dir=in | app=d:\lataus sälä\runes_of_magic_4_0_1_2430_eu_full.exe |
"TCP Query User{90A402C6-D07C-4CDC-8049-F69BA16B39C6}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{967A6EF3-D6DE-4327-8BF6-94C113BDF912}D:\runes of magic\client.exe" = protocol=6 | dir=in | app=d:\runes of magic\client.exe |
"TCP Query User{C02CB5FC-8703-4990-A6B8-848811F9C3F2}C:\users\niko\desktop\teamspeak3-server_win64\ts3server_win64.exe" = protocol=6 | dir=in | app=c:\users\niko\desktop\teamspeak3-server_win64\ts3server_win64.exe |
"TCP Query User{CF49A353-AA73-4BB5-B247-784D75ED4CF2}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{DAEA0588-6A3C-4913-9404-EB79382C182A}C:\users\niko\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe" = protocol=6 | dir=in | app=c:\users\niko\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe |
"UDP Query User{109261C5-6291-4B3B-81FC-F09F5BDC2395}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{311F1FD4-DC52-4CA5-85C6-EA54769C8C9B}D:\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=d:\the witcher 2\bin\witcher2.exe |
"UDP Query User{326D3F3F-B2C0-4DA6-BCA5-1CEF413E2A8D}C:\users\niko\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\niko\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{4FDA9900-43CD-415C-AC37-B2FAD1D1D092}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{522312FF-42F9-41E8-B791-655B00DA279F}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{53240F05-1A03-4935-9460-63EADF8DA5F2}C:\users\niko\desktop\teamspeak3-server_win64\ts3server_win64.exe" = protocol=17 | dir=in | app=c:\users\niko\desktop\teamspeak3-server_win64\ts3server_win64.exe |
"UDP Query User{5D8C7188-C87C-442F-B49F-90E554F2925B}C:\users\niko\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe" = protocol=17 | dir=in | app=c:\users\niko\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe |
"UDP Query User{5F917539-B86F-4797-9E36-3991A5C3DAAE}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{94DDB302-D0BF-42E4-81EA-106B29FF467A}C:\program files (x86)\diablo iiii\game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iiii\game.exe |
"UDP Query User{A64B9135-FACD-4C22-A205-B402FCD07AC5}D:\runes of magic\client.exe" = protocol=17 | dir=in | app=d:\runes of magic\client.exe |
"UDP Query User{CB07E378-2A76-4043-957C-2DA008957A8F}D:\lataus sälä\runes_of_magic_4_0_1_2430_eu_full.exe" = protocol=17 | dir=in | app=d:\lataus sälä\runes_of_magic_4_0_1_2430_eu_full.exe |
"UDP Query User{D7F8A77B-A38A-4306-AEF3-C14A53D1F32C}D:\nexon\vindictus eu\en-eu\vindictus.exe" = protocol=17 | dir=in | app=d:\nexon\vindictus eu\en-eu\vindictus.exe |
"UDP Query User{D8B80D57-BEEA-49F7-B9EB-FB99B82F20F4}C:\users\niko\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\niko\appdata\local\akamai\netsession_win.exe |
"UDP Query User{E8A0BD16-025D-4FA4-9DE0-9213F75C8369}C:\program files (x86)\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo ii\game.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{3D4BCAF1-DDA5-3E92-9143-1133D125B071}" = Microsoft .NET Framework 4 Client Profile FIN Language Pack
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9666782C-CEBB-4D2A-8651-5A02AECA8034}" = AVG 2012
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision -ohjain 280.26
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA-ohjauspaneeli 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiikkaohjain 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-järjestelmäohjelmisto 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-ääniohjain 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E369A040-E812-37B3-A5B9-311E5579FAC3}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fin
"{E51A1789-9C20-43FC-AF13-C7AC29FAF111}" = AVG 2012
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"Microsoft .NET Framework 3.5 Language Pack SP1 - fin" = Microsoft .NET Framework 3.5 SP1:n kielitukipaketti - FI
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FIN Language Pack" = Microsoft .NET Framework 4 Client Profilen suomen kielipaketti
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04634A14-619B-4F53-88B3-2A48FB3A99C6}" = TwelveSky2
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1A1FA4C1-2701-401C-8CE1-FDDE45304FF5}" = ASUS nVidia Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{287EAC0F-6C96-4712-97A6-958510872CBB}" = Utility
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3566D7DB-EA10-49DE-A95B-F4AB41FC0A93}" = Dragon Nest SEA
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3CA2B4FD-AEF2-ED4F-F5E5-0095DDA47AC7}" = Adobe Download Assistant
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41B65DE2-DA0E-4D55-A557-ECC39DC9BD0E}_is1" = DragonSoul
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper versio 3.2.0
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}" = ASUS Gamer OSD
"{7FA856CB-5544-449D-84C5-07A18CD51467}" = Loong
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95723791-2C44-454B-9220-C65D47D70E9C}" = WEBZEN Browser Extension
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1035-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Suomi
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B354FB16-3027-47AF-AF3F-7AD1209B886E}" = globaldk
"{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}" = Turbo Key
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E5407E8B-DABF-4EBE-807E-809DA7D50CBC}" = 2Moons
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F7FC09BA-5A3E-49C0-AD4C-07D8FD5CE3EA}" = Martial Empires
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Akamai" = Akamai NetSession Interface Service
"avast" = avast! Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BitTorrent" = BitTorrent
"C9(Continent of the ninth)_is1" = C9
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Debut" = Debut Video Capture Software
"Diablo II" = Diablo II
"Diablo III Beta" = Diablo III Beta
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"GlobalDK" = Dekaron
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Ohjelmistoalustan laitehallinta
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versio 1.61.0.1400
"Mozilla Firefox 12.0 (x86 fi)" = Mozilla Firefox 12.0 (x86 fi)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Phpnuke Downloader PSX Emulator" = Phpnuke Downloader PSX Emulator
"PlugY, The Survival Kit" = PlugY, The Survival Kit
"Prism" = Prism Video File Converter
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = Hero Editor V0.96
"Veoh Web Player Beta" = Veoh Web Player
"VideoPad" = VideoPad Video Editor
"Vindictus EU" = Vindictus EU
"WinLiveSuite" = Windows Liven asennustyökalu
"WinRAR archiver" = WinRAR archiver
"VLC media player" = VLC media player 1.0.3
"xvid" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19.4.2012 21:01:01 | Computer Name = Niko-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 19.4.2012 21:01:01 | Computer Name = Niko-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 19.4.2012 21:01:04 | Computer Name = Niko-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 19.4.2012 21:01:04 | Computer Name = Niko-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 19.4.2012 21:01:11 | Computer Name = Niko-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 19.4.2012 21:01:11 | Computer Name = Niko-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23.4.2012 6:15:54 | Computer Name = Niko-PC | Source = Application Hang | ID = 1002
Description = Ohjelma dekaron.exe, versio 1.0.0.1, lakkasi olemasta yhteydessä Windowsiin,
joten se suljettiin. Voit katsoa mahdollisia lisätietoja ongelman historiatiedoista
Ongelmien raportit ja ratkaisut -ohjauspaneelissa Prosessitunnus: 1150 Käynnistysaika:
01cd2139b7b0c440 Lopetusaika: 7

Error - 25.4.2012 8:49:26 | Computer Name = Niko-PC | Source = Application Hang | ID = 1002
Description = Ohjelma firefox.exe, versio 11.0.0.4454, lakkasi olemasta yhteydessä
Windowsiin, joten se suljettiin. Voit katsoa mahdollisia lisätietoja ongelman historiatiedoista
Ongelmien raportit ja ratkaisut -ohjauspaneelissa Prosessitunnus: 1094 Käynnistysaika:
01cd1adbbd93a34e Lopetusaika: 218

Error - 26.4.2012 5:30:01 | Computer Name = Niko-PC | Source = WinMgmt | ID = 10
Description =

Error - 26.4.2012 16:47:10 | Computer Name = Niko-PC | Source = Application Error | ID = 1000
Description = Viallinen sovellus OTL.exe, versio 3.2.42.1, aikaleima 0x2a425e19,
virhemoduuli kernel32.dll, versio 6.0.6002.18449, aikaleima 0x4da47a32, poikkeuskoodi
0x0eedfade, virhepoikkeama 0x0001c83b, prosessin tunnus 0x1664, sovelluksen käynnistysaika
0x01cd23edbf13b83b.

[ System Events ]
Error - 26.4.2012 15:03:49 | Computer Name = Niko-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26.4.2012 15:03:49 | Computer Name = Niko-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26.4.2012 15:03:49 | Computer Name = Niko-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26.4.2012 15:03:49 | Computer Name = Niko-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26.4.2012 15:03:49 | Computer Name = Niko-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26.4.2012 15:03:48 | Computer Name = Niko-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\vtany.sys ei voi latautua, koska se ei ole yhteensopiva
tämän järjestelmän kanssa. Pyydä yhteensopiva ohjainversio ohjelmistotoimittajalta.

Error - 26.4.2012 15:03:49 | Computer Name = Niko-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\vtany.sys ei voi latautua, koska se ei ole yhteensopiva
tämän järjestelmän kanssa. Pyydä yhteensopiva ohjainversio ohjelmistotoimittajalta.

Error - 26.4.2012 15:03:49 | Computer Name = Niko-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\vtany.sys ei voi latautua, koska se ei ole yhteensopiva
tämän järjestelmän kanssa. Pyydä yhteensopiva ohjainversio ohjelmistotoimittajalta.

Error - 26.4.2012 15:03:49 | Computer Name = Niko-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\vtany.sys ei voi latautua, koska se ei ole yhteensopiva
tämän järjestelmän kanssa. Pyydä yhteensopiva ohjainversio ohjelmistotoimittajalta.

Error - 26.4.2012 15:03:49 | Computer Name = Niko-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\vtany.sys ei voi latautua, koska se ei ole yhteensopiva
tämän järjestelmän kanssa. Pyydä yhteensopiva ohjainversio ohjelmistotoimittajalta.

< End of report >

#4
Gammo

Posted 02 May 2012 - 07:49 AM

Member 2k

Malware Removal
2,299 posts

You're using multiple anti-virus programs (AVG and Avast). Uninstall one of them. I recommend you to keep Avast.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2010.10.21 20:27:33 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\C0A533651FDA1B2C96EF8DA7CAE2EC9F
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#5
retikka

Posted 02 May 2012 - 09:10 AM

New Member

Topic Starter
Member
4 posts

Allright did all that was said and now pc boots 3x faster and got 10gb free space in C:
here is comofix log:

ComboFix 12-05-02.02 - Niko 02.05.2012 17:46:40.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.358.1035.18.8190.6176 [GMT 3:00]
Sijainti: c:\users\Niko\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Niko\AppData\Local\assembly\tmp
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-04-02 to 2012-05-02 )))))))))))))))))
.
.
2012-05-02 14:28 . 2012-05-02 14:28 -------- d-----w- C:\_OTL
2012-04-26 09:21 . 2012-03-06 06:44 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-26 09:20 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2012-04-26 09:20 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-04-26 09:20 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-26 09:20 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-26 09:20 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-26 09:20 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-26 09:20 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-25 13:43 . 2012-04-25 13:43 -------- d--h--w- c:\programdata\Common Files
2012-04-25 13:41 . 2012-05-02 14:24 -------- d-----w- c:\programdata\AVG2012
2012-04-25 13:39 . 2012-04-25 13:39 -------- d-----w- c:\program files (x86)\AVG
2012-04-25 13:19 . 2012-05-02 14:22 -------- d-----w- c:\programdata\MFAData
2012-04-25 12:59 . 2012-04-25 12:59 -------- d-----w- c:\users\Niko\AppData\Roaming\Malwarebytes
2012-04-25 12:59 . 2012-04-25 12:59 -------- d-----w- c:\programdata\Malwarebytes
2012-04-25 12:59 . 2012-04-25 12:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-25 12:59 . 2012-04-04 12:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-25 12:49 . 2012-04-25 12:49 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-25 12:49 . 2012-04-25 12:49 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 12:49 . 2012-04-25 12:49 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-25 11:55 . 2012-04-25 11:55 -------- d-----w- c:\program files (x86)\Phpnuke Downloader
2012-04-24 08:03 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB93C54E-CA7D-4FE4-B788-A7326A44D98A}\mpengine.dll
2012-04-20 20:22 . 2012-04-20 20:22 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-04-20 17:19 . 2012-04-20 17:20 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-04-20 17:14 . 2012-04-20 17:15 -------- d-----w- c:\programdata\Battle.net
2012-04-07 13:04 . 2012-04-14 11:04 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-07 12:58 . 2012-04-14 11:04 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 09:41 . 2012-02-24 08:41 670816 ----a-w- c:\windows\SysWow64\xsherlock.xem
2012-04-14 11:04 . 2011-10-10 12:54 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-07 00:15 . 2010-10-16 00:28 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2010-10-16 00:28 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-07 00:15 . 2011-01-22 01:07 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:04 . 2011-06-11 11:54 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:04 . 2010-10-16 00:30 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2010-10-16 00:30 43864 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2010-10-16 00:30 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2010-10-16 00:30 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2010-10-16 00:30 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 07:18 . 2009-10-14 23:28 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 10:03 . 2011-10-16 11:10 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-14 16:49 . 2012-03-13 23:32 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 16:49 . 2012-03-13 23:32 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-14 15:45 . 2012-03-13 23:32 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-13 23:32 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-13 14:38 . 2012-03-13 23:32 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 14:12 . 2012-03-13 23:32 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-13 14:06 . 2012-03-13 23:32 834048 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 14:03 . 2012-03-13 23:32 1555968 ----a-w- c:\windows\system32\DWrite.dll
2012-02-13 13:47 . 2012-03-13 23:32 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-13 13:44 . 2012-03-13 23:32 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-02 15:34 . 2012-03-13 23:32 2765824 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Akamai NetSession Interface"="c:\users\Niko\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-03-30 17812480]
"TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2009-02-05 5384192]
"Turbo Key"="c:\program files\ASUS\Turbo Key\TurboKey.exe" [2009-02-17 1753600]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-03-09 36864]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"ASUSGamerOSD"="c:\program files (x86)\ASUS\GamerOSD\GamerOSD.exe" [2009-07-30 380928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2008-01-21 27648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
'Ajoitetut tehtävät'-kansion sisältö
.
2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Täydentävä tarkistus -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 77.105.65.60 77.105.65.70
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\v6ayxpah.default\
.
- - - - POISTETUT JÄMÄRIVIT - - - -
.
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va005]
"ImagePath"="\??\c:\users\Niko\AppData\Local\Temp\0059869.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Muut prosessit ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\ASUS\Six Engine\SixEngine.exe
c:\windows\SysWOW64\ASDR.exe
c:\program files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
c:\asus.sys\config\DVMExportService.exe
c:\program files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
.
**************************************************************************
.
Valmistumisajankohta: 2012-05-02 17:57:57 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2012-05-02 14:57
.
Ennen ajoa: 43 470 729 216 tavua vapaana
Ajon jälkeen: 43 349 446 656 tavua vapaana
.
- - End Of File - - 34B92A425F1EACEB43FF8ACB06EFBFA1

#6
Gammo

Posted 02 May 2012 - 10:01 AM

Member 2k

Malware Removal
2,299 posts

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

#7
retikka

Posted 02 May 2012 - 11:58 AM

New Member

Topic Starter
Member
4 posts

Malwarebyte log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Tietokantaversio: v2012.05.02.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 7.0.6002.18005
Niko :: NIKO-PC [järjestelmänvalvoja]

2.5.2012 20:43:11
mbam-log-2012-05-02 (20-43-11).txt

Tarkistustyyppi: Pikatarkistus
Tarkistussuodattimia valittu: Muisti | Käynnistys | Rekisteri | Tietojärjestelmä | Heuristinen/Ylimäärinen | Heuristinen/Shuriken | Mahdollisesti haitallinen ohjelma | Mahdollisesti haitallinen muutos
Käytöstä poistetut tarkistusvalinnat: Vertaisverkko (Peer-to-Peer)
Tarkistettuja kohteita: 203291
Kulunut aika: 1 minuutti(a), 51 sekunti(a)

Epäilyttäviä muistiprosesseja: 0
(Ei haitallisia kohteita)

Epäilyttäviä muistimoduuleja: 0
(Ei haitallisia kohteita)

Epäilyttäviä rekisteriavaimia: 0
(Ei haitallisia kohteita)

Epäilyttäviä rekisteriarvoja: 0
(Ei haitallisia kohteita)

Epäilyttäviä rekisterikohteita: 0
(Ei haitallisia kohteita)

Epäilyttäviä kansioita: 0
(Ei haitallisia kohteita)

Epäilyttäviä tiedostoja: 0
(Ei haitallisia kohteita)

(loppu)

TDSSkiller only skip option threats. here is the log:

20:48:37.0502 2284 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
20:48:37.0992 2284 ============================================================
20:48:37.0992 2284 Current date / time: 2012/05/02 20:48:37.0992
20:48:37.0992 2284 SystemInfo:
20:48:37.0992 2284
20:48:37.0992 2284 OS Version: 6.0.6002 ServicePack: 2.0
20:48:37.0992 2284 Product type: Workstation
20:48:37.0992 2284 ComputerName: NIKO-PC
20:48:37.0992 2284 UserName: Niko
20:48:37.0992 2284 Windows directory: C:\Windows
20:48:37.0992 2284 System windows directory: C:\Windows
20:48:37.0992 2284 Running under WOW64
20:48:37.0992 2284 Processor architecture: Intel x64
20:48:37.0992 2284 Number of processors: 4
20:48:37.0992 2284 Page size: 0x1000
20:48:37.0992 2284 Boot type: Normal boot
20:48:37.0992 2284 ============================================================
20:48:38.0918 2284 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:48:38.0922 2284 ============================================================
20:48:38.0922 2284 \Device\Harddisk0\DR0:
20:48:38.0923 2284 MBR partitions:
20:48:38.0923 2284 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
20:48:38.0923 2284 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0x67F05800
20:48:38.0923 2284 ============================================================
20:48:38.0945 2284 C: <-> \Device\Harddisk0\DR0\Partition0
20:48:38.0973 2284 D: <-> \Device\Harddisk0\DR0\Partition1
20:48:38.0973 2284 ============================================================
20:48:38.0973 2284 Initialize success
20:48:38.0973 2284 ============================================================
20:48:53.0048 2940 ============================================================
20:48:53.0048 2940 Scan started
20:48:53.0048 2940 Mode: Manual; SigCheck; TDLFS;
20:48:53.0048 2940 ============================================================
20:48:53.0661 2940 1394hub - ok
20:48:53.0723 2940 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
20:48:53.0822 2940 ACPI - ok
20:48:53.0889 2940 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:48:53.0899 2940 AdobeARMservice - ok
20:48:54.0003 2940 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:48:54.0014 2940 AdobeFlashPlayerUpdateSvc - ok
20:48:54.0061 2940 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
20:48:54.0084 2940 adp94xx - ok
20:48:54.0106 2940 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
20:48:54.0125 2940 adpahci - ok
20:48:54.0143 2940 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
20:48:54.0157 2940 adpu160m - ok
20:48:54.0173 2940 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
20:48:54.0187 2940 adpu320 - ok
20:48:54.0221 2940 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
20:48:54.0258 2940 AeLookupSvc - ok
20:48:54.0316 2940 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
20:48:54.0364 2940 AFD - ok
20:48:54.0436 2940 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
20:48:54.0448 2940 agp440 - ok
20:48:54.0480 2940 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
20:48:54.0493 2940 aic78xx - ok
20:48:54.0725 2940 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
20:48:54.0726 2940 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
20:48:54.0731 2940 Akamai ( HiddenFile.Multi.Generic ) - warning
20:48:54.0731 2940 Akamai - detected HiddenFile.Multi.Generic (1)
20:48:54.0802 2940 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
20:48:54.0835 2940 ALG - ok
20:48:54.0872 2940 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
20:48:54.0882 2940 aliide - ok
20:48:54.0893 2940 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
20:48:54.0904 2940 amdide - ok
20:48:54.0929 2940 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
20:48:54.0968 2940 AmdK8 - ok
20:48:54.0991 2940 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
20:48:55.0004 2940 Appinfo - ok
20:48:55.0057 2940 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
20:48:55.0070 2940 arc - ok
20:48:55.0083 2940 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
20:48:55.0096 2940 arcsas - ok
20:48:55.0173 2940 ASDR (4b720cc508b4fb999a7bf0e6d84f73e1) C:\Windows\SysWOW64\ASDR.exe
20:48:55.0180 2940 ASDR ( UnsignedFile.Multi.Generic ) - warning
20:48:55.0180 2940 ASDR - detected UnsignedFile.Multi.Generic (1)
20:48:55.0241 2940 AsIO (8065a7659562005127673ac52898675f) C:\Windows\syswow64\drivers\AsIO.sys
20:48:55.0266 2940 AsIO - ok
20:48:55.0308 2940 AsSysCtrlService (edabc3fa8f941d2047da630e95e936c7) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
20:48:55.0318 2940 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - warning
20:48:55.0318 2940 AsSysCtrlService - detected UnsignedFile.Multi.Generic (1)
20:48:55.0337 2940 asusgsb (a4398a8914c32f18ec2ab562cba3caaf) C:\Windows\system32\drivers\asusgsb.sys
20:48:55.0359 2940 asusgsb - ok
20:48:55.0380 2940 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
20:48:55.0391 2940 aswFsBlk - ok
20:48:55.0427 2940 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
20:48:55.0437 2940 aswMonFlt - ok
20:48:55.0444 2940 aswRdr (ee1e8fea9d6dfe066aba3a8ea455a1f2) C:\Windows\system32\drivers\aswRdr.sys
20:48:55.0455 2940 aswRdr - ok
20:48:55.0496 2940 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
20:48:55.0517 2940 aswSnx - ok
20:48:55.0550 2940 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
20:48:55.0565 2940 aswSP - ok
20:48:55.0577 2940 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
20:48:55.0588 2940 aswTdi - ok
20:48:55.0640 2940 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
20:48:55.0668 2940 AsyncMac - ok
20:48:55.0684 2940 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
20:48:55.0697 2940 atapi - ok
20:48:55.0727 2940 atkdisplf (fb4187c282cb467e5e606913a1fa79a3) C:\Windows\system32\drivers\ATKDispLowFilter.sys
20:48:55.0739 2940 atkdisplf - ok
20:48:55.0753 2940 ATKFUSService (86d873fd396fa6708a99a1bdf104d120) C:\Windows\system32\ATKFUSService.exe
20:48:55.0773 2940 ATKFUSService ( UnsignedFile.Multi.Generic ) - warning
20:48:55.0773 2940 ATKFUSService - detected UnsignedFile.Multi.Generic (1)
20:48:55.0821 2940 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
20:48:55.0859 2940 AudioEndpointBuilder - ok
20:48:55.0863 2940 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
20:48:55.0887 2940 AudioSrv - ok
20:48:55.0953 2940 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
20:48:55.0963 2940 avast! Antivirus - ok
20:48:55.0979 2940 Beep - ok
20:48:56.0065 2940 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
20:48:56.0101 2940 BFE - ok
20:48:56.0186 2940 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
20:48:56.0228 2940 BITS - ok
20:48:56.0280 2940 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
20:48:56.0322 2940 blbdrive - ok
20:48:56.0363 2940 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
20:48:56.0384 2940 bowser - ok
20:48:56.0417 2940 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
20:48:56.0441 2940 BrFiltLo - ok
20:48:56.0450 2940 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
20:48:56.0487 2940 BrFiltUp - ok
20:48:56.0510 2940 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
20:48:56.0540 2940 Browser - ok
20:48:56.0558 2940 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
20:48:56.0608 2940 Brserid - ok
20:48:56.0621 2940 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
20:48:56.0675 2940 BrSerWdm - ok
20:48:56.0691 2940 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
20:48:56.0737 2940 BrUsbMdm - ok
20:48:56.0749 2940 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
20:48:56.0794 2940 BrUsbSer - ok
20:48:56.0813 2940 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
20:48:56.0871 2940 BTHMODEM - ok
20:48:56.0888 2940 catchme - ok
20:48:56.0901 2940 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
20:48:56.0929 2940 cdfs - ok
20:48:56.0962 2940 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
20:48:56.0984 2940 cdrom - ok
20:48:57.0036 2940 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
20:48:57.0067 2940 CertPropSvc - ok
20:48:57.0078 2940 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
20:48:57.0114 2940 circlass - ok
20:48:57.0151 2940 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
20:48:57.0169 2940 CLFS - ok
20:48:57.0226 2940 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:48:57.0236 2940 clr_optimization_v2.0.50727_32 - ok
20:48:57.0313 2940 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:48:57.0324 2940 clr_optimization_v2.0.50727_64 - ok
20:48:57.0378 2940 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:48:57.0389 2940 clr_optimization_v4.0.30319_32 - ok
20:48:57.0433 2940 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:48:57.0443 2940 clr_optimization_v4.0.30319_64 - ok
20:48:57.0453 2940 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
20:48:57.0463 2940 cmdide - ok
20:48:57.0473 2940 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
20:48:57.0483 2940 Compbatt - ok
20:48:57.0487 2940 COMSysApp - ok
20:48:57.0492 2940 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
20:48:57.0503 2940 crcdisk - ok
20:48:57.0522 2940 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
20:48:57.0544 2940 CryptSvc - ok
20:48:57.0598 2940 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
20:48:57.0629 2940 DcomLaunch - ok
20:48:57.0674 2940 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
20:48:57.0695 2940 DfsC - ok
20:48:57.0859 2940 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
20:48:58.0024 2940 DFSR - ok
20:48:58.0130 2940 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
20:48:58.0163 2940 Dhcp - ok
20:48:58.0211 2940 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
20:48:58.0224 2940 disk - ok
20:48:58.0250 2940 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
20:48:58.0269 2940 Dnscache - ok
20:48:58.0296 2940 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
20:48:58.0329 2940 dot3svc - ok
20:48:58.0352 2940 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
20:48:58.0388 2940 DPS - ok
20:48:58.0421 2940 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
20:48:58.0449 2940 drmkaud - ok
20:48:58.0465 2940 dump_wmimmc - ok
20:48:58.0543 2940 DvmMDES (355e50803a28af282a87faa2612b95ce) C:\ASUS.SYS\config\DVMExportService.exe
20:48:58.0549 2940 DvmMDES ( UnsignedFile.Multi.Generic ) - warning
20:48:58.0549 2940 DvmMDES - detected UnsignedFile.Multi.Generic (1)
20:48:58.0595 2940 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
20:48:58.0622 2940 DXGKrnl - ok
20:48:58.0653 2940 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
20:48:58.0683 2940 E1G60 - ok
20:48:58.0722 2940 EagleX64 - ok
20:48:58.0749 2940 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
20:48:58.0779 2940 EapHost - ok
20:48:58.0796 2940 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
20:48:58.0813 2940 Ecache - ok
20:48:58.0854 2940 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
20:48:58.0870 2940 ehRecvr - ok
20:48:58.0897 2940 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
20:48:58.0910 2940 ehSched - ok
20:48:58.0942 2940 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
20:48:58.0958 2940 ehstart - ok
20:48:58.0968 2940 EIO64 (343ada10d948db29251f2d9c809af204) C:\Windows\system32\DRIVERS\EIO64.sys
20:48:58.0985 2940 EIO64 - ok
20:48:59.0011 2940 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
20:48:59.0030 2940 elxstor - ok
20:48:59.0072 2940 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
20:48:59.0092 2940 EMDMgmt - ok
20:48:59.0121 2940 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
20:48:59.0147 2940 ErrDev - ok
20:48:59.0182 2940 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
20:48:59.0209 2940 EventSystem - ok
20:48:59.0227 2940 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
20:48:59.0252 2940 exfat - ok
20:48:59.0314 2940 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
20:48:59.0351 2940 fastfat - ok
20:48:59.0369 2940 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
20:48:59.0396 2940 fdc - ok
20:48:59.0408 2940 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
20:48:59.0437 2940 fdPHost - ok
20:48:59.0451 2940 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
20:48:59.0498 2940 FDResPub - ok
20:48:59.0513 2940 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
20:48:59.0525 2940 FileInfo - ok
20:48:59.0541 2940 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
20:48:59.0569 2940 Filetrace - ok
20:48:59.0580 2940 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:48:59.0607 2940 flpydisk - ok
20:48:59.0630 2940 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
20:48:59.0647 2940 FltMgr - ok
20:48:59.0726 2940 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
20:48:59.0761 2940 FontCache - ok
20:48:59.0851 2940 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:48:59.0861 2940 FontCache3.0.0.0 - ok
20:48:59.0910 2940 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
20:48:59.0928 2940 Fs_Rec - ok
20:48:59.0942 2940 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
20:48:59.0954 2940 gagp30kx - ok
20:49:00.0016 2940 getPlusHelper (1dd4bb8f2110a8aeb1466a2805ae57bb) C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll
20:49:00.0026 2940 getPlusHelper - ok
20:49:00.0066 2940 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
20:49:00.0095 2940 gpsvc - ok
20:49:00.0111 2940 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
20:49:00.0122 2940 hamachi - ok
20:49:00.0182 2940 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
20:49:00.0199 2940 HdAudAddService - ok
20:49:00.0282 2940 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:49:00.0326 2940 HDAudBus - ok
20:49:00.0350 2940 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
20:49:00.0401 2940 HidBth - ok
20:49:00.0425 2940 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
20:49:00.0471 2940 HidIr - ok
20:49:00.0483 2940 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
20:49:00.0505 2940 hidserv - ok
20:49:00.0516 2940 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
20:49:00.0542 2940 HidUsb - ok
20:49:00.0571 2940 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
20:49:00.0600 2940 hkmsvc - ok
20:49:00.0632 2940 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
20:49:00.0644 2940 HpCISSs - ok
20:49:00.0697 2940 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
20:49:00.0752 2940 HTTP - ok
20:49:00.0762 2940 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
20:49:00.0774 2940 i2omp - ok
20:49:00.0824 2940 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
20:49:00.0848 2940 i8042prt - ok
20:49:00.0877 2940 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
20:49:00.0892 2940 iaStorV - ok
20:49:00.0945 2940 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:49:00.0949 2940 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:49:00.0949 2940 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:49:01.0045 2940 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:49:01.0069 2940 idsvc - ok
20:49:01.0085 2940 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
20:49:01.0096 2940 iirsp - ok
20:49:01.0132 2940 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
20:49:01.0186 2940 IKEEXT - ok
20:49:01.0229 2940 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
20:49:01.0240 2940 intelide - ok
20:49:01.0278 2940 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
20:49:01.0307 2940 intelppm - ok
20:49:01.0380 2940 IOMap (a01c412699b6f21645b2885c2bae4454) C:\Windows\system32\drivers\IOMap64.sys
20:49:01.0390 2940 IOMap - ok
20:49:01.0410 2940 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
20:49:01.0463 2940 IPBusEnum - ok
20:49:01.0587 2940 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:49:01.0622 2940 IpFilterDriver - ok
20:49:01.0659 2940 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
20:49:01.0676 2940 iphlpsvc - ok
20:49:01.0679 2940 IpInIp - ok
20:49:01.0702 2940 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
20:49:01.0731 2940 IPMIDRV - ok
20:49:01.0746 2940 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
20:49:01.0784 2940 IPNAT - ok
20:49:01.0793 2940 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
20:49:01.0836 2940 IRENUM - ok
20:49:01.0870 2940 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
20:49:01.0881 2940 isapnp - ok
20:49:01.0928 2940 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
20:49:01.0942 2940 iScsiPrt - ok
20:49:01.0953 2940 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
20:49:01.0964 2940 iteatapi - ok
20:49:01.0977 2940 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
20:49:01.0987 2940 iteraid - ok
20:49:02.0022 2940 JRAID (9c7e1e6cb8abec4a3948d0e2cd34bc41) C:\Windows\system32\DRIVERS\jraid.sys
20:49:02.0049 2940 JRAID - ok
20:49:02.0060 2940 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
20:49:02.0072 2940 kbdclass - ok
20:49:02.0083 2940 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
20:49:02.0104 2940 kbdhid - ok
20:49:02.0118 2940 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:49:02.0132 2940 KeyIso - ok
20:49:02.0165 2940 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
20:49:02.0186 2940 KSecDD - ok
20:49:02.0190 2940 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
20:49:02.0262 2940 ksthunk - ok
20:49:02.0316 2940 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
20:49:02.0361 2940 KtmRm - ok
20:49:02.0382 2940 L1E (3e3d1d8dcb2ca53463d34252e99465d3) C:\Windows\system32\DRIVERS\L1E60x64.sys
20:49:02.0395 2940 L1E - ok
20:49:02.0416 2940 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
20:49:02.0432 2940 LanmanServer - ok
20:49:02.0467 2940 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
20:49:02.0484 2940 LanmanWorkstation - ok
20:49:02.0495 2940 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
20:49:02.0525 2940 lltdio - ok
20:49:02.0549 2940 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
20:49:02.0590 2940 lltdsvc - ok
20:49:02.0605 2940 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
20:49:02.0643 2940 lmhosts - ok
20:49:02.0660 2940 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
20:49:02.0673 2940 LSI_FC - ok
20:49:02.0688 2940 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
20:49:02.0702 2940 LSI_SAS - ok
20:49:02.0717 2940 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
20:49:02.0730 2940 LSI_SCSI - ok
20:49:02.0747 2940 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
20:49:02.0782 2940 luafv - ok
20:49:02.0800 2940 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
20:49:02.0826 2940 Mcx2Svc - ok
20:49:02.0855 2940 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
20:49:02.0866 2940 megasas - ok
20:49:02.0901 2940 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
20:49:02.0922 2940 MegaSR - ok
20:49:02.0939 2940 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
20:49:02.0968 2940 MMCSS - ok
20:49:02.0979 2940 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
20:49:03.0006 2940 Modem - ok
20:49:03.0019 2940 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
20:49:03.0047 2940 monitor - ok
20:49:03.0054 2940 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
20:49:03.0066 2940 mouclass - ok
20:49:03.0099 2940 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
20:49:03.0128 2940 mouhid - ok
20:49:03.0139 2940 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
20:49:03.0152 2940 MountMgr - ok
20:49:03.0210 2940 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:49:03.0222 2940 MozillaMaintenance - ok
20:49:03.0239 2940 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
20:49:03.0253 2940 mpio - ok
20:49:03.0268 2940 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
20:49:03.0298 2940 mpsdrv - ok
20:49:03.0338 2940 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
20:49:03.0388 2940 MpsSvc - ok
20:49:03.0402 2940 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
20:49:03.0413 2940 Mraid35x - ok
20:49:03.0432 2940 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
20:49:03.0456 2940 MRxDAV - ok
20:49:03.0497 2940 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:49:03.0516 2940 mrxsmb - ok
20:49:03.0559 2940 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:49:03.0613 2940 mrxsmb10 - ok
20:49:03.0632 2940 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:49:03.0677 2940 mrxsmb20 - ok
20:49:03.0697 2940 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
20:49:03.0709 2940 msahci - ok
20:49:03.0733 2940 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
20:49:03.0745 2940 msdsm - ok
20:49:03.0769 2940 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
20:49:03.0813 2940 MSDTC - ok
20:49:03.0829 2940 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
20:49:03.0867 2940 Msfs - ok
20:49:03.0912 2940 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
20:49:03.0923 2940 msisadrv - ok
20:49:03.0954 2940 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
20:49:03.0985 2940 MSiSCSI - ok
20:49:03.0987 2940 msiserver - ok
20:49:04.0000 2940 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
20:49:04.0040 2940 MSKSSRV - ok
20:49:04.0079 2940 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
20:49:04.0119 2940 MSPCLOCK - ok
20:49:04.0126 2940 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
20:49:04.0153 2940 MSPQM - ok
20:49:04.0178 2940 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
20:49:04.0195 2940 MsRPC - ok
20:49:04.0202 2940 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
20:49:04.0213 2940 mssmbios - ok
20:49:04.0224 2940 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
20:49:04.0251 2940 MSTEE - ok
20:49:04.0305 2940 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
20:49:04.0314 2940 MTsensor - ok
20:49:04.0323 2940 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
20:49:04.0335 2940 Mup - ok
20:49:04.0361 2940 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
20:49:04.0408 2940 napagent - ok
20:49:04.0486 2940 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
20:49:04.0537 2940 NativeWifiP - ok
20:49:04.0610 2940 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
20:49:04.0642 2940 NDIS - ok
20:49:04.0673 2940 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
20:49:04.0702 2940 NdisTapi - ok
20:49:04.0736 2940 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
20:49:04.0769 2940 Ndisuio - ok
20:49:04.0817 2940 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
20:49:04.0848 2940 NdisWan - ok
20:49:04.0864 2940 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
20:49:04.0885 2940 NDProxy - ok
20:49:04.0892 2940 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
20:49:04.0934 2940 NetBIOS - ok
20:49:04.0975 2940 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
20:49:04.0998 2940 netbt - ok
20:49:05.0020 2940 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:49:05.0033 2940 Netlogon - ok
20:49:05.0066 2940 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
20:49:05.0130 2940 Netman - ok
20:49:05.0154 2940 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
20:49:05.0187 2940 netprofm - ok
20:49:05.0249 2940 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:49:05.0259 2940 NetTcpPortSharing - ok
20:49:05.0284 2940 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
20:49:05.0296 2940 nfrd960 - ok
20:49:05.0318 2940 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
20:49:05.0392 2940 NlaSvc - ok
20:49:05.0426 2940 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
20:49:05.0452 2940 Npfs - ok
20:49:05.0454 2940 npggsvc - ok
20:49:05.0456 2940 NPPTNT2 - ok
20:49:05.0482 2940 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
20:49:05.0516 2940 nsi - ok
20:49:05.0537 2940 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
20:49:05.0572 2940 nsiproxy - ok
20:49:05.0646 2940 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
20:49:05.0681 2940 Ntfs - ok
20:49:05.0791 2940 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
20:49:05.0821 2940 Null - ok
20:49:05.0897 2940 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
20:49:05.0908 2940 NVHDA - ok
20:49:06.0479 2940 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:49:06.0838 2940 nvlddmkm - ok
20:49:06.0937 2940 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
20:49:06.0950 2940 nvraid - ok
20:49:06.0962 2940 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
20:49:06.0974 2940 nvstor - ok
20:49:07.0030 2940 nvsvc (39f933ca2798156b0b7a19d104b73b9a) C:\Windows\system32\nvvsvc.exe
20:49:07.0057 2940 nvsvc - ok
20:49:07.0131 2940 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
20:49:07.0144 2940 nv_agp - ok
20:49:07.0146 2940 NwlnkFlt - ok
20:49:07.0150 2940 NwlnkFwd - ok
20:49:07.0197 2940 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
20:49:07.0230 2940 ohci1394 - ok
20:49:07.0274 2940 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:49:07.0284 2940 ose - ok
20:49:07.0336 2940 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:49:07.0377 2940 p2pimsvc - ok
20:49:07.0382 2940 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:49:07.0405 2940 p2psvc - ok
20:49:07.0416 2940 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
20:49:07.0457 2940 Parport - ok
20:49:07.0474 2940 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
20:49:07.0487 2940 partmgr - ok
20:49:07.0503 2940 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
20:49:07.0518 2940 PcaSvc - ok
20:49:07.0533 2940 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
20:49:07.0547 2940 pci - ok
20:49:07.0565 2940 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
20:49:07.0576 2940 pciide - ok
20:49:07.0597 2940 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
20:49:07.0610 2940 pcmcia - ok
20:49:07.0651 2940 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
20:49:07.0712 2940 PEAUTH - ok
20:49:07.0767 2940 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
20:49:07.0814 2940 PerfHost - ok
20:49:07.0923 2940 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
20:49:08.0035 2940 pla - ok
20:49:08.0063 2940 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
20:49:08.0089 2940 PlugPlay - ok
20:49:08.0137 2940 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:49:08.0159 2940 PNRPAutoReg - ok
20:49:08.0165 2940 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:49:08.0187 2940 PNRPsvc - ok
20:49:08.0226 2940 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
20:49:08.0275 2940 PolicyAgent - ok
20:49:08.0340 2940 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
20:49:08.0366 2940 PptpMiniport - ok
20:49:08.0427 2940 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
20:49:08.0461 2940 Processor - ok
20:49:08.0484 2940 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
20:49:08.0521 2940 ProfSvc - ok
20:49:08.0553 2940 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:49:08.0566 2940 ProtectedStorage - ok
20:49:08.0581 2940 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
20:49:08.0602 2940 PSched - ok
20:49:08.0669 2940 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
20:49:08.0714 2940 ql2300 - ok
20:49:08.0759 2940 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
20:49:08.0772 2940 ql40xx - ok
20:49:08.0810 2940 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
20:49:08.0836 2940 QWAVE - ok
20:49:08.0911 2940 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
20:49:08.0924 2940 QWAVEdrv - ok
20:49:08.0935 2940 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
20:49:08.0966 2940 RasAcd - ok
20:49:08.0980 2940 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
20:49:09.0011 2940 RasAuto - ok
20:49:09.0024 2940 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:49:09.0106 2940 Rasl2tp - ok
20:49:09.0154 2940 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
20:49:09.0185 2940 RasMan - ok
20:49:09.0196 2940 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
20:49:09.0227 2940 RasPppoe - ok
20:49:09.0245 2940 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
20:49:09.0263 2940 RasSstp - ok
20:49:09.0295 2940 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
20:49:09.0319 2940 rdbss - ok
20:49:09.0331 2940 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:49:09.0358 2940 RDPCDD - ok
20:49:09.0382 2940 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
20:49:09.0419 2940 rdpdr - ok
20:49:09.0422 2940 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
20:49:09.0449 2940 RDPENCDD - ok
20:49:09.0485 2940 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
20:49:09.0500 2940 RDPWD - ok
20:49:09.0517 2940 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
20:49:09.0551 2940 RemoteAccess - ok
20:49:09.0579 2940 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
20:49:09.0603 2940 RemoteRegistry - ok
20:49:09.0609 2940 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
20:49:09.0622 2940 RpcLocator - ok
20:49:09.0663 2940 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
20:49:09.0696 2940 RpcSs - ok
20:49:09.0702 2940 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
20:49:09.0732 2940 rspndr - ok
20:49:09.0747 2940 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:49:09.0760 2940 SamSs - ok
20:49:09.0790 2940 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
20:49:09.0802 2940 sbp2port - ok
20:49:09.0830 2940 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
20:49:09.0865 2940 SCardSvr - ok
20:49:09.0915 2940 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
20:49:09.0947 2940 Schedule - ok
20:49:09.0980 2940 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
20:49:10.0001 2940 SCPolicySvc - ok
20:49:10.0008 2940 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
20:49:10.0023 2940 SDRSVC - ok
20:49:10.0090 2940 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:49:10.0137 2940 secdrv - ok
20:49:10.0180 2940 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
20:49:10.0219 2940 seclogon - ok
20:49:10.0229 2940 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
20:49:10.0279 2940 SENS - ok
20:49:10.0294 2940 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
20:49:10.0345 2940 Serenum - ok
20:49:10.0370 2940 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
20:49:10.0411 2940 Serial - ok
20:49:10.0440 2940 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
20:49:10.0500 2940 sermouse - ok
20:49:10.0544 2940 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
20:49:10.0598 2940 SessionEnv - ok
20:49:10.0610 2940 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
20:49:10.0637 2940 sffdisk - ok
20:49:10.0645 2940 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
20:49:10.0674 2940 sffp_mmc - ok
20:49:10.0678 2940 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
20:49:10.0712 2940 sffp_sd - ok
20:49:10.0717 2940 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
20:49:10.0757 2940 sfloppy - ok
20:49:10.0795 2940 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
20:49:10.0832 2940 SharedAccess - ok
20:49:10.0871 2940 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
20:49:10.0887 2940 ShellHWDetection - ok
20:49:10.0902 2940 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
20:49:10.0913 2940 SiSRaid2 - ok
20:49:10.0931 2940 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
20:49:10.0943 2940 SiSRaid4 - ok
20:49:11.0098 2940 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
20:49:11.0208 2940 slsvc - ok
20:49:11.0311 2940 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
20:49:11.0369 2940 SLUINotify - ok
20:49:11.0419 2940 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
20:49:11.0472 2940 Smb - ok
20:49:11.0526 2940 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
20:49:11.0539 2940 SNMPTRAP - ok
20:49:11.0672 2940 speedfan (5f9785e7535f8f602cb294a54962c9e7) C:\Windows\syswow64\speedfan.sys
20:49:11.0683 2940 speedfan - ok
20:49:11.0778 2940 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
20:49:11.0790 2940 spldr - ok
20:49:11.0999 2940 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
20:49:12.0015 2940 Spooler - ok
20:49:12.0047 2940 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
20:49:12.0147 2940 srv - ok
20:49:12.0177 2940 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
20:49:12.0192 2940 srv2 - ok
20:49:12.0224 2940 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
20:49:12.0248 2940 srvnet - ok
20:49:12.0267 2940 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
20:49:12.0298 2940 SSDPSRV - ok
20:49:12.0375 2940 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
20:49:12.0397 2940 SstpSvc - ok
20:49:12.0445 2940 Steam Client Service - ok
20:49:12.0548 2940 Stereo Service (9bf7e58d9113ce15cf4f1e1b18ceff83) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:49:12.0572 2940 Stereo Service - ok
20:49:12.0644 2940 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
20:49:12.0672 2940 stisvc - ok
20:49:12.0728 2940 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
20:49:12.0738 2940 swenum - ok
20:49:12.0846 2940 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
20:49:12.0887 2940 swprv - ok
20:49:12.0914 2940 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
20:49:12.0926 2940 Symc8xx - ok
20:49:12.0969 2940 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
20:49:12.0980 2940 Sym_hi - ok
20:49:12.0996 2940 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
20:49:13.0008 2940 Sym_u3 - ok
20:49:13.0059 2940 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
20:49:13.0156 2940 SysMain - ok
20:49:13.0180 2940 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
20:49:13.0202 2940 TabletInputService - ok
20:49:13.0233 2940 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
20:49:13.0258 2940 TapiSrv - ok
20:49:13.0273 2940 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
20:49:13.0314 2940 TBS - ok
20:49:13.0400 2940 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
20:49:13.0441 2940 Tcpip - ok
20:49:13.0596 2940 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
20:49:13.0627 2940 Tcpip6 - ok
20:49:13.0714 2940 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
20:49:13.0727 2940 tcpipreg - ok
20:49:13.0746 2940 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
20:49:13.0775 2940 TDPIPE - ok
20:49:13.0821 2940 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
20:49:13.0854 2940 TDTCP - ok
20:49:13.0868 2940 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
20:49:13.0890 2940 tdx - ok
20:49:13.0962 2940 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
20:49:13.0976 2940 TermDD - ok
20:49:14.0023 2940 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
20:49:14.0064 2940 TermService - ok
20:49:14.0145 2940 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
20:49:14.0161 2940 Themes - ok
20:49:14.0234 2940 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
20:49:14.0263 2940 THREADORDER - ok
20:49:14.0291 2940 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
20:49:14.0353 2940 TrkWks - ok
20:49:14.0414 2940 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
20:49:14.0446 2940 TrustedInstaller - ok
20:49:14.0460 2940 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:49:14.0488 2940 tssecsrv - ok
20:49:14.0548 2940 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
20:49:14.0602 2940 tunmp - ok
20:49:14.0632 2940 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
20:49:14.0644 2940 tunnel - ok
20:49:14.0663 2940 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
20:49:14.0675 2940 uagp35 - ok
20:49:14.0703 2940 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
20:49:14.0731 2940 udfs - ok
20:49:14.0763 2940 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
20:49:14.0805 2940 UI0Detect - ok
20:49:14.0822 2940 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
20:49:14.0834 2940 uliagpkx - ok
20:49:14.0861 2940 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
20:49:14.0876 2940 uliahci - ok
20:49:14.0915 2940 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
20:49:14.0928 2940 UlSata - ok
20:49:14.0944 2940 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
20:49:14.0958 2940 ulsata2 - ok
20:49:14.0975 2940 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
20:49:15.0003 2940 umbus - ok
20:49:15.0028 2940 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
20:49:15.0081 2940 upnphost - ok
20:49:15.0143 2940 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
20:49:15.0207 2940 usbaudio - ok
20:49:15.0274 2940 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
20:49:15.0299 2940 usbccgp - ok
20:49:15.0354 2940 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
20:49:15.0437 2940 usbcir - ok
20:49:15.0451 2940 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
20:49:15.0480 2940 usbehci - ok
20:49:15.0499 2940 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
20:49:15.0522 2940 usbhub - ok
20:49:15.0534 2940 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
20:49:15.0594 2940 usbohci - ok
20:49:15.0618 2940 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
20:49:15.0663 2940 usbprint - ok
20:49:15.0676 2940 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:49:15.0733 2940 USBSTOR - ok
20:49:15.0781 2940 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
20:49:15.0804 2940 usbuhci - ok
20:49:15.0830 2940 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
20:49:15.0854 2940 UxSms - ok
20:49:15.0889 2940 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
20:49:15.0922 2940 vds - ok
20:49:15.0936 2940 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
20:49:15.0998 2940 vga - ok
20:49:16.0010 2940 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
20:49:16.0038 2940 VgaSave - ok
20:49:16.0180 2940 VIAHdAudAddService (8ce7dd492b1cda58bcc6a14e8733aad6) C:\Windows\system32\drivers\viahduaa.sys
20:49:16.0223 2940 VIAHdAudAddService - ok
20:49:16.0284 2940 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
20:49:16.0294 2940 viaide - ok
20:49:16.0306 2940 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
20:49:16.0319 2940 volmgr - ok
20:49:16.0346 2940 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
20:49:16.0366 2940 volmgrx - ok
20:49:16.0453 2940 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
20:49:16.0468 2940 volsnap - ok
20:49:16.0488 2940 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
20:49:16.0501 2940 vsmraid - ok
20:49:16.0579 2940 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
20:49:16.0665 2940 VSS - ok
20:49:16.0685 2940 vtany - ok
20:49:16.0762 2940 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
20:49:16.0860 2940 W32Time - ok
20:49:16.0890 2940 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
20:49:16.0938 2940 WacomPen - ok
20:49:17.0053 2940 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
20:49:17.0096 2940 Wanarp - ok
20:49:17.0098 2940 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
20:49:17.0120 2940 Wanarpv6 - ok
20:49:17.0161 2940 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
20:49:17.0215 2940 wcncsvc - ok
20:49:17.0258 2940 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
20:49:17.0288 2940 WcsPlugInService - ok
20:49:17.0324 2940 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
20:49:17.0335 2940 Wd - ok
20:49:17.0383 2940 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
20:49:17.0419 2940 Wdf01000 - ok
20:49:17.0471 2940 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
20:49:17.0514 2940 WdiServiceHost - ok
20:49:17.0517 2940 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
20:49:17.0549 2940 WdiSystemHost - ok
20:49:17.0592 2940 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
20:49:17.0615 2940 WebClient - ok
20:49:17.0708 2940 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
20:49:17.0726 2940 Wecsvc - ok
20:49:17.0738 2940 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
20:49:17.0763 2940 wercplsupport - ok
20:49:17.0775 2940 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
20:49:17.0808 2940 WerSvc - ok
20:49:17.0843 2940 WinDefend - ok
20:49:17.0847 2940 WinHttpAutoProxySvc - ok
20:49:17.0905 2940 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
20:49:17.0931 2940 Winmgmt - ok
20:49:18.0062 2940 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
20:49:18.0145 2940 WinRM - ok
20:49:18.0381 2940 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
20:49:18.0407 2940 Wlansvc - ok
20:49:18.0545 2940 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:49:18.0590 2940 wlidsvc - ok
20:49:18.0653 2940 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
20:49:18.0683 2940 WmiAcpi - ok
20:49:18.0729 2940 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
20:49:18.0753 2940 wmiApSrv - ok
20:49:18.0761 2940 WMPNetworkSvc - ok
20:49:18.0793 2940 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
20:49:18.0815 2940 WPCSvc - ok
20:49:18.0883 2940 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
20:49:18.0906 2940 WPDBusEnum - ok
20:49:19.0006 2940 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
20:49:19.0020 2940 WpdUsb - ok
20:49:19.0153 2940 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:49:19.0217 2940 WPFFontCache_v0400 - ok
20:49:19.0232 2940 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
20:49:19.0269 2940 ws2ifsl - ok
20:49:19.0295 2940 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
20:49:19.0313 2940 wscsvc - ok
20:49:19.0316 2940 WSearch - ok
20:49:19.0443 2940 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
20:49:19.0505 2940 wuauserv - ok
20:49:19.0659 2940 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:49:19.0708 2940 WUDFRd - ok
20:49:19.0731 2940 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
20:49:19.0762 2940 wudfsvc - ok
20:49:19.0861 2940 X6va005 - ok
20:49:19.0980 2940 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys
20:49:20.0052 2940 xnacc - ok
20:49:20.0058 2940 xsherlock - ok
20:49:20.0140 2940 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
20:49:20.0150 2940 xusb21 - ok
20:49:20.0164 2940 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:49:20.0329 2940 \Device\Harddisk0\DR0 - ok
20:49:20.0331 2940 Boot (0x1200) (d2a9aab13fc23e1741c322ae244c76cc) \Device\Harddisk0\DR0\Partition0
20:49:20.0332 2940 \Device\Harddisk0\DR0\Partition0 - ok
20:49:20.0376 2940 Boot (0x1200) (4592b929030968b09bd8a3564e95c769) \Device\Harddisk0\DR0\Partition1
20:49:20.0377 2940 \Device\Harddisk0\DR0\Partition1 - ok
20:49:20.0377 2940 ============================================================
20:49:20.0377 2940 Scan finished
20:49:20.0377 2940 ============================================================
20:49:20.0388 4900 Detected object count: 6
20:49:20.0388 4900 Actual detected object count: 6
20:49:51.0017 4900 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:49:51.0017 4900 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
20:49:51.0019 4900 ASDR ( UnsignedFile.Multi.Generic ) - skipped by user
20:49:51.0019 4900 ASDR ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:49:51.0021 4900 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
20:49:51.0021 4900 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:49:51.0022 4900 ATKFUSService ( UnsignedFile.Multi.Generic ) - skipped by user
20:49:51.0022 4900 ATKFUSService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:49:51.0023 4900 DvmMDES ( UnsignedFile.Multi.Generic ) - skipped by user
20:49:51.0023 4900 DvmMDES ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:49:51.0023 4900 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:49:51.0023 4900 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:51:39.0373 4548 ============================================================
20:51:39.0373 4548 Scan started
20:51:39.0373 4548 Mode: Manual; SigCheck; TDLFS;
20:51:39.0373 4548 ============================================================
20:51:39.0792 4548 Scan interrupted by user!
20:51:39.0792 4548 Scan interrupted by user!
20:51:39.0792 4548 Scan interrupted by user!
20:51:39.0792 4548 ============================================================
20:51:39.0792 4548 Scan finished
20:51:39.0792 4548 ============================================================
20:51:39.0797 3408 Detected object count: 0
20:51:39.0797 3408 Actual detected object count: 0
20:51:42.0175 3452 ============================================================
20:51:42.0175 3452 Scan started
20:51:42.0175 3452 Mode: Manual; SigCheck; TDLFS;
20:51:42.0175 3452 ============================================================
20:51:42.0486 3452 1394hub - ok
20:51:42.0528 3452 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
20:51:42.0552 3452 ACPI - ok
20:51:42.0612 3452 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:51:42.0622 3452 AdobeARMservice - ok
20:51:42.0735 3452 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:51:42.0747 3452 AdobeFlashPlayerUpdateSvc - ok
20:51:42.0792 3452 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
20:51:42.0811 3452 adp94xx - ok
20:51:42.0836 3452 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
20:51:42.0853 3452 adpahci - ok
20:51:42.0900 3452 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
20:51:42.0912 3452 adpu160m - ok
20:51:42.0928 3452 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
20:51:42.0941 3452 adpu320 - ok
20:51:42.0986 3452 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
20:51:43.0008 3452 AeLookupSvc - ok
20:51:43.0040 3452 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
20:51:43.0058 3452 AFD - ok
20:51:43.0069 3452 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
20:51:43.0080 3452 agp440 - ok
20:51:43.0096 3452 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
20:51:43.0108 3452 aic78xx - ok
20:51:43.0361 3452 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
20:51:43.0361 3452 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
20:51:43.0366 3452 Akamai ( HiddenFile.Multi.Generic ) - warning
20:51:43.0366 3452 Akamai - detected HiddenFile.Multi.Generic (1)
20:51:43.0443 3452 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
20:51:43.0471 3452 ALG - ok
20:51:43.0504 3452 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
20:51:43.0514 3452 aliide - ok
20:51:43.0525 3452 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
20:51:43.0536 3452 amdide - ok
20:51:43.0553 3452 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
20:51:43.0580 3452 AmdK8 - ok
20:51:43.0597 3452 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
20:51:43.0610 3452 Appinfo - ok
20:51:43.0639 3452 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
20:51:43.0652 3452 arc - ok
20:51:43.0666 3452 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
20:51:43.0678 3452 arcsas - ok
20:51:43.0739 3452 ASDR (4b720cc508b4fb999a7bf0e6d84f73e1) C:\Windows\SysWOW64\ASDR.exe
20:51:43.0743 3452 ASDR ( UnsignedFile.Multi.Generic ) - warning
20:51:43.0743 3452 ASDR - detected UnsignedFile.Multi.Generic (1)
20:51:43.0816 3452 AsIO (8065a7659562005127673ac52898675f) C:\Windows\syswow64\drivers\AsIO.sys
20:51:43.0826 3452 AsIO - ok
20:51:43.0866 3452 AsSysCtrlService (edabc3fa8f941d2047da630e95e936c7) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
20:51:43.0870 3452 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - warning
20:51:43.0870 3452 AsSysCtrlService - detected UnsignedFile.Multi.Generic (1)
20:51:43.0878 3452 asusgsb (a4398a8914c32f18ec2ab562cba3caaf) C:\Windows\system32\drivers\asusgsb.sys
20:51:43.0888 3452 asusgsb - ok
20:51:43.0904 3452 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
20:51:43.0914 3452 aswFsBlk - ok
20:51:43.0927 3452 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
20:51:43.0937 3452 aswMonFlt - ok
20:51:43.0952 3452 aswRdr (ee1e8fea9d6dfe066aba3a8ea455a1f2) C:\Windows\system32\drivers\aswRdr.sys
20:51:43.0962 3452 aswRdr - ok
20:51:44.0011 3452 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
20:51:44.0032 3452 aswSnx - ok
20:51:44.0058 3452 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
20:51:44.0072 3452 aswSP - ok
20:51:44.0085 3452 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
20:51:44.0096 3452 aswTdi - ok
20:51:44.0115 3452 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
20:51:44.0141 3452 AsyncMac - ok
20:51:44.0175 3452 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
20:51:44.0187 3452 atapi - ok
20:51:44.0243 3452 atkdisplf (fb4187c282cb467e5e606913a1fa79a3) C:\Windows\system32\drivers\ATKDispLowFilter.sys
20:51:44.0254 3452 atkdisplf - ok
20:51:44.0270 3452 ATKFUSService (86d873fd396fa6708a99a1bdf104d120) C:\Windows\system32\ATKFUSService.exe
20:51:44.0273 3452 ATKFUSService ( UnsignedFile.Multi.Generic ) - warning
20:51:44.0273 3452 ATKFUSService - detected UnsignedFile.Multi.Generic (1)
20:51:44.0310 3452 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
20:51:44.0336 3452 AudioEndpointBuilder - ok
20:51:44.0340 3452 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
20:51:44.0395 3452 AudioSrv - ok
20:51:44.0500 3452 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
20:51:44.0511 3452 avast! Antivirus - ok
20:51:44.0514 3452 Beep - ok
20:51:44.0556 3452 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
20:51:44.0582 3452 BFE - ok
20:51:44.0651 3452 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
20:51:44.0687 3452 BITS - ok
20:51:44.0763 3452 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
20:51:44.0790 3452 blbdrive - ok
20:51:44.0846 3452 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
20:51:44.0858 3452 bowser - ok
20:51:44.0884 3452 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
20:51:44.0904 3452 BrFiltLo - ok
20:51:44.0917 3452 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
20:51:44.0938 3452 BrFiltUp - ok
20:51:44.0959 3452 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
20:51:44.0987 3452 Browser - ok
20:51:45.0008 3452 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
20:51:45.0048 3452 Brserid - ok
20:51:45.0063 3452 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
20:51:45.0103 3452 BrSerWdm - ok
20:51:45.0116 3452 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
20:51:45.0155 3452 BrUsbMdm - ok
20:51:45.0159 3452 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
20:51:45.0200 3452 BrUsbSer - ok
20:51:45.0213 3452 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
20:51:45.0253 3452 BTHMODEM - ok
20:51:45.0257 3452 catchme - ok
20:51:45.0277 3452 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
20:51:45.0304 3452 cdfs - ok
20:51:45.0387 3452 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
20:51:45.0408 3452 cdrom - ok
20:51:45.0417 3452 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
20:51:45.0439 3452 CertPropSvc - ok
20:51:45.0453 3452 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
20:51:45.0480 3452 circlass - ok
20:51:45.0517 3452 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
20:51:45.0533 3452 CLFS - ok
20:51:45.0584 3452 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:51:45.0595 3452 clr_optimization_v2.0.50727_32 - ok
20:51:45.0631 3452 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:51:45.0641 3452 clr_optimization_v2.0.50727_64 - ok
20:51:45.0671 3452 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:51:45.0683 3452 clr_optimization_v4.0.30319_32 - ok
20:51:45.0725 3452 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:51:45.0735 3452 clr_optimization_v4.0.30319_64 - ok
20:51:45.0745 3452 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
20:51:45.0756 3452 cmdide - ok
20:51:45.0765 3452 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
20:51:45.0776 3452 Compbatt - ok
20:51:45.0779 3452 COMSysApp - ok
20:51:45.0783 3452 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
20:51:45.0794 3452 crcdisk - ok
20:51:45.0815 3452 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
20:51:45.0838 3452 CryptSvc - ok
20:51:45.0883 3452 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
20:51:45.0913 3452 DcomLaunch - ok
20:51:45.0941 3452 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
20:51:45.0955 3452 DfsC - ok
20:51:46.0101 3452 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
20:51:46.0156 3452 DFSR - ok
20:51:46.0322 3452 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
20:51:46.0346 3452 Dhcp - ok
20:51:46.0404 3452 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
20:51:46.0416 3452 disk - ok
20:51:46.0443 3452 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
20:51:46.0458 3452 Dnscache - ok
20:51:46.0481 3452 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
20:51:46.0504 3452 dot3svc - ok
20:51:46.0529 3452 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
20:51:46.0558 3452 DPS - ok
20:51:46.0572 3452 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
20:51:46.0595 3452 drmkaud - ok
20:51:46.0597 3452 dump_wmimmc - ok
20:51:46.0695 3452 DvmMDES (355e50803a28af282a87faa2612b95ce) C:\ASUS.SYS\config\DVMExportService.exe
20:51:46.0701 3452 DvmMDES ( UnsignedFile.Multi.Generic ) - warning
20:51:46.0701 3452 DvmMDES - detected UnsignedFile.Multi.Generic (1)
20:51:46.0756 3452 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
20:51:46.0784 3452 DXGKrnl - ok
20:51:46.0822 3452 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
20:51:46.0852 3452 E1G60 - ok
20:51:46.0854 3452 EagleX64 - ok
20:51:46.0867 3452 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
20:51:46.0889 3452 EapHost - ok
20:51:46.0906 3452 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
20:51:46.0920 3452 Ecache - ok
20:51:46.0956 3452 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
20:51:46.0972 3452 ehRecvr - ok
20:51:47.0006 3452 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
20:51:47.0020 3452 ehSched - ok
20:51:47.0027 3452 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
20:51:47.0039 3452 ehstart - ok
20:51:47.0052 3452 EIO64 (343ada10d948db29251f2d9c809af204) C:\Windows\system32\DRIVERS\EIO64.sys
20:51:47.0064 3452 EIO64 - ok
20:51:47.0088 3452 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
20:51:47.0106 3452 elxstor - ok
20:51:47.0141 3452 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
20:51:47.0160 3452 EMDMgmt - ok
20:51:47.0173 3452 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
20:51:47.0200 3452 ErrDev - ok
20:51:47.0243 3452 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
20:51:47.0269 3452 EventSystem - ok
20:51:47.0296 3452 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
20:51:47.0309 3452 exfat - ok
20:51:47.0350 3452 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
20:51:47.0372 3452 fastfat - ok
20:51:47.0413 3452 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
20:51:47.0440 3452 fdc - ok
20:51:47.0460 3452 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
20:51:47.0488 3452 fdPHost - ok
20:51:47.0502 3452 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
20:51:47.0544 3452 FDResPub - ok
20:51:47.0557 3452 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
20:51:47.0568 3452 FileInfo - ok
20:51:47.0584 3452 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
20:51:47.0613 3452 Filetrace - ok
20:51:47.0623 3452 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:51:47.0651 3452 flpydisk - ok
20:51:47.0673 3452 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
20:51:47.0689 3452 FltMgr - ok
20:51:47.0753 3452 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
20:51:47.0781 3452 FontCache - ok
20:51:47.0886 3452 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:51:47.0896 3452 FontCache3.0.0.0 - ok
20:51:47.0937 3452 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
20:51:47.0949 3452 Fs_Rec - ok
20:51:47.0960 3452 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
20:51:47.0972 3452 gagp30kx - ok
20:51:48.0067 3452 getPlusHelper (1dd4bb8f2110a8aeb1466a2805ae57bb) C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll
20:51:48.0077 3452 getPlusHelper - ok
20:51:48.0119 3452 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
20:51:48.0150 3452 gpsvc - ok
20:51:48.0171 3452 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
20:51:48.0182 3452 hamachi - ok
20:51:48.0225 3452 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
20:51:48.0240 3452 HdAudAddService - ok
20:51:48.0351 3452 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:51:48.0384 3452 HDAudBus - ok
20:51:48.0422 3452 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
20:51:48.0462 3452 HidBth - ok
20:51:48.0477 3452 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
20:51:48.0516 3452 HidIr - ok
20:51:48.0526 3452 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
20:51:48.0549 3452 hidserv - ok
20:51:48.0609 3452 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
20:51:48.0630 3452 HidUsb - ok
20:51:48.0645 3452 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
20:51:48.0675 3452 hkmsvc - ok
20:51:48.0684 3452 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
20:51:48.0697 3452 HpCISSs - ok
20:51:48.0763 3452 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
20:51:48.0819 3452 HTTP - ok
20:51:48.0863 3452 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
20:51:48.0875 3452 i2omp - ok
20:51:48.0926 3452 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
20:51:48.0947 3452 i8042prt - ok
20:51:49.0001 3452 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
20:51:49.0014 3452 iaStorV - ok
20:51:49.0105 3452 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:51:49.0109 3452 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:51:49.0109 3452 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:51:49.0220 3452 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:51:49.0244 3452 idsvc - ok
20:51:49.0261 3452 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
20:51:49.0272 3452 iirsp - ok
20:51:49.0326 3452 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
20:51:49.0352 3452 IKEEXT - ok
20:51:49.0389 3452 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
20:51:49.0400 3452 intelide - ok
20:51:49.0421 3452 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
20:51:49.0448 3452 intelppm - ok
20:51:49.0465 3452 IOMap (a01c412699b6f21645b2885c2bae4454) C:\Windows\system32\drivers\IOMap64.sys
20:51:49.0475 3452 IOMap - ok
20:51:49.0495 3452 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
20:51:49.0524 3452 IPBusEnum - ok
20:51:49.0537 3452 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:51:49.0558 3452 IpFilterDriver - ok
20:51:49.0650 3452 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
20:51:49.0665 3452 iphlpsvc - ok
20:51:49.0667 3452 IpInIp - ok
20:51:49.0687 3452 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
20:51:49.0716 3452 IPMIDRV - ok
20:51:49.0731 3452 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
20:51:49.0759 3452 IPNAT - ok
20:51:49.0770 3452 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
20:51:49.0798 3452 IRENUM - ok
20:51:49.0814 3452 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
20:51:49.0826 3452 isapnp - ok
20:51:49.0904 3452 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
20:51:49.0919 3452 iScsiPrt - ok
20:51:49.0930 3452 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
20:51:49.0941 3452 iteatapi - ok
20:51:49.0954 3452 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
20:51:49.0964 3452 iteraid - ok
20:51:50.0049 3452 JRAID (9c7e1e6cb8abec4a3948d0e2cd34bc41) C:\Windows\system32\DRIVERS\jraid.sys
20:51:50.0063 3452 JRAID - ok
20:51:50.0070 3452 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
20:51:50.0082 3452 kbdclass - ok
20:51:50.0093 3452 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
20:51:50.0114 3452 kbdhid - ok
20:51:50.0128 3452 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:51:50.0142 3452 KeyIso - ok
20:51:50.0175 3452 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
20:51:50.0194 3452 KSecDD - ok
20:51:50.0197 3452 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
20:51:50.0225 3452 ksthunk - ok
20:51:50.0258 3452 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
20:51:50.0292 3452 KtmRm - ok
20:51:50.0343 3452 L1E (3e3d1d8dcb2ca53463d34252e99465d3) C:\Windows\system32\DRIVERS\L1E60x64.sys
20:51:50.0354 3452 L1E - ok
20:51:50.0377 3452 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
20:51:50.0392 3452 LanmanServer - ok
20:51:50.0463 3452 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
20:51:50.0479 3452 LanmanWorkstation - ok
20:51:50.0522 3452 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
20:51:50.0549 3452 lltdio - ok
20:51:50.0589 3452 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
20:51:50.0618 3452 lltdsvc - ok
20:51:50.0632 3452 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
20:51:50.0661 3452 lmhosts - ok
20:51:50.0687 3452 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
20:51:50.0701 3452 LSI_FC - ok
20:51:50.0715 3452 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
20:51:50.0727 3452 LSI_SAS - ok
20:51:50.0744 3452 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
20:51:50.0756 3452 LSI_SCSI - ok
20:51:50.0763 3452 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
20:51:50.0790 3452 luafv - ok
20:51:50.0810 3452 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
20:51:50.0824 3452 Mcx2Svc - ok
20:51:50.0840 3452 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
20:51:50.0852 3452 megasas - ok
20:51:50.0884 3452 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
20:51:50.0901 3452 MegaSR - ok
20:51:50.0916 3452 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
20:51:50.0945 3452 MMCSS - ok
20:51:50.0956 3452 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
20:51:50.0983 3452 Modem - ok
20:51:50.0997 3452 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
20:51:51.0025 3452 monitor - ok
20:51:51.0039 3452 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
20:51:51.0052 3452 mouclass - ok
20:51:51.0060 3452 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
20:51:51.0087 3452 mouhid - ok
20:51:51.0099 3452 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
20:51:51.0112 3452 MountMgr - ok
20:51:51.0204 3452 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:51:51.0215 3452 MozillaMaintenance - ok
20:51:51.0241 3452 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
20:51:51.0254 3452 mpio - ok
20:51:51.0270 3452 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
20:51:51.0291 3452 mpsdrv - ok
20:51:51.0353 3452 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
20:51:51.0382 3452 MpsSvc - ok
20:51:51.0396 3452 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
20:51:51.0406 3452 Mraid35x - ok
20:51:51.0455 3452 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
20:51:51.0469 3452 MRxDAV - ok
20:51:51.0491 3452 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:51:51.0504 3452 mrxsmb - ok
20:51:51.0604 3452 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:51:51.0619 3452 mrxsmb10 - ok
20:51:51.0634 3452 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:51:51.0647 3452 mrxsmb20 - ok
20:51:51.0666 3452 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
20:51:51.0679 3452 msahci - ok
20:51:51.0920 3452 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
20:51:51.0932 3452 msdsm - ok
20:51:51.0954 3452 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
20:51:51.0982 3452 MSDTC - ok
20:51:51.0997 3452 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
20:51:52.0025 3452 Msfs - ok
20:51:52.0030 3452 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
20:51:52.0041 3452 msisadrv - ok
20:51:52.0071 3452 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
20:51:52.0101 3452 MSiSCSI - ok
20:51:52.0103 3452 msiserver - ok
20:51:52.0106 3452 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
20:51:52.0133 3452 MSKSSRV - ok
20:51:52.0147 3452 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
20:51:52.0174 3452 MSPCLOCK - ok
20:51:52.0186 3452 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
20:51:52.0213 3452 MSPQM - ok
20:51:52.0239 3452 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
20:51:52.0253 3452 MsRPC - ok
20:51:52.0261 3452 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
20:51:52.0272 3452 mssmbios - ok
20:51:52.0284 3452 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
20:51:52.0311 3452 MSTEE - ok
20:51:52.0332 3452 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
20:51:52.0342 3452 MTsensor - ok
20:51:52.0350 3452 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
20:51:52.0362 3452 Mup - ok
20:51:52.0388 3452 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
20:51:52.0432 3452 napagent - ok
20:51:52.0488 3452 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
20:51:52.0503 3452 NativeWifiP - ok
20:51:52.0554 3452 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
20:51:52.0627 3452 NDIS - ok
20:51:52.0642 3452 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
20:51:52.0663 3452 NdisTapi - ok
20:51:52.0680 3452 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
20:51:52.0710 3452 Ndisuio - ok
20:51:52.0751 3452 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
20:51:52.0772 3452 NdisWan - ok
20:51:52.0783 3452 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
20:51:52.0805 3452 NDProxy - ok
20:51:52.0811 3452 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
20:51:52.0839 3452 NetBIOS - ok
20:51:52.0861 3452 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
20:51:52.0884 3452 netbt - ok
20:51:52.0898 3452 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:51:52.0912 3452 Netlogon - ok
20:51:52.0944 3452 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
20:51:52.0976 3452 Netman - ok
20:51:53.0041 3452 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
20:51:53.0071 3452 netprofm - ok
20:51:53.0125 3452 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:51:53.0136 3452 NetTcpPortSharing - ok
20:51:53.0162 3452 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
20:51:53.0172 3452 nfrd960 - ok
20:51:53.0197 3452 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
20:51:53.0226 3452 NlaSvc - ok
20:51:53.0237 3452 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
20:51:53.0259 3452 Npfs - ok
20:51:53.0261 3452 npggsvc - ok
20:51:53.0264 3452 NPPTNT2 - ok
20:51:53.0285 3452 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
20:51:53.0314 3452 nsi - ok
20:51:53.0318 3452 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
20:51:53.0345 3452 nsiproxy - ok
20:51:53.0425 3452 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
20:51:53.0461 3452 Ntfs - ok
20:51:53.0535 3452 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
20:51:53.0563 3452 Null - ok
20:51:53.0584 3452 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
20:51:53.0595 3452 NVHDA - ok
20:51:54.0134 3452 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:51:54.0352 3452 nvlddmkm - ok
20:51:54.0508 3452 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
20:51:54.0521 3452 nvraid - ok
20:51:54.0533 3452 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
20:51:54.0545 3452 nvstor - ok
20:51:54.0601 3452 nvsvc (39f933ca2798156b0b7a19d104b73b9a) C:\Windows\system32\nvvsvc.exe
20:51:54.0628 3452 nvsvc - ok
20:51:54.0711 3452 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
20:51:54.0723 3452 nv_agp - ok
20:51:54.0726 3452 NwlnkFlt - ok
20:51:54.0729 3452 NwlnkFwd - ok
20:51:54.0760 3452 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
20:51:54.0780 3452 ohci1394 - ok
20:51:54.0812 3452 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:51:54.0823 3452 ose - ok
20:51:54.0875 3452 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:51:54.0899 3452 p2pimsvc - ok
20:51:54.0904 3452 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:51:54.0928 3452 p2psvc - ok
20:51:54.0954 3452 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
20:51:54.0995 3452 Parport - ok
20:51:55.0012 3452 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
20:51:55.0025 3452 partmgr - ok
20:51:55.0049 3452 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
20:51:55.0064 3452 PcaSvc - ok
20:51:55.0079 3452 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
20:51:55.0092 3452 pci - ok
20:51:55.0096 3452 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
20:51:55.0109 3452 pciide - ok
20:51:55.0126 3452 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
20:51:55.0139 3452 pcmcia - ok
20:51:55.0181 3452 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
20:51:55.0229 3452 PEAUTH - ok
20:51:55.0280 3452 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
20:51:55.0309 3452 PerfHost - ok
20:51:55.0367 3452 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
20:51:55.0406 3452 pla - ok
20:51:55.0436 3452 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
20:51:55.0461 3452 PlugPlay - ok
20:51:55.0555 3452 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:51:55.0577 3452 PNRPAutoReg - ok
20:51:55.0583 3452 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:51:55.0606 3452 PNRPsvc - ok
20:51:55.0639 3452 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
20:51:55.0667 3452 PolicyAgent - ok
20:51:55.0728 3452 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
20:51:55.0750 3452 PptpMiniport - ok
20:51:55.0798 3452 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
20:51:55.0828 3452 Processor - ok
20:51:55.0848 3452 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
20:51:55.0871 3452 ProfSvc - ok
20:51:55.0891 3452 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:51:55.0904 3452 ProtectedStorage - ok
20:51:55.0928 3452 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
20:51:55.0950 3452 PSched - ok
20:51:56.0016 3452 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
20:51:56.0047 3452 ql2300 - ok
20:51:56.0064 3452 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
20:51:56.0076 3452 ql40xx - ok
20:51:56.0106 3452 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
20:51:56.0123 3452 QWAVE - ok
20:51:56.0134 3452 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
20:51:56.0147 3452 QWAVEdrv - ok
20:51:56.0157 3452 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
20:51:56.0185 3452 RasAcd - ok
20:51:56.0195 3452 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
20:51:56.0224 3452 RasAuto - ok
20:51:56.0239 3452 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:51:56.0261 3452 Rasl2tp - ok
20:51:56.0285 3452 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
20:51:56.0309 3452 RasMan - ok
20:51:56.0320 3452 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
20:51:56.0342 3452 RasPppoe - ok
20:51:56.0359 3452 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
20:51:56.0372 3452 RasSstp - ok
20:51:56.0392 3452 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
20:51:56.0415 3452 rdbss - ok
20:51:56.0421 3452 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:51:56.0449 3452 RDPCDD - ok
20:51:56.0472 3452 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
20:51:56.0502 3452 rdpdr - ok
20:51:56.0505 3452 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
20:51:56.0532 3452 RDPENCDD - ok
20:51:56.0575 3452 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
20:51:56.0589 3452 RDPWD - ok
20:51:56.0607 3452 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
20:51:56.0636 3452 RemoteAccess - ok
20:51:56.0661 3452 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
20:51:56.0688 3452 RemoteRegistry - ok
20:51:56.0699 3452 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
20:51:56.0714 3452 RpcLocator - ok
20:51:56.0754 3452 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
20:51:56.0785 3452 RpcSs - ok
20:51:56.0792 3452 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
20:51:56.0821 3452 rspndr - ok
20:51:56.0829 3452 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:51:56.0843 3452 SamSs - ok
20:51:56.0863 3452 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
20:51:56.0876 3452 sbp2port - ok
20:51:56.0903 3452 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
20:51:56.0927 3452 SCardSvr - ok
20:51:56.0989 3452 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
20:51:57.0015 3452 Schedule - ok
20:51:57.0045 3452 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
20:51:57.0066 3452 SCPolicySvc - ok
20:51:57.0074 3452 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
20:51:57.0090 3452 SDRSVC - ok
20:51:57.0097 3452 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:51:57.0137 3452 secdrv - ok
20:51:57.0145 3452 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
20:51:57.0175 3452 seclogon - ok
20:51:57.0186 3452 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
20:51:57.0216 3452 SENS - ok
20:51:57.0235 3452 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
20:51:57.0263 3452 Serenum - ok
20:51:57.0278 3452 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
20:51:57.0306 3452 Serial - ok
20:51:57.0331 3452 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
20:51:57.0359 3452 sermouse - ok
20:51:57.0377 3452 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
20:51:57.0408 3452 SessionEnv - ok
20:51:57.0418 3452 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
20:51:57.0446 3452 sffdisk - ok
20:51:57.0453 3452 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
20:51:57.0481 3452 sffp_mmc - ok
20:51:57.0485 3452 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
20:51:57.0512 3452 sffp_sd - ok
20:51:57.0516 3452 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
20:51:57.0556 3452 sfloppy - ok
20:51:57.0587 3452 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
20:51:57.0620 3452 SharedAccess - ok
20:51:57.0654 3452 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
20:51:57.0671 3452 ShellHWDetection - ok
20:51:57.0685 3452 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
20:51:57.0698 3452 SiSRaid2 - ok
20:51:57.0715 3452 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
20:51:57.0727 3452 SiSRaid4 - ok
20:51:57.0852 3452 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
20:51:57.0909 3452 slsvc - ok
20:51:57.0977 3452 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
20:51:58.0000 3452 SLUINotify - ok
20:51:58.0036 3452 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
20:51:58.0058 3452 Smb - ok
20:51:58.0077 3452 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
20:51:58.0091 3452 SNMPTRAP - ok
20:51:58.0148 3452 speedfan (5f9785e7535f8f602cb294a54962c9e7) C:\Windows\syswow64\speedfan.sys
20:51:58.0160 3452 speedfan - ok
20:51:58.0183 3452 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
20:51:58.0195 3452 spldr - ok
20:51:58.0219 3452 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
20:51:58.0235 3452 Spooler - ok
20:51:58.0267 3452 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
20:51:58.0285 3452 srv - ok
20:51:58.0314 3452 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
20:51:58.0327 3452 srv2 - ok
20:51:58.0360 3452 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
20:51:58.0374 3452 srvnet - ok
20:51:58.0396 3452 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
20:51:58.0426 3452 SSDPSRV - ok
20:51:58.0445 3452 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
20:51:58.0460 3452 SstpSvc - ok
20:51:58.0481 3452 Steam Client Service - ok
20:51:58.0536 3452 Stereo Service (9bf7e58d9113ce15cf4f1e1b18ceff83) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:51:58.0550 3452 Stereo Service - ok
20:51:58.0590 3452 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
20:51:58.0612 3452 stisvc - ok
20:51:58.0682 3452 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
20:51:58.0693 3452 swenum - ok
20:51:58.0742 3452 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
20:51:58.0770 3452 swprv - ok
20:51:58.0793 3452 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
20:51:58.0804 3452 Symc8xx - ok
20:51:58.0815 3452 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
20:51:58.0826 3452 Sym_hi - ok
20:51:58.0842 3452 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
20:51:58.0853 3452 Sym_u3 - ok
20:51:58.0904 3452 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
20:51:58.0955 3452 SysMain - ok
20:51:58.0985 3452 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
20:51:59.0001 3452 TabletInputService - ok
20:51:59.0037 3452 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
20:51:59.0063 3452 TapiSrv - ok
20:51:59.0077 3452 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
20:51:59.0107 3452 TBS - ok
20:51:59.0187 3452 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
20:51:59.0220 3452 Tcpip - ok
20:51:59.0365 3452 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
20:51:59.0397 3452 Tcpip6 - ok
20:51:59.0460 3452 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
20:51:59.0474 3452 tcpipreg - ok
20:51:59.0485 3452 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
20:51:59.0512 3452 TDPIPE - ok
20:51:59.0525 3452 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
20:51:59.0553 3452 TDTCP - ok
20:51:59.0565 3452 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
20:51:59.0586 3452 tdx - ok
20:51:59.0610 3452 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
20:51:59.0622 3452 TermDD - ok
20:51:59.0653 3452 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
20:51:59.0691 3452 TermService - ok
20:51:59.0725 3452 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
20:51:59.0741 3452 Themes - ok
20:51:59.0764 3452 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
20:51:59.0792 3452 THREADORDER - ok
20:51:59.0847 3452 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
20:51:59.0877 3452 TrkWks - ok
20:51:59.0920 3452 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
20:51:59.0942 3452 TrustedInstaller - ok
20:51:59.0958 3452 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:51:59.0985 3452 tssecsrv - ok
20:51:59.0996 3452 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
20:52:00.0008 3452 tunmp - ok
20:52:00.0030 3452 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
20:52:00.0044 3452 tunnel - ok
20:52:00.0061 3452 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
20:52:00.0072 3452 uagp35 - ok
20:52:00.0110 3452 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
20:52:00.0133 3452 udfs - ok
20:52:00.0141 3452 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
20:52:00.0170 3452 UI0Detect - ok
20:52:00.0188 3452 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
20:52:00.0200 3452 uliagpkx - ok
20:52:00.0244 3452 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
20:52:00.0258 3452 uliahci - ok
20:52:00.0281 3452 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
20:52:00.0293 3452 UlSata - ok
20:52:00.0309 3452 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
20:52:00.0322 3452 ulsata2 - ok
20:52:00.0340 3452 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
20:52:00.0368 3452 umbus - ok
20:52:00.0393 3452 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
20:52:00.0427 3452 upnphost - ok
20:52:00.0552 3452 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
20:52:00.0573 3452 usbaudio - ok
20:52:00.0664 3452 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
20:52:00.0686 3452 usbccgp - ok
20:52:00.0703 3452 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
20:52:00.0745 3452 usbcir - ok
20:52:00.0774 3452 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
20:52:00.0795 3452 usbehci - ok
20:52:00.0856 3452 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
20:52:00.0878 3452 usbhub - ok
20:52:00.0890 3452 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
20:52:00.0930 3452 usbohci - ok
20:52:00.0935 3452 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
20:52:00.0975 3452 usbprint - ok
20:52:00.0991 3452 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:52:01.0012 3452 USBSTOR - ok
20:52:01.0022 3452 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
20:52:01.0045 3452 usbuhci - ok
20:52:01.0071 3452 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
20:52:01.0095 3452 UxSms - ok
20:52:01.0129 3452 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
20:52:01.0157 3452 vds - ok
20:52:01.0184 3452 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
20:52:01.0212 3452 vga - ok
20:52:01.0226 3452 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
20:52:01.0253 3452 VgaSave - ok
20:52:01.0371 3452 VIAHdAudAddService (8ce7dd492b1cda58bcc6a14e8733aad6) C:\Windows\system32\drivers\viahduaa.sys
20:52:01.0399 3452 VIAHdAudAddService - ok
20:52:01.0466 3452 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
20:52:01.0477 3452 viaide - ok
20:52:01.0531 3452 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
20:52:01.0543 3452 volmgr - ok
20:52:01.0579 3452 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
20:52:01.0597 3452 volmgrx - ok
20:52:01.0704 3452 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
20:52:01.0719 3452 volsnap - ok
20:52:01.0738 3452 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
20:52:01.0751 3452 vsmraid - ok
20:52:01.0829 3452 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
20:52:01.0893 3452 VSS - ok
20:52:01.0925 3452 vtany - ok
20:52:02.0276 3452 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
20:52:02.0304 3452 W32Time - ok
20:52:02.0388 3452 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
20:52:02.0428 3452 WacomPen - ok
20:52:02.0449 3452 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
20:52:02.0470 3452 Wanarp - ok
20:52:02.0473 3452 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
20:52:02.0494 3452 Wanarpv6 - ok
20:52:02.0526 3452 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
20:52:02.0588 3452 wcncsvc - ok
20:52:02.0639 3452 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
20:52:02.0663 3452 WcsPlugInService - ok
20:52:02.0680 3452 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
20:52:02.0693 3452 Wd - ok
20:52:02.0804 3452 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
20:52:02.0831 3452 Wdf01000 - ok
20:52:02.0853 3452 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
20:52:02.0882 3452 WdiServiceHost - ok
20:52:02.0885 3452 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
20:52:02.0914 3452 WdiSystemHost - ok
20:52:02.0932 3452 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
20:52:02.0949 3452 WebClient - ok
20:52:03.0040 3452 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
20:52:03.0056 3452 Wecsvc - ok
20:52:03.0070 3452 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
20:52:03.0094 3452 wercplsupport - ok
20:52:03.0115 3452 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
20:52:03.0139 3452 WerSvc - ok
20:52:03.0175 3452 WinDefend - ok
20:52:03.0179 3452 WinHttpAutoProxySvc - ok
20:52:03.0214 3452 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
20:52:03.0237 3452 Winmgmt - ok
20:52:03.0412 3452 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
20:52:03.0452 3452 WinRM - ok
20:52:03.0646 3452 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
20:52:03.0708 3452 Wlansvc - ok
20:52:03.0874 3452 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:52:03.0918 3452 wlidsvc - ok
20:52:04.0009 3452 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
20:52:04.0029 3452 WmiAcpi - ok
20:52:04.0111 3452 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
20:52:04.0133 3452 wmiApSrv - ok
20:52:04.0218 3452 WMPNetworkSvc - ok
20:52:04.0266 3452 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
20:52:04.0282 3452 WPCSvc - ok
20:52:04.0364 3452 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
20:52:04.0379 3452 WPDBusEnum - ok
20:52:04.0470 3452 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
20:52:04.0483 3452 WpdUsb - ok
20:52:04.0600 3452 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:52:04.0625 3452 WPFFontCache_v0400 - ok
20:52:04.0721 3452 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
20:52:04.0748 3452 ws2ifsl - ok
20:52:04.0768 3452 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
20:52:04.0785 3452 wscsvc - ok
20:52:04.0788 3452 WSearch - ok
20:52:04.0936 3452 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
20:52:04.0985 3452 wuauserv - ok
20:52:05.0148 3452 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:52:05.0178 3452 WUDFRd - ok
20:52:05.0229 3452 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
20:52:05.0260 3452 wudfsvc - ok
20:52:05.0301 3452 X6va005 - ok
20:52:05.0379 3452 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys
20:52:05.0420 3452 xnacc - ok
20:52:05.0423 3452 xsherlock - ok
20:52:05.0514 3452 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
20:52:05.0524 3452 xusb21 - ok
20:52:05.0537 3452 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:52:05.0968 3452 \Device\Harddisk0\DR0 - ok
20:52:05.0970 3452 Boot (0x1200) (d2a9aab13fc23e1741c322ae244c76cc) \Device\Harddisk0\DR0\Partition0
20:52:05.0970 3452 \Device\Harddisk0\DR0\Partition0 - ok
20:52:05.0990 3452 Boot (0x1200) (4592b929030968b09bd8a3564e95c769) \Device\Harddisk0\DR0\Partition1
20:52:05.0991 3452 \Device\Harddisk0\DR0\Partition1 - ok
20:52:05.0992 3452 ============================================================
20:52:05.0992 3452 Scan finished
20:52:05.0992 3452 ============================================================
20:52:05.0997 2600 Detected object count: 6
20:52:05.0997 2600 Actual detected object count: 6
20:53:06.0474 2600 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:53:06.0474 2600 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
20:53:06.0476 2600 ASDR ( UnsignedFile.Multi.Generic ) - skipped by user
20:53:06.0476 2600 ASDR ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:53:06.0476 2600 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
20:53:06.0476 2600 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:53:06.0477 2600 ATKFUSService ( UnsignedFile.Multi.Generic ) - skipped by user
20:53:06.0477 2600 ATKFUSService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:53:06.0478 2600 DvmMDES ( UnsignedFile.Multi.Generic ) - skipped by user
20:53:06.0478 2600 DvmMDES ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:53:06.0478 2600 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:53:06.0478 2600 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:54:00.0428 4740 Deinitialize success

#8
Gammo

Posted 02 May 2012 - 02:27 PM

Member 2k

Malware Removal
2,299 posts

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download OTC to your desktop and run it
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Google Chrome and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

The WOT add-on will nicely help to enhance your security, no matter which web browser you use. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool: