Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser redirects, pop up ads and spikes in ping


  • Please log in to reply

#1
BackToBusiness

BackToBusiness

    New Member

  • Member
  • Pip
  • 2 posts
Hello geekstogo,

Over the last month or two, I started getting the occasional short spike in ping and slowness of the computer even in non internet dependent use . Considering the antivirus program I was using at the time (AVG) wasn't detecting anything I didn't think much of it. However in the last few weeks the problems got worse. I got spikes in ping and general computer slowness that were way worse, getting pings up to 900 both in games and in commandprompt ping. These episodes lated from a few seconds to several minutes and were not present in any of the other computers in the house. Once I started getting browser redirects and AVG still wasn't detecting anything I uninstalled that and replaced it with Microsoft Security Essentials, which on scan did detect and remove around ten things, the details of which I don't recall. However after this the problems persisted and I started getting pop up ads in the bottom right of my screen, leading to sites that promptly got blocked by security essentials when accidentally clicked on. Because of the persistence of the problems I switched to Ad Aware, which found a few more threats over multiple scans over two days (the program didn't give out the details of the threats discovered). After this the spikes in ping dropped in intensity aswell as in length and I got way less browser redirects. Both problems however are still there, aswell as pop up ads still being active. I couldn't figure out the problem and Ad Aware found no threats even during full scans. After a bit of searching on the internet I found this forum and downloaded OTL so I could get help here. I hope you guys can find out what the problem is since I sure can't.

Extras.txt:

OTL Extras logfile created on: 6/28/2012 1:12:51 AM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Boris\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy

6.00 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 19.71% Memory free
12.00 Gb Paging File | 7.58 Gb Available in Paging File | 63.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.07 Gb Total Space | 798.93 Gb Free Space | 87.02% Space Free | Partition Type: NTFS
Drive D: | 13.34 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 931.39 Gb Free Space | 99.99% Space Free | Partition Type: NTFS

Computer Name: HP_KAASVRETER | User Name: Boris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F453ED-84D5-4A11-A446-B14809E60312}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1453BD11-38AE-439C-BDE8-46424D49E2BA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{27A65343-B209-42FA-8B21-6F0598363D7B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27F05CEF-EA5C-45C7-8B48-DF468FE106C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{286792BB-9986-4549-A4D5-0D4F42E8FE80}" = lport=138 | protocol=17 | dir=in | app=system |
"{38056BA0-18FF-45F0-8F40-2DC0A0310C62}" = lport=2869 | protocol=6 | dir=in | app=system |
"{39BB5254-E167-4D75-A602-DC816FB49FA7}" = rport=445 | protocol=6 | dir=out | app=system |
"{3CA50D6A-C295-4721-AEE0-144B7F2ABDB4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{401F28F1-D9A7-4986-99A4-3F3715DE0933}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B12EF6A-D384-49BE-B0D7-8FE2425FFEE6}" = lport=445 | protocol=6 | dir=in | app=system |
"{4B9A3FED-A10D-483B-8AE7-B8BB2998B60C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5E0299F1-3C00-4C76-83D2-00FD65E067D2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{749CF81B-867E-4FF0-91A3-A09B5DE6ECF6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7A019E1A-FDB5-42BE-BE72-D3F7A1E7386F}" = rport=139 | protocol=6 | dir=out | app=system |
"{8323D18F-CCAC-40FB-9211-A075D2A35D1D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{886773A4-EE1F-4E52-8676-4BBE93D82F51}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C1D48CE-AD89-4065-A708-D40C17DAAF72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{951AE3DA-23E3-4231-85C8-97774350E1F6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C5ADAD80-D4F9-4166-A793-EAEA7044CAB2}" = lport=137 | protocol=17 | dir=in | app=system |
"{C8D1147A-9372-47BC-9134-295496692986}" = rport=137 | protocol=17 | dir=out | app=system |
"{CCA2C3FF-84F3-497C-82E4-B564C324A4BE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E032D33F-1001-42D8-950B-D790F5C5AFEB}" = lport=139 | protocol=6 | dir=in | app=system |
"{F21F694F-10B3-446D-ACAE-2AAC367D1C6D}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09D3EFC1-477F-420C-A2CE-3FE701C5CE4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A8192EC-D096-4499-A3F2-EC6CA95AF948}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{18196E9F-8E68-4642-8224-D9B9DFC47F15}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{1C9D8B43-1141-4E5F-84FA-EC7525BF64AD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{22B076D8-CDC6-40ED-A1CB-537CBAF60636}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{234DA063-430D-4CA1-BD92-7683FAE99822}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24131D0F-14EC-4A21-BC05-A9EF2DC26D0A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{25F8A77C-7ECA-4F80-AB7C-342B4C85E819}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{27036600-9AC5-4B23-9458-0A7E460BA5BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\vijftig\counter-strike source\hl2.exe |
"{288D4493-F1C4-4707-AAA1-BDE62DE02B31}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{28969114-46E5-43A6-BD04-593BE123BF5D}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\akamai\netsession_win.exe |
"{2AB751B6-7300-4E3B-8861-60A1102658B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2B319247-E662-4ECB-8BF8-1950D22B4C17}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{30869358-331E-4D53-A606-9E38A47871E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38FB6049-9FB6-4916-AEFA-35962952CD8A}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |
"{3A547BBA-65EC-4BE4-815B-89BDA1A02FF9}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{3BE1E90A-22C3-4769-A393-5A551235B7DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4D59B62A-1956-4897-9469-64C29D5486A1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{50B179C3-8FBA-4F77-873E-60A4006B08EE}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{51D74FBC-A9CE-4B65-A8EE-FA3846806A28}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{534B2041-E6C7-4B7D-9AD8-F47B58EE0034}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5404AF06-5402-4FD7-9999-6D618787AD6B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{56C3D985-5E9C-4C6C-B5F6-4D691334DEAF}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{654C2DB0-4263-42B6-809D-8E0FAE702AEC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{66B9731B-73C8-4223-BA18-1AD9C0615C82}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6838F0E9-8EC2-42FD-914A-9AAD4E64366A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{6DB33335-70DD-4914-99BD-B2CFB28B1BE2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6F5103B1-3425-4913-92D8-E0DEC72A16BA}" = protocol=1 | dir=in | name=echo ping request |
"{72DB8B4B-CBD4-44C9-851B-F0F61399D44F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7992DA7B-BDBA-4B4B-A409-F6087520AB13}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{80265771-7408-47E5-BB0D-428747BF5BBF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8147B174-1211-4165-ABE7-2EA177BBD4DC}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{83A7FBDB-901C-4D07-9523-637DD0E73028}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\vijftig\counter-strike source\hl2.exe |
"{83B1F859-BFBD-4B95-8B8A-757F8BB4DCC2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8C2850B4-0EC3-4B08-A877-F28ECF752F27}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{938D305A-5BAB-4977-BBF9-0FC4696D69DD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9635960D-3265-43A0-A824-E056D70C7747}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{9722CB50-9AA1-4047-86F9-A2072C2C3F63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9DAEEB42-7CC6-4B57-B738-3DBF76B360DE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{9E9E7DE1-3625-4DE3-955F-D77DF8D7734F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A26EAB3A-34C8-48AC-B09B-7266610AB0EE}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\akamai\netsession_win.exe |
"{A3156DF4-A995-44EE-BCC8-D3F884B2659F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{A95D9E68-1ACD-4E2A-BD40-DBC927DFF6C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{B025E20E-2317-472C-A68A-4506FD217E5A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B284C212-30A8-4784-A62D-A92D98026885}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BE632716-A637-4718-A1D6-2756AF8351B9}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{C1862E09-5518-4842-AF5C-B7FD7C1347A1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C67B1304-6DE6-44FF-A76E-1B3730365DAC}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{CC4E8DB9-978B-4736-B605-FC5243CEDD07}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{CCEC5CBC-A69E-41F8-BA63-D758EBFCE4EF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D01CE285-43CE-401B-A1AB-A09B97131360}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D4022F24-7E63-449E-AA8C-0E408B247094}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |
"{D56050DA-2587-4F9D-A758-AD292984F67A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D601C2A4-032A-4CE1-81D0-2A7442DB6EC7}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{D7E85C4B-66E7-49E8-8E26-9E6F57DBC9B2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{D907C01B-2B72-424C-97DA-678A37F65ECA}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{E1B7DBE4-90BB-4B76-B864-8A6C4703E5B0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{EBA434BE-268E-486A-A4D0-19577D339D2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EF6B87E0-E44A-470A-ADCC-1D2341C6C900}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{F0EA56A6-1427-420E-A375-8305357B0B71}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FC77F819-D043-4B51-862B-B6237E2723B6}" = protocol=6 | dir=out | app=system |
"TCP Query User{4DE15761-6B66-4B4D-B415-555F22685B3B}C:\program files (x86)\tremulous\tremulous.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tremulous\tremulous.exe |
"TCP Query User{547B5A68-E5C9-4C91-9058-9A4F4C8F0EEA}C:\users\boris\appdata\roaming\cetuy\ucma.exe" = protocol=6 | dir=in | app=c:\users\boris\appdata\roaming\cetuy\ucma.exe |
"TCP Query User{6FF0C351-B927-4208-8595-3FA82D080FB1}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{7553382E-8220-474D-88E9-1BAD590E33BF}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{766951E6-CD71-4874-91E7-05873578CB05}C:\users\boris\downloads\starcraft_2_eu_en-gb.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\starcraft_2_eu_en-gb.exe |
"TCP Query User{7805B483-2789-4356-9551-18D1DCE45D36}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{8DFACC31-EF80-4141-BD42-4E8F02430268}C:\users\boris\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\akamai\netsession_win.exe |
"TCP Query User{9ACA751B-04F9-4F0F-A566-A6BCCC5234B4}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{9E376470-AAD8-48CE-BC93-0C81C5B53201}C:\program files (x86)\steam\steamapps\vijftig\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\vijftig\team fortress 2\hl2.exe |
"TCP Query User{A1583DBE-636C-43C4-AB33-0623B66DE1DA}C:\users\boris\documents\starcraft_2_eu_en-gb.exe" = protocol=6 | dir=in | app=c:\users\boris\documents\starcraft_2_eu_en-gb.exe |
"TCP Query User{C05E3EAB-1C2B-4A2E-879B-B0DCC5DC3215}C:\program files (x86)\microsoft games\age of empires ii trial\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii trial\empires2.exe |
"TCP Query User{C264FE6E-7695-4129-B74A-B64FDDF00703}C:\users\boris\downloads\starcraft_2_eu_en-gb (1).exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\starcraft_2_eu_en-gb (1).exe |
"TCP Query User{FA09FBAF-625A-4FB3-B98D-F6B98A208F39}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{09FA2EB7-02D0-4253-8380-EE6E8F369174}C:\users\boris\appdata\roaming\cetuy\ucma.exe" = protocol=17 | dir=in | app=c:\users\boris\appdata\roaming\cetuy\ucma.exe |
"UDP Query User{14F8C999-70EB-47C0-81C1-2B731BEBCEDB}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{2BAD1804-6324-44DC-85C1-24D4ED1CC92A}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{6097611E-BCE4-495E-875F-FE0C43399AF4}C:\users\boris\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\akamai\netsession_win.exe |
"UDP Query User{733F375F-2182-4F02-B2E1-A297425551A9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{95159C8D-E79B-4AC4-8B53-DD31D138D38F}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{AB541761-1793-4026-9777-D10ECC7B11BC}C:\program files (x86)\steam\steamapps\vijftig\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\vijftig\team fortress 2\hl2.exe |
"UDP Query User{B99AC00A-A4BD-4464-BFC1-7A004EA9045D}C:\program files (x86)\tremulous\tremulous.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tremulous\tremulous.exe |
"UDP Query User{C9F578E3-9503-4C33-8DAF-38F99616E33B}C:\users\boris\documents\starcraft_2_eu_en-gb.exe" = protocol=17 | dir=in | app=c:\users\boris\documents\starcraft_2_eu_en-gb.exe |
"UDP Query User{D7B70824-4B93-4D6A-A3CC-90772BF8C419}C:\users\boris\downloads\starcraft_2_eu_en-gb.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\starcraft_2_eu_en-gb.exe |
"UDP Query User{DF733538-F0DE-447B-B7DF-52044B594A33}C:\users\boris\downloads\starcraft_2_eu_en-gb (1).exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\starcraft_2_eu_en-gb (1).exe |
"UDP Query User{E75B1FD9-F24C-4B7E-9D84-C06DF552ED53}C:\program files (x86)\microsoft games\age of empires ii trial\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii trial\empires2.exe |
"UDP Query User{F986C62A-D822-4560-A9F9-86A5A13CED54}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}" = Opera 10.00
"{24863FD7-EE05-4985-9905-1611B0A5723C}" = S4 League_EU
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C3BAE9CC-EC6B-4B3E-80C1-C1EC29A09AF8}" = OpenOffice.org 3.3
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{fc8208f2-b1c1-4253-9e89-d518e983b7bb}" = Ad-Aware Antivirus
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"adawaretb" = Ad-Aware Security Toolbar
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II Trial" = Microsoft Age of Empires II Trial Version
"Akamai" = Akamai NetSession Interface
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"Auto Mouse_is1" = Auto Mouse 1.3
"BabylonToolbar" = Babylon toolbar on IE
"blekkotb" = Spam Free Search Bar
"Crossfire Europe" = Crossfire Europe
"EasyBits Magic Desktop" = Magic Desktop
"Europe MapleStory_is1" = Europe MapleStory
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"MusicStationNetstaller" = MusicStation
"My HP Game Console" = HP Game Console
"Opera" = Opera
"Opera 12.00.1467" = Opera 12.00
"PDF Complete" = PDF Complete Special Edition
"StarCraft II" = StarCraft II
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 440" = Team Fortress 2
"Steam App 57300" = Amnesia: The Dark Descent
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tremulous" = Tremulous 1.1.0
"Tremulous-GPP" = Tremulous Gameplay Preview
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087343" = Dora's World Adventure
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT089299" = Mystery P.I. - The London Caper
"WT089300" = World Cup Cricket 20-20
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/21/2012 9:40:24 AM | Computer Name = HP_Kaasvreter | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x60f3e36c Faulting
process id: 0x1544 Faulting application start time: 0x01cd4fb285d33f45 Faulting application
path: c:\program files (x86)\steam\steamapps\vijftig\counter-strike source\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: a6ed426e-bba6-11e1-bc7f-d485649a512c

Error - 6/21/2012 10:23:27 AM | Computer Name = HP_Kaasvreter | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x60f3e36c Faulting
process id: 0x2644 Faulting application start time: 0x01cd4fb7a97d4877 Faulting application
path: c:\program files (x86)\steam\steamapps\vijftig\counter-strike source\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: aa7f9efe-bbac-11e1-bc7f-d485649a512c

Error - 6/21/2012 11:51:00 AM | Computer Name = HP_Kaasvreter | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x60f8e36c Faulting
process id: 0x274c Faulting application start time: 0x01cd4fbde74ddc39 Faulting application
path: c:\program files (x86)\steam\steamapps\vijftig\counter-strike source\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: e5859746-bbb8-11e1-bc7f-d485649a512c

Error - 6/21/2012 2:41:36 PM | Computer Name = HP_Kaasvreter | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x655fe36c Faulting
process id: 0x310 Faulting application start time: 0x01cd4fdcb139e15c Faulting application
path: c:\program files (x86)\steam\steamapps\vijftig\counter-strike source\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: babc4565-bbd0-11e1-bc7f-d485649a512c

Error - 6/21/2012 3:07:32 PM | Computer Name = HP_Kaasvreter | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x61fae36c Faulting
process id: 0xfc4 Faulting application start time: 0x01cd4fe06628f649 Faulting application
path: c:\program files (x86)\steam\steamapps\vijftig\counter-strike source\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: 5a25888e-bbd4-11e1-9367-d485649a512c

Error - 6/21/2012 5:17:00 PM | Computer Name = HP_Kaasvreter | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x7455e36c Faulting
process id: 0x13e4 Faulting application start time: 0x01cd4fee8bd89c29 Faulting application
path: c:\program files (x86)\steam\steamapps\vijftig\counter-strike source\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: 6fca636a-bbe6-11e1-b47a-d485649a512c

Error - 6/22/2012 6:03:24 AM | Computer Name = HP_Kaasvreter | Source = Application Error | ID = 1000
Description = Faulting application name: LolClient.exe, version: 2.0.2.12610, time
stamp: 0x4c00573a Faulting module name: Adobe AIR.dll, version: 3.1.0.4880, time
stamp: 0x4eb75fb9 Exception code: 0xc0000005 Fault offset: 0x000781a4 Faulting process
id: 0x780 Faulting application start time: 0x01cd5059c10e8eaa Faulting application
path: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.150\deploy\LolClient.exe
Faulting
module path: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.150\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Report Id: 80e296ba-bc51-11e1-8125-d485649a512c

Error - 6/22/2012 11:24:35 AM | Computer Name = HP_Kaasvreter | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x72d5e36c Faulting
process id: 0x320 Faulting application start time: 0x01cd5087969ff65c Faulting application
path: c:\program files (x86)\steam\steamapps\vijftig\counter-strike source\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: 5f433029-bc7e-11e1-9ca9-d485649a512c

Error - 6/22/2012 5:19:03 PM | Computer Name = HP_Kaasvreter | Source = Application Error | ID = 1000
Description = Faulting application name: LolClient.exe, version: 2.0.2.12610, time
stamp: 0x4c00573a Faulting module name: Adobe AIR.dll, version: 3.1.0.4880, time
stamp: 0x4eb75fb9 Exception code: 0xc0000005 Fault offset: 0x000781a4 Faulting process
id: 0x1c80 Faulting application start time: 0x01cd50adf11c48c7 Faulting application
path: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.150\deploy\LolClient.exe
Faulting
module path: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.150\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Report Id: e3fe58c3-bcaf-11e1-9ca9-d485649a512c

Error - 6/23/2012 5:17:23 AM | Computer Name = HP_Kaasvreter | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Windows Search' could not be shut down.

[ Hewlett-Packard Events ]
Error - 2/12/2012 12:44:17 PM | Computer Name = HP_Kaasvreter | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 6143 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 2/19/2012 12:24:41 PM | Computer Name = HP_Kaasvreter | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 6143 Ram Utilization: 30 TargetSite: Void UpdateAndDetect()

Error - 2/26/2012 12:49:36 PM | Computer Name = HP_Kaasvreter | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 6143 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 5/13/2012 6:27:50 AM | Computer Name = HP_Kaasvreter | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6143 Ram Utilization: 50 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/13/2012 6:27:50 AM | Computer Name = HP_Kaasvreter | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6143 Ram Utilization: 50 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/20/2012 6:27:13 AM | Computer Name = HP_Kaasvreter | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6143 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/20/2012 6:27:13 AM | Computer Name = HP_Kaasvreter | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6143 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/27/2012 6:13:29 AM | Computer Name = HP_Kaasvreter | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6143 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/27/2012 6:13:30 AM | Computer Name = HP_Kaasvreter | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6143 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/3/2012 6:43:12 AM | Computer Name = HP_Kaasvreter | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6143 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

[ System Events ]
Error - 4/5/2012 12:15:06 PM | Computer Name = HP_Kaasvreter | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 4/5/2012 12:26:06 PM | Computer Name = HP_Kaasvreter | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 4/8/2012 11:19:02 AM | Computer Name = HP_Kaasvreter | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 4/9/2012 9:16:40 AM | Computer Name = HP_Kaasvreter | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 4/9/2012 9:27:40 AM | Computer Name = HP_Kaasvreter | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 4/12/2012 7:11:34 PM | Computer Name = HP_Kaasvreter | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070020: Security Update for Windows 7 for x64-based Systems (KB2653956).

Error - 4/15/2012 2:42:51 PM | Computer Name = HP_Kaasvreter | Source = Microsoft-Windows-Time-Service | ID = 34
Description = The time service has detected that the system time needs to be changed
by -86401 seconds. The time service will not change the system time by more than
54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.19:123) is working
properly.

Error - 4/21/2012 6:02:22 AM | Computer Name = HP_Kaasvreter | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 4/21/2012 6:02:22 AM | Computer Name = HP_Kaasvreter | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 5/3/2012 6:56:39 PM | Computer Name = HP_Kaasvreter | Source = DCOM | ID = 10010
Description =


< End of report >
[/spoiler]

OTL.txt:

[spoiler]OTL logfile created on: 6/28/2012 1:12:51 AM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Boris\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy

6.00 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 19.71% Memory free
12.00 Gb Paging File | 7.58 Gb Available in Paging File | 63.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.07 Gb Total Space | 798.93 Gb Free Space | 87.02% Space Free | Partition Type: NTFS
Drive D: | 13.34 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 931.39 Gb Free Space | 99.99% Space Free | Partition Type: NTFS

Computer Name: HP_KAASVRETER | User Name: Boris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/28 01:12:30 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Boris\Downloads\OTL.exe
PRC - [2012/06/23 13:56:16 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2012/06/20 11:53:09 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/06/15 21:53:26 | 000,874,384 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2012/06/15 21:53:26 | 000,800,656 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Boris\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/05/24 11:06:35 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\rads\projects\lol_launcher\releases\0.0.0.71\deploy\LoLLauncher.exe
PRC - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/05/03 18:37:50 | 020,221,792 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/03/26 18:15:47 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\rads\system\rads_user_kernel.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011/12/22 16:27:40 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/10/21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/01/17 18:54:42 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:54:42 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/09/28 20:59:06 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2010/09/28 17:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/09/08 09:09:02 | 000,144,384 | ---- | M] (Adobe Systems Inc.) -- C:\Riot Games\League of Legends\rads\projects\lol_air_client\releases\0.0.0.150\deploy\LolClient.exe
PRC - [2010/04/23 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009/05/09 01:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/09 01:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/28 04:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 19:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/23 13:56:16 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2012/06/20 11:53:09 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/06/20 11:53:06 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/06/20 11:53:06 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/06/20 11:53:06 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/06/20 11:53:06 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/06/15 21:53:30 | 000,316,928 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2012/06/15 21:53:30 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2012/06/15 21:53:30 | 000,168,448 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2012/06/15 21:53:30 | 000,099,840 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2012/06/15 21:53:30 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2012/06/15 21:53:30 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2012/06/15 21:53:30 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2012/06/15 21:53:30 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2012/06/15 21:53:30 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2012/06/15 21:53:30 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll
MOD - [2012/06/15 21:53:29 | 000,783,360 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
MOD - [2012/06/15 21:53:29 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2012/06/15 21:53:29 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2012/06/13 12:36:22 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2012/05/24 11:06:35 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\rads\projects\lol_launcher\releases\0.0.0.71\deploy\LoLLauncher.exe
MOD - [2012/03/26 18:15:47 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\rads\system\rads_user_kernel.exe
MOD - [2011/12/12 16:17:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/09/28 21:10:14 | 001,699,384 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2010/09/28 20:59:20 | 012,286,008 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2009/07/14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/02/28 04:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/20 02:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/06 04:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/20 11:53:09 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/06 20:04:21 | 003,417,376 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/28 17:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/06/19 03:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/19 12:44:24 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/12/19 12:44:24 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/05 06:57:54 | 001,041,760 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/09/03 08:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/08/13 15:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/13 15:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/06/22 03:07:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/03/10 17:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/12/22 11:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPDTDF
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPDTDF
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPDTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPDTDF
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPDTDF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPDTDF
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000d0df9a922431
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?s...q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-03-11 11:09:40&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - default_search_provider: Blekko (Enabled)
CHR - default_search_provider: search_url = http://blekko.com/?s...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Boris\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Skype Click to Call = C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2012/04/15 20:06:39 | 000,001,389 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 176.9.75.3 www.google-analytics.com.
O1 - Hosts: 176.9.75.3 ad-emea.doubleclick.net.
O1 - Hosts: 176.9.75.3 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2 - BHO: (Updater For Spam Free Search Bar) - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll (Visicom Media)
O2 - BHO: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll ()
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll ()
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Boris\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.121.1.34 195.121.1.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57D959DD-DFBE-446B-96B4-72C85303B119}: DhcpNameServer = 195.121.1.34 195.121.1.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98475FA0-04A8-43DA-AF47-CF0850FC0CDD}: DhcpNameServer = 195.121.1.34 195.121.1.66
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{55e8839b-2387-11e1-8151-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55e8839b-2387-11e1-8151-806e6f6e6963}\Shell\AutoRun\command - "" = F:\aoesetup.exe /autorun
O33 - MountPoints2\{55e8839b-2387-11e1-8151-806e6f6e6963}\Shell\directx\command - "" = F:\DirectX\dxsetup.exe
O33 - MountPoints2\{55e8839b-2387-11e1-8151-806e6f6e6963}\Shell\dplay\command - "" = F:\DirectX\dplay61a.exe
O33 - MountPoints2\{55e8839b-2387-11e1-8151-806e6f6e6963}\Shell\dxdiag\command - "" = F:\goodies\ar40eng.exe
O33 - MountPoints2\{55e8839b-2387-11e1-8151-806e6f6e6963}\Shell\dxinfo\command - "" = F:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{55e8839b-2387-11e1-8151-806e6f6e6963}\Shell\dxtest\command - "" = F:\DirectX\dxdiag.exe
O33 - MountPoints2\{55e8839b-2387-11e1-8151-806e6f6e6963}\Shell\dxtool\command - "" = F:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{55e8839b-2387-11e1-8151-806e6f6e6963}\Shell\log\command - "" = F:\goodies\machine\machine.exe -l
O33 - MountPoints2\{55e8839b-2387-11e1-8151-806e6f6e6963}\Shell\machine\command - "" = F:\goodies\machine\machine.exe
O33 - MountPoints2\{55e8839b-2387-11e1-8151-806e6f6e6963}\Shell\setup\command - "" = F:\aoesetup.exe /autorun
O33 - MountPoints2\{55e8839b-2387-11e1-8151-806e6f6e6963}\Shell\zone\command - "" = F:\goodies\mszone\zoneA600.exe
O33 - MountPoints2\{f8b7377b-233c-11e1-aa7c-d485649a512c}\Shell - "" = AutoRun
O33 - MountPoints2\{f8b7377b-233c-11e1-aa7c-d485649a512c}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/28 00:47:12 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{0C7B3653-70AE-41AF-AE69-59288BCD56C4}
[2012/06/28 00:47:00 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{FB8D548B-EC37-4782-A234-1635E3120173}
[2012/06/27 12:46:28 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{8D837CD6-D216-4169-827D-DB4AD3DF3AAB}
[2012/06/27 12:46:16 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{AB13BD80-768E-47E6-AE83-75883F3BD60E}
[2012/06/26 23:15:15 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{21465F64-3A7D-45EB-84DD-07263FB833AF}
[2012/06/26 23:15:02 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{1813E460-6402-4ECF-A605-181CCED83933}
[2012/06/26 19:19:02 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\adaware
[2012/06/26 19:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/06/26 19:18:52 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012/06/26 19:18:42 | 000,256,632 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFw.sys
[2012/06/26 19:18:42 | 000,119,416 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFwIm.sys
[2012/06/26 19:18:42 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys
[2012/06/26 19:18:42 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012/06/26 19:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/06/26 19:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/06/26 19:18:23 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\adawarebp
[2012/06/26 19:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/06/26 19:18:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2012/06/26 19:18:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012/06/26 19:17:02 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Ad-Aware Antivirus
[2012/06/26 11:14:29 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{462929F4-0264-4CA5-B53F-61F4B66E03B9}
[2012/06/26 11:14:14 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{3F8D0B1E-2E9D-4B13-9417-494392B5C888}
[2012/06/25 13:29:00 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{18793FF0-1332-4B27-B10A-6C3ADCDC1514}
[2012/06/25 13:28:47 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{1285EBAF-43D5-47E4-850B-124839E5B0EB}
[2012/06/25 01:28:17 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{490ACBCE-96E3-4632-B3A2-870747EA0385}
[2012/06/25 01:28:06 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{8F872DC2-4E5B-41ED-B96B-7326F92B2F97}
[2012/06/24 13:27:35 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{C2E6FFEC-51D9-4A47-93E0-459399769F32}
[2012/06/24 13:27:22 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{63C871FC-FB88-46C2-B2F2-C5B03A1357B9}
[2012/06/23 23:49:39 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{5486716D-34AA-4CE8-9764-75F0A08D528E}
[2012/06/23 21:18:52 | 000,000,000 | ---D | C] -- C:\Users\Boris\Documents\Cross Fire
[2012/06/23 21:18:52 | 000,000,000 | ---D | C] -- C:\CFLog
[2012/06/23 21:18:22 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossfire Europe
[2012/06/23 21:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe
[2012/06/23 21:15:14 | 000,000,000 | ---D | C] -- C:\SG Interactive
[2012/06/23 11:49:13 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{14FD5F28-7ED6-4BE2-825B-E7B3E598A5D0}
[2012/06/23 11:49:02 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{3FED0CD7-9A2D-4740-ABC1-4135608CAB72}
[2012/06/23 11:24:52 | 000,000,000 | ---D | C] -- C:\Windows\nl
[2012/06/23 11:23:58 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/23 11:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/06/23 11:14:17 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{2058F8B4-EA66-4BD4-9ADE-6894C34492A5}
[2012/06/23 11:14:05 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{E23898E8-27DF-46B3-B2E1-A0473AF0EC2E}
[2012/06/22 18:29:58 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{352CF637-2A91-449D-8A9E-8BFD9F8D1D6C}
[2012/06/22 12:03:11 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Diagnostics
[2012/06/21 16:08:34 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\TeamViewer
[2012/06/16 21:30:06 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tremulous
[2012/06/16 21:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tremulous
[2012/06/16 21:29:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tremulous
[2012/06/06 21:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya
[2012/06/06 21:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\alaplaya
[2012/06/06 20:04:56 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Akamai
[2012/06/06 20:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2012/06/04 16:25:59 | 000,000,000 | -H-D | C] -- C:\$AVG
[1 C:\Users\Boris\AppData\Roaming\*.tmp files -> C:\Users\Boris\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/28 00:51:01 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/27 22:22:53 | 000,007,597 | ---- | M] () -- C:\Users\Boris\AppData\Local\Resmon.ResmonCfg
[2012/06/27 21:03:14 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/06/27 20:56:30 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/27 20:56:30 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/27 20:49:27 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/27 20:49:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/27 20:49:11 | 536,301,567 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/27 12:53:56 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/27 12:53:56 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/27 12:53:56 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/26 22:03:21 | 000,001,738 | ---- | M] () -- C:\Windows\SysWow64\EmailAVConfig.xml
[2012/06/26 22:03:20 | 000,019,220 | ---- | M] () -- C:\Windows\SysWow64\FirewallConfig.xml
[2012/06/26 22:03:20 | 000,001,190 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/06/26 17:29:04 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/24 23:33:29 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBoris.job
[2012/06/23 21:18:22 | 000,000,847 | ---- | M] () -- C:\Users\Boris\Desktop\Crossfire Europe.lnk
[2012/06/23 21:10:40 | 571,203,792 | ---- | M] () -- C:\Users\Boris\Desktop\Crossfire_Install_1077.exe
[2012/06/21 22:14:50 | 000,734,810 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/14 09:50:53 | 000,314,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/12 13:53:02 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/08 17:06:04 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHP_KAASVRETER$.job
[2012/06/06 21:39:23 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk
[1 C:\Users\Boris\AppData\Roaming\*.tmp files -> C:\Users\Boris\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/27 15:37:55 | 000,007,597 | ---- | C] () -- C:\Users\Boris\AppData\Local\Resmon.ResmonCfg
[2012/06/26 22:03:21 | 000,001,738 | ---- | C] () -- C:\Windows\SysWow64\EmailAVConfig.xml
[2012/06/26 22:03:20 | 000,019,220 | ---- | C] () -- C:\Windows\SysWow64\FirewallConfig.xml
[2012/06/26 22:03:20 | 000,001,190 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/06/26 19:18:55 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/06/23 21:18:22 | 000,000,847 | ---- | C] () -- C:\Users\Boris\Desktop\Crossfire Europe.lnk
[2012/06/23 20:55:36 | 571,203,792 | ---- | C] () -- C:\Users\Boris\Desktop\Crossfire_Install_1077.exe
[2012/06/21 22:15:18 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/06/21 22:14:50 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/06 21:39:23 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk
[2012/01/24 18:41:01 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/12/11 01:38:16 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/08/16 16:27:03 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/09/21 19:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== LOP Check ==========

[2012/05/17 14:58:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\.minecraft
[2012/06/26 19:22:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ad-Aware Antivirus
[2012/02/20 10:49:55 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Babylon
[2012/05/15 15:22:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Cetuy
[2012/05/03 23:06:58 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\fltk.org
[2011/12/10 18:30:17 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\LolClient
[2012/05/26 11:44:58 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\LolClient2
[2012/05/15 15:22:35 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Odraw
[2011/12/12 16:18:28 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\OpenOffice.org
[2011/12/10 16:57:43 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Opera
[2011/12/10 16:50:20 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\PictureMover
[2012/06/21 16:08:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TeamViewer
[2012/02/11 16:43:58 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TS3Client
[2011/12/11 18:41:24 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\WinBatch
[2012/05/15 15:22:44 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Yqiho
[2012/05/11 22:32:54 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/05/29 23:43:22 | 000,083,519 | ---- | C] ()(C:\Users\Boris\Documents\PvZ Kingler vs M?Stephano on Autel Tal'darim EC[f36edc22].SC2Replay) -- C:\Users\Boris\Documents\PvZ Kingler vs MǂStephano on Autel Tal'darim EC[f36edc22].SC2Replay
[2012/05/29 23:43:22 | 000,082,467 | ---- | C] ()(C:\Users\Boris\Documents\PvZ OMGDTDROP vs M?Stephano on Chantier naval d’Antiga[40e523fb].SC2Replay) -- C:\Users\Boris\Documents\PvZ OMGDTDROP vs MǂStephano on Chantier naval d’Antiga[40e523fb].SC2Replay
[2012/05/29 23:43:22 | 000,072,740 | ---- | C] ()(C:\Users\Boris\Documents\PvZ NaViBabyK vs M?Stephano on Plateau de Shakuras[9676f740].SC2Replay) -- C:\Users\Boris\Documents\PvZ NaViBabyK vs MǂStephano on Plateau de Shakuras[9676f740].SC2Replay
[2012/05/29 23:43:22 | 000,066,166 | ---- | C] ()(C:\Users\Boris\Documents\PvZ OMGDTDROP vs M?Stephano on Temple brisé[f8ac07e8].SC2Replay) -- C:\Users\Boris\Documents\PvZ OMGDTDROP vs MǂStephano on Temple brisé[f8ac07e8].SC2Replay
[2012/05/29 23:43:22 | 000,065,307 | ----Default | C] ()(C:\Users\Boris\Documents\PvZ Grubby vs M?Stephano on Métalopolis[4c848de2].SC2Replay) -- C:\Users\Boris\Documents\PvZ Grubby vs MǂStephano on Métalopolis[4c848de2].SC2Replay
[2012/05/29 23:43:22 | 000,053,769 | ---- | C] ()(C:\Users\Boris\Documents\PvZ WhiteRa vs M?Stephano on Crypte des Nérazims[0dfe49f8].SC2Replay) -- C:\Users\Boris\Documents\PvZ WhiteRa vs MǂStephano on Crypte des Nérazims[0dfe49f8].SC2Replay
[2012/05/29 23:43:22 | 000,041,549 | ---- | C] ()(C:\Users\Boris\Documents\PvZ DreAm vs M?Stephano on Métalopolis[b354f8ea].SC2Replay) -- C:\Users\Boris\Documents\PvZ DreAm vs MǂStephano on Métalopolis[b354f8ea].SC2Replay
[2012/05/29 23:43:22 | 000,010,622 | ---- | C] ()(C:\Users\Boris\Documents\PvZ OMGDTDROP vs M?Stephano on Autel Tal'darim EC[e5658df6].SC2Replay) -- C:\Users\Boris\Documents\PvZ OMGDTDROP vs MǂStephano on Autel Tal'darim EC[e5658df6].SC2Replay
[2011/11/06 00:42:56 | 000,082,467 | ---- | M] ()(C:\Users\Boris\Documents\PvZ OMGDTDROP vs M?Stephano on Chantier naval d’Antiga[40e523fb].SC2Replay) -- C:\Users\Boris\Documents\PvZ OMGDTDROP vs MǂStephano on Chantier naval d’Antiga[40e523fb].SC2Replay
[2011/11/06 00:42:54 | 000,065,307 | ---- | M] ()(C:\Users\Boris\Documents\PvZ Grubby vs M?Stephano on Métalopolis[4c848de2].SC2Replay) -- C:\Users\Boris\Documents\PvZ Grubby vs MǂStephano on Métalopolis[4c848de2].SC2Replay
[2011/11/06 00:42:54 | 000,053,769 | ---- | M] ()(C:\Users\Boris\Documents\PvZ WhiteRa vs M?Stephano on Crypte des Nérazims[0dfe49f8].SC2Replay) -- C:\Users\Boris\Documents\PvZ WhiteRa vs MǂStephano on Crypte des Nérazims[0dfe49f8].SC2Replay
[2011/11/06 00:42:52 | 000,083,519 | ---- | M] ()(C:\Users\Boris\Documents\PvZ Kingler vs M?Stephano on Autel Tal'darim EC[f36edc22].SC2Replay) -- C:\Users\Boris\Documents\PvZ Kingler vs MǂStephano on Autel Tal'darim EC[f36edc22].SC2Replay
[2011/11/06 00:42:52 | 000,072,740 | ---- | M] ()(C:\Users\Boris\Documents\PvZ NaViBabyK vs M?Stephano on Plateau de Shakuras[9676f740].SC2Replay) -- C:\Users\Boris\Documents\PvZ NaViBabyK vs MǂStephano on Plateau de Shakuras[9676f740].SC2Replay
[2011/11/06 00:42:52 | 000,041,549 | ---- | M] ()(C:\Users\Boris\Documents\PvZ DreAm vs M?Stephano on Métalopolis[b354f8ea].SC2Replay) -- C:\Users\Boris\Documents\PvZ DreAm vs MǂStephano on Métalopolis[b354f8ea].SC2Replay
[2011/11/06 00:42:50 | 000,066,166 | ---- | M] ()(C:\Users\Boris\Documents\PvZ OMGDTDROP vs M?Stephano on Temple brisé[f8ac07e8].SC2Replay) -- C:\Users\Boris\Documents\PvZ OMGDTDROP vs MǂStephano on Temple brisé[f8ac07e8].SC2Replay
[2011/11/06 00:42:44 | 000,010,622 | ---- | M] ()(C:\Users\Boris\Documents\PvZ OMGDTDROP vs M?Stephano on Autel Tal'darim EC[e5658df6].SC2Replay) -- C:\Users\Boris\Documents\PvZ OMGDTDROP vs MǂStephano on Autel Tal'darim EC[e5658df6].SC2Replay

< End of report >




Good luck and thanks in advance, I'll be checking this topic at least daily, probably more.

EDIT: I forgot to mention that the ads sometimes feature a jumble of words obviously from the page I'm looking at at that particular moment. Although it appears only in browsers (in both Opera and Google Chrome at least) it still continues to display ads when I used Ad Aware firewall to block all internet traffic, so the ads are either stored on my computer or bypass the firewall completely.

One last thing: today I noticed upon starting my computer up that it was very slow to load anything and refused to open Ad Aware at all. I proceeded to reboot which apparently remedied that symptom until later today where it happened again with the same results.

Edited by RKinner, 27 June 2012 - 09:57 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,783 posts
  • MVP
Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Copy the text in the code box:


nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron
  • 0

#3
BackToBusiness

BackToBusiness

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
aswMBR log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-28 18:09:42
-----------------------------
18:09:42.736 OS Version: Windows x64 6.1.7600
18:09:42.736 Number of processors: 6 586 0xA00
18:09:42.737 ComputerName: HP_KAASVRETER UserName: Boris
18:09:45.012 Initialize success
18:11:29.377 AVAST engine defs: 12062800
18:11:55.852 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
18:11:55.854 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 11
18:11:55.857 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005c
18:11:55.859 Disk 1 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 11
18:11:55.867 Disk 0 MBR read successfully
18:11:55.870 Disk 0 MBR scan
18:11:55.874 Disk 0 unknown MBR code
18:11:55.878 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:11:55.887 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 940106 MB offset 206848
18:11:55.920 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13661 MB offset 1925543936
18:11:55.961 Disk 0 scanning C:\Windows\system32\drivers
18:12:03.758 Service scanning
18:12:23.232 Modules scanning
18:12:25.700 AVAST engine scan C:\Windows
18:12:30.100 AVAST engine scan C:\Windows\system32
18:16:05.760 AVAST engine scan C:\Windows\system32\drivers
18:16:15.227 AVAST engine scan C:\Users\Boris
18:29:39.746 AVAST engine scan C:\ProgramData
18:33:39.913 Scan finished successfully
18:34:25.737 Disk 0 MBR has been saved successfully to "C:\Users\Boris\Desktop\MBR.dat"
18:34:25.805 The log file has been saved successfully to "C:\Users\Boris\Desktop\aswMBR.txt"


Combofix log:


ComboFix 12-06-28.01 - Boris 28-06-2012 18:54:17.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1033.18.6143.4541 [GMT 2:00]
Gestart vanuit: c:\users\Boris\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
C:\Launcher.exe
C:\Thumbs.db
c:\users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk
c:\users\Boris\AppData\Roaming\Odraw
c:\users\Boris\AppData\Roaming\Odraw\zoox.ozc
c:\windows\system32\drivers\etc\hosts.txt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-05-28 to 2012-06-28 ))))))))))))))))))))))))))))))
.
.
2012-06-28 17:00 . 2012-06-28 17:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-28 16:46 . 2012-06-28 16:46 -------- d-----w- c:\programdata\GFI Software
2012-06-26 17:19 . 2012-06-26 17:19 -------- d-----w- c:\users\Boris\AppData\Local\adaware
2012-06-26 17:18 . 2012-06-26 17:19 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-06-26 17:18 . 2012-06-26 17:18 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-06-26 17:18 . 2012-06-26 17:18 -------- d-----w- c:\program files (x86)\adawaretb
2012-06-24 11:35 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2012-06-24 11:31 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 11:31 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 11:31 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 11:31 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 11:30 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-24 11:30 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 11:30 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 11:30 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 11:30 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-23 19:15 . 2012-06-23 19:15 -------- d-----w- C:\SG Interactive
2012-06-23 09:24 . 2012-06-23 09:24 -------- d-----w- c:\windows\nl
2012-06-23 09:23 . 2012-06-23 09:23 -------- d-----w- c:\windows\en
2012-06-23 09:21 . 2012-06-23 09:21 -------- d-----w- c:\program files\Windows Live
2012-06-23 09:17 . 2012-06-23 09:17 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4eac5d01cd512003\DSETUP.dll
2012-06-23 09:17 . 2012-06-23 09:17 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4eac5d01cd512003\DXSETUP.exe
2012-06-23 09:17 . 2012-06-23 09:17 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4eac5d01cd512003\dsetup32.dll
2012-06-22 10:03 . 2012-06-22 10:03 -------- d-----w- c:\users\Boris\AppData\Local\Diagnostics
2012-06-21 20:14 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-06-21 14:08 . 2012-06-21 14:08 -------- d-----w- c:\users\Boris\AppData\Roaming\TeamViewer
2012-06-16 19:29 . 2012-06-16 19:31 -------- d-----w- c:\program files (x86)\Tremulous
2012-06-13 10:44 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 10:44 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 10:44 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 10:44 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 10:44 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 10:44 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 10:44 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 10:44 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 10:43 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 10:43 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll
2012-06-13 10:43 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 10:43 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 10:43 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 10:43 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 10:43 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 10:43 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 10:43 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-06 19:33 . 2012-06-06 19:33 -------- d-----w- c:\program files (x86)\alaplaya
2012-06-06 19:33 . 2003-08-15 14:02 69632 ------w- c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2012-06-06 19:33 . 2003-08-15 14:01 380928 ------w- c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2012-06-06 19:33 . 2003-08-15 13:57 212992 ------w- c:\program files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2012-06-06 19:32 . 2003-09-03 00:28 724992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-06-06 19:32 . 2003-09-03 00:27 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-06-06 19:32 . 2003-09-03 00:26 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-06-06 19:32 . 2003-09-03 00:26 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-06-06 19:32 . 2003-09-03 00:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-06-06 19:32 . 2012-06-06 19:32 184452 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-06-06 19:32 . 2012-06-06 19:32 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-06-06 18:04 . 2012-06-27 20:24 -------- d-----w- c:\users\Boris\AppData\Local\Akamai
2012-06-06 18:04 . 2012-06-28 17:05 -------- d-----w- c:\program files (x86)\Common Files\Akamai
2012-06-04 14:25 . 2012-06-04 14:25 -------- d-----w- C:\$AVG
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 10:36 . 2012-04-09 12:01 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-13 10:36 . 2011-12-10 15:26 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 11:31 . 2012-04-09 12:31 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}]
2011-12-22 21:17 262312 ----a-w- c:\program files (x86)\blekkotb\auxi\blekkoAu.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
2011-12-22 21:16 86696 ----a-w- c:\program files (x86)\blekkotb\blekkoDx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{26c9e18c-3717-4be1-a225-04e4471f5b6e}"= "c:\program files (x86)\blekkotb\blekkoDx.dll" [2011-12-22 86696]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-04-11 87440]
.
[HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-12-22 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-07 17425072]
"Akamai NetSession Interface"="c:\users\Boris\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-08-30 61112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-12-21 206504]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 136176]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-11 1255736]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-11-05 1041760]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-22 131688]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhoud van de 'Gedeelde Taken' map
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 15:26]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 15:26]
.
2012-06-24 c:\windows\Tasks\HPCeeScheduleForBoris.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-06-08 c:\windows\Tasks\HPCeeScheduleForHP_KAASVRETER$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.bing.com?pc=HPDTDF
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com?pc=HPDTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 195.121.1.34 195.121.1.66
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKCU-Run-KPeerNexonEU - c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-BabylonToolbar - c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_80c2ffa.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Voltooingstijd: 2012-06-28 19:33:53 - machine werd herstart
ComboFix-quarantined-files.txt 2012-06-28 17:33
.
Pre-Run: 861.328.314.368 bytes free
Post-Run: 862.686.822.400 bytes free
.
- - End Of File - - 82B8E6464365A7C6893A996DE0D78A64


TDSSKiller log:

19:44:16.0364 1108 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
19:44:16.0784 1108 ============================================================
19:44:16.0785 1108 Current date / time: 2012/06/28 19:44:16.0784
19:44:16.0785 1108 SystemInfo:
19:44:16.0785 1108
19:44:16.0785 1108 OS Version: 6.1.7600 ServicePack: 0.0
19:44:16.0785 1108 Product type: Workstation
19:44:16.0785 1108 ComputerName: HP_KAASVRETER
19:44:16.0785 1108 UserName: Boris
19:44:16.0785 1108 Windows directory: C:\Windows
19:44:16.0785 1108 System windows directory: C:\Windows
19:44:16.0785 1108 Running under WOW64
19:44:16.0785 1108 Processor architecture: Intel x64
19:44:16.0785 1108 Number of processors: 6
19:44:16.0786 1108 Page size: 0x1000
19:44:16.0786 1108 Boot type: Normal boot
19:44:16.0786 1108 ============================================================
19:44:17.0580 1108 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:44:17.0580 1108 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:44:17.0604 1108 ============================================================
19:44:17.0604 1108 \Device\Harddisk0\DR0:
19:44:17.0604 1108 MBR partitions:
19:44:17.0604 1108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:44:17.0604 1108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72C25000
19:44:17.0604 1108 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72C57800, BlocksNum 0x1AAE800
19:44:17.0604 1108 \Device\Harddisk1\DR1:
19:44:17.0604 1108 MBR partitions:
19:44:17.0604 1108 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
19:44:17.0604 1108 ============================================================
19:44:17.0621 1108 C: <-> \Device\Harddisk0\DR0\Partition1
19:44:17.0622 1108 E: <-> \Device\Harddisk1\DR1\Partition0
19:44:17.0669 1108 D: <-> \Device\Harddisk0\DR0\Partition2
19:44:17.0669 1108 ============================================================
19:44:17.0669 1108 Initialize success
19:44:17.0669 1108 ============================================================
19:44:28.0495 1424 ============================================================
19:44:28.0495 1424 Scan started
19:44:28.0495 1424 Mode: Manual; SigCheck; TDLFS;
19:44:28.0495 1424 ============================================================
19:44:29.0068 1424 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:44:29.0146 1424 1394ohci - ok
19:44:29.0192 1424 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:44:29.0224 1424 ACPI - ok
19:44:29.0255 1424 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:44:29.0286 1424 AcpiPmi - ok
19:44:29.0333 1424 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:44:29.0364 1424 adp94xx - ok
19:44:29.0395 1424 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:44:29.0395 1424 adpahci - ok
19:44:29.0426 1424 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:44:29.0442 1424 adpu320 - ok
19:44:29.0458 1424 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:44:29.0504 1424 AeLookupSvc - ok
19:44:29.0567 1424 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
19:44:29.0598 1424 AFD - ok
19:44:29.0614 1424 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:44:29.0629 1424 agp440 - ok
19:44:29.0941 1424 Akamai (c775d704feb2b600a5bf7b0b088546af) C:/Program Files (x86)/Common Files/Akamai/netsession_win_80c2ffa.dll
19:44:29.0988 1424 Akamai - ok
19:44:30.0113 1424 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:44:30.0144 1424 ALG - ok
19:44:30.0191 1424 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:44:30.0222 1424 aliide - ok
19:44:30.0222 1424 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:44:30.0238 1424 amdide - ok
19:44:30.0238 1424 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:44:30.0253 1424 AmdK8 - ok
19:44:30.0284 1424 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:44:30.0300 1424 AmdPPM - ok
19:44:30.0331 1424 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
19:44:30.0362 1424 amdsata - ok
19:44:30.0394 1424 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:44:30.0425 1424 amdsbs - ok
19:44:30.0440 1424 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
19:44:30.0456 1424 amdxata - ok
19:44:30.0472 1424 amd_sata (8a2b4818215d8a6ff54dc3f0d63cbb2d) C:\Windows\system32\DRIVERS\amd_sata.sys
19:44:30.0487 1424 amd_sata - ok
19:44:30.0487 1424 amd_xata (a2d8977623e13591b15f6370c6cc37b0) C:\Windows\system32\DRIVERS\amd_xata.sys
19:44:30.0503 1424 amd_xata - ok
19:44:30.0534 1424 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:44:30.0565 1424 AppID - ok
19:44:30.0581 1424 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:44:30.0628 1424 AppIDSvc - ok
19:44:30.0643 1424 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
19:44:30.0690 1424 Appinfo - ok
19:44:30.0737 1424 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:44:30.0752 1424 arc - ok
19:44:30.0752 1424 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:44:30.0768 1424 arcsas - ok
19:44:30.0784 1424 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:44:30.0799 1424 AsyncMac - ok
19:44:30.0830 1424 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:44:30.0846 1424 atapi - ok
19:44:30.0862 1424 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
19:44:30.0862 1424 AtiPcie - ok
19:44:30.0940 1424 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
19:44:30.0971 1424 AudioEndpointBuilder - ok
19:44:30.0986 1424 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
19:44:31.0002 1424 AudioSrv - ok
19:44:31.0033 1424 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
19:44:31.0096 1424 AxInstSV - ok
19:44:31.0158 1424 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:44:31.0189 1424 b06bdrv - ok
19:44:31.0236 1424 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:44:31.0267 1424 b57nd60a - ok
19:44:31.0392 1424 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
19:44:31.0439 1424 BBSvc - ok
19:44:31.0486 1424 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
19:44:31.0517 1424 BBUpdate - ok
19:44:31.0532 1424 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:44:31.0564 1424 BDESVC - ok
19:44:31.0595 1424 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:44:31.0642 1424 Beep - ok
19:44:31.0720 1424 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
19:44:31.0751 1424 BFE - ok
19:44:31.0829 1424 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
19:44:31.0876 1424 BITS - ok
19:44:31.0922 1424 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:44:31.0938 1424 blbdrive - ok
19:44:31.0969 1424 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:44:32.0000 1424 bowser - ok
19:44:32.0032 1424 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:44:32.0047 1424 BrFiltLo - ok
19:44:32.0047 1424 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:44:32.0063 1424 BrFiltUp - ok
19:44:32.0078 1424 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:44:32.0125 1424 BridgeMP - ok
19:44:32.0141 1424 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
19:44:32.0172 1424 Browser - ok
19:44:32.0219 1424 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:44:32.0250 1424 Brserid - ok
19:44:32.0266 1424 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:44:32.0281 1424 BrSerWdm - ok
19:44:32.0297 1424 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:44:32.0312 1424 BrUsbMdm - ok
19:44:32.0312 1424 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:44:32.0328 1424 BrUsbSer - ok
19:44:32.0344 1424 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:44:32.0390 1424 BTHMODEM - ok
19:44:32.0422 1424 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:44:32.0468 1424 bthserv - ok
19:44:32.0500 1424 catchme - ok
19:44:32.0531 1424 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:44:32.0624 1424 cdfs - ok
19:44:32.0656 1424 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:44:32.0702 1424 cdrom - ok
19:44:32.0734 1424 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
19:44:32.0765 1424 CertPropSvc - ok
19:44:32.0858 1424 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:44:32.0936 1424 circlass - ok
19:44:32.0983 1424 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:44:32.0999 1424 CLFS - ok
19:44:33.0061 1424 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:44:33.0092 1424 clr_optimization_v2.0.50727_32 - ok
19:44:33.0124 1424 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:44:33.0139 1424 clr_optimization_v2.0.50727_64 - ok
19:44:33.0202 1424 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:44:33.0217 1424 clr_optimization_v4.0.30319_32 - ok
19:44:33.0248 1424 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:44:33.0264 1424 clr_optimization_v4.0.30319_64 - ok
19:44:33.0280 1424 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:44:33.0311 1424 CmBatt - ok
19:44:33.0326 1424 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:44:33.0342 1424 cmdide - ok
19:44:33.0389 1424 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
19:44:33.0420 1424 CNG - ok
19:44:33.0420 1424 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:44:33.0436 1424 Compbatt - ok
19:44:33.0451 1424 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:44:33.0467 1424 CompositeBus - ok
19:44:33.0482 1424 COMSysApp - ok
19:44:33.0482 1424 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:44:33.0498 1424 crcdisk - ok
19:44:33.0529 1424 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
19:44:33.0560 1424 CryptSvc - ok
19:44:33.0623 1424 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
19:44:33.0670 1424 DcomLaunch - ok
19:44:33.0701 1424 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:44:33.0748 1424 defragsvc - ok
19:44:33.0779 1424 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:44:33.0810 1424 DfsC - ok
19:44:33.0841 1424 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
19:44:33.0904 1424 Dhcp - ok
19:44:33.0919 1424 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:44:33.0950 1424 discache - ok
19:44:33.0966 1424 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:44:33.0982 1424 Disk - ok
19:44:34.0013 1424 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
19:44:34.0028 1424 Dnscache - ok
19:44:34.0060 1424 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
19:44:34.0091 1424 dot3svc - ok
19:44:34.0122 1424 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
19:44:34.0153 1424 DPS - ok
19:44:34.0169 1424 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:44:34.0200 1424 drmkaud - ok
19:44:34.0294 1424 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:44:34.0325 1424 DXGKrnl - ok
19:44:34.0340 1424 EagleX64 - ok
19:44:34.0356 1424 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:44:34.0387 1424 EapHost - ok
19:44:34.0606 1424 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:44:34.0668 1424 ebdrv - ok
19:44:34.0756 1424 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
19:44:34.0778 1424 EFS - ok
19:44:34.0854 1424 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
19:44:34.0898 1424 ehRecvr - ok
19:44:34.0917 1424 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:44:34.0953 1424 ehSched - ok
19:44:35.0023 1424 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:44:35.0053 1424 elxstor - ok
19:44:35.0062 1424 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:44:35.0082 1424 ErrDev - ok
19:44:35.0134 1424 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:44:35.0187 1424 EventSystem - ok
19:44:35.0211 1424 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:44:35.0240 1424 exfat - ok
19:44:35.0250 1424 ezSharedSvc - ok
19:44:35.0266 1424 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:44:35.0295 1424 fastfat - ok
19:44:35.0352 1424 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
19:44:35.0403 1424 Fax - ok
19:44:35.0430 1424 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:44:35.0463 1424 fdc - ok
19:44:35.0486 1424 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:44:35.0528 1424 fdPHost - ok
19:44:35.0536 1424 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:44:35.0573 1424 FDResPub - ok
19:44:35.0586 1424 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:44:35.0594 1424 FileInfo - ok
19:44:35.0601 1424 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:44:35.0633 1424 Filetrace - ok
19:44:35.0652 1424 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:44:35.0674 1424 flpydisk - ok
19:44:35.0806 1424 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:44:35.0834 1424 FltMgr - ok
19:44:35.0944 1424 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
19:44:35.0978 1424 FontCache - ok
19:44:36.0056 1424 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:44:36.0071 1424 FontCache3.0.0.0 - ok
19:44:36.0087 1424 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:44:36.0103 1424 FsDepends - ok
19:44:36.0134 1424 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
19:44:36.0149 1424 Fs_Rec - ok
19:44:36.0196 1424 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:44:36.0243 1424 fvevol - ok
19:44:36.0259 1424 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:44:36.0290 1424 gagp30kx - ok
19:44:36.0368 1424 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
19:44:36.0399 1424 GameConsoleService - ok
19:44:36.0461 1424 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
19:44:36.0493 1424 gpsvc - ok
19:44:36.0571 1424 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:44:36.0586 1424 gupdate - ok
19:44:36.0602 1424 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:44:36.0617 1424 gupdatem - ok
19:44:36.0633 1424 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:44:36.0680 1424 hcw85cir - ok
19:44:36.0711 1424 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:44:36.0758 1424 HdAudAddService - ok
19:44:36.0789 1424 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:44:36.0820 1424 HDAudBus - ok
19:44:36.0836 1424 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:44:36.0851 1424 HidBatt - ok
19:44:36.0867 1424 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:44:36.0914 1424 HidBth - ok
19:44:36.0929 1424 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:44:36.0945 1424 HidIr - ok
19:44:36.0976 1424 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:44:37.0023 1424 hidserv - ok
19:44:37.0054 1424 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:44:37.0070 1424 HidUsb - ok
19:44:37.0101 1424 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
19:44:37.0132 1424 hkmsvc - ok
19:44:37.0148 1424 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
19:44:37.0179 1424 HomeGroupListener - ok
19:44:37.0210 1424 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
19:44:37.0226 1424 HomeGroupProvider - ok
19:44:37.0319 1424 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
19:44:37.0351 1424 HP Support Assistant Service - ok
19:44:37.0429 1424 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
19:44:37.0444 1424 HPClientSvc - ok
19:44:37.0507 1424 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
19:44:37.0522 1424 HPDrvMntSvc.exe - ok
19:44:37.0585 1424 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
19:44:37.0631 1424 hpqwmiex - ok
19:44:37.0741 1424 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:44:37.0772 1424 HpSAMD - ok
19:44:37.0834 1424 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:44:37.0897 1424 HTTP - ok
19:44:37.0912 1424 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:44:37.0912 1424 hwpolicy - ok
19:44:37.0944 1424 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:44:37.0959 1424 i8042prt - ok
19:44:37.0990 1424 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:44:38.0006 1424 iaStorV - ok
19:44:38.0115 1424 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:44:38.0146 1424 idsvc - ok
19:44:38.0178 1424 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:44:38.0178 1424 iirsp - ok
19:44:38.0256 1424 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
19:44:38.0287 1424 IKEEXT - ok
19:44:38.0458 1424 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
19:44:38.0490 1424 IntcAzAudAddService - ok
19:44:38.0583 1424 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:44:38.0614 1424 intelide - ok
19:44:38.0646 1424 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:44:38.0677 1424 intelppm - ok
19:44:38.0708 1424 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:44:38.0786 1424 IPBusEnum - ok
19:44:38.0786 1424 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:44:38.0817 1424 IpFilterDriver - ok
19:44:38.0848 1424 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
19:44:38.0880 1424 iphlpsvc - ok
19:44:38.0895 1424 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:44:38.0911 1424 IPMIDRV - ok
19:44:38.0926 1424 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:44:38.0942 1424 IPNAT - ok
19:44:38.0973 1424 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:44:38.0989 1424 IRENUM - ok
19:44:39.0004 1424 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:44:39.0020 1424 isapnp - ok
19:44:39.0036 1424 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:44:39.0051 1424 iScsiPrt - ok
19:44:39.0067 1424 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:44:39.0067 1424 kbdclass - ok
19:44:39.0082 1424 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:44:39.0098 1424 kbdhid - ok
19:44:39.0129 1424 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:44:39.0145 1424 KeyIso - ok
19:44:39.0160 1424 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
19:44:39.0160 1424 KSecDD - ok
19:44:39.0176 1424 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
19:44:39.0192 1424 KSecPkg - ok
19:44:39.0207 1424 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:44:39.0238 1424 ksthunk - ok
19:44:39.0301 1424 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:44:39.0363 1424 KtmRm - ok
19:44:39.0410 1424 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
19:44:39.0426 1424 LanmanServer - ok
19:44:39.0457 1424 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
19:44:39.0488 1424 LanmanWorkstation - ok
19:44:39.0566 1424 LightScribeService (fa4a45c179ab0e0f1a31b9751d4b18d7) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:44:39.0582 1424 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:44:39.0582 1424 LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:44:39.0613 1424 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:44:39.0691 1424 lltdio - ok
19:44:39.0722 1424 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:44:39.0784 1424 lltdsvc - ok
19:44:39.0800 1424 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:44:39.0831 1424 lmhosts - ok
19:44:39.0862 1424 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:44:39.0862 1424 LSI_FC - ok
19:44:39.0878 1424 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:44:39.0894 1424 LSI_SAS - ok
19:44:39.0894 1424 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:44:39.0909 1424 LSI_SAS2 - ok
19:44:39.0925 1424 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:44:39.0925 1424 LSI_SCSI - ok
19:44:39.0956 1424 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:44:40.0018 1424 luafv - ok
19:44:40.0034 1424 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
19:44:40.0065 1424 Mcx2Svc - ok
19:44:40.0081 1424 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:44:40.0096 1424 megasas - ok
19:44:40.0128 1424 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:44:40.0143 1424 MegaSR - ok
19:44:40.0159 1424 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:44:40.0206 1424 MMCSS - ok
19:44:40.0206 1424 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:44:40.0221 1424 Modem - ok
19:44:40.0252 1424 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:44:40.0299 1424 monitor - ok
19:44:40.0315 1424 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:44:40.0330 1424 mouclass - ok
19:44:40.0346 1424 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:44:40.0377 1424 mouhid - ok
19:44:40.0408 1424 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:44:40.0408 1424 mountmgr - ok
19:44:40.0440 1424 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:44:40.0440 1424 mpio - ok
19:44:40.0471 1424 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:44:40.0502 1424 mpsdrv - ok
19:44:40.0549 1424 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
19:44:40.0596 1424 MpsSvc - ok
19:44:40.0596 1424 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:44:40.0627 1424 MRxDAV - ok
19:44:40.0658 1424 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:44:40.0674 1424 mrxsmb - ok
19:44:40.0705 1424 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:44:40.0720 1424 mrxsmb10 - ok
19:44:40.0752 1424 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:44:40.0783 1424 mrxsmb20 - ok
19:44:40.0814 1424 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys
19:44:40.0830 1424 msahci - ok
19:44:40.0845 1424 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:44:40.0861 1424 msdsm - ok
19:44:40.0892 1424 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:44:40.0923 1424 MSDTC - ok
19:44:40.0939 1424 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:44:40.0970 1424 Msfs - ok
19:44:40.0970 1424 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:44:41.0001 1424 mshidkmdf - ok
19:44:41.0017 1424 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:44:41.0017 1424 msisadrv - ok
19:44:41.0048 1424 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:44:41.0095 1424 MSiSCSI - ok
19:44:41.0095 1424 msiserver - ok
19:44:41.0126 1424 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:44:41.0142 1424 MSKSSRV - ok
19:44:41.0157 1424 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:44:41.0173 1424 MSPCLOCK - ok
19:44:41.0188 1424 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:44:41.0220 1424 MSPQM - ok
19:44:41.0251 1424 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:44:41.0266 1424 MsRPC - ok
19:44:41.0266 1424 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:44:41.0282 1424 mssmbios - ok
19:44:41.0298 1424 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:44:41.0329 1424 MSTEE - ok
19:44:41.0344 1424 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:44:41.0360 1424 MTConfig - ok
19:44:41.0376 1424 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:44:41.0391 1424 Mup - ok
19:44:41.0438 1424 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
19:44:41.0500 1424 napagent - ok
19:44:41.0532 1424 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:44:41.0563 1424 NativeWifiP - ok
19:44:41.0625 1424 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:44:41.0672 1424 NDIS - ok
19:44:41.0688 1424 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:44:41.0734 1424 NdisCap - ok
19:44:41.0766 1424 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:44:41.0797 1424 NdisTapi - ok
19:44:41.0812 1424 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:44:41.0844 1424 Ndisuio - ok
19:44:41.0875 1424 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:44:41.0890 1424 NdisWan - ok
19:44:41.0906 1424 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:44:41.0937 1424 NDProxy - ok
19:44:41.0968 1424 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:44:42.0046 1424 NetBIOS - ok
19:44:42.0062 1424 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:44:42.0093 1424 NetBT - ok
19:44:42.0109 1424 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:44:42.0124 1424 Netlogon - ok
19:44:42.0171 1424 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:44:42.0187 1424 Netman - ok
19:44:42.0218 1424 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:44:42.0265 1424 netprofm - ok
19:44:42.0358 1424 netr28x (24cf1304d899124336f67f88f3c15e21) C:\Windows\system32\DRIVERS\netr28x.sys
19:44:42.0374 1424 netr28x - ok
19:44:42.0436 1424 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:44:42.0452 1424 NetTcpPortSharing - ok
19:44:42.0483 1424 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:44:42.0499 1424 nfrd960 - ok
19:44:42.0546 1424 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
19:44:42.0608 1424 NlaSvc - ok
19:44:42.0639 1424 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:44:42.0655 1424 Npfs - ok
19:44:42.0670 1424 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:44:42.0702 1424 nsi - ok
19:44:42.0702 1424 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:44:42.0733 1424 nsiproxy - ok
19:44:42.0879 1424 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:44:42.0914 1424 Ntfs - ok
19:44:43.0006 1424 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:44:43.0057 1424 Null - ok
19:44:43.0091 1424 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
19:44:43.0099 1424 NVHDA - ok
19:44:43.0783 1424 nvlddmkm (f0fbfe1e29ff233b0e000054c1fb968a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:44:43.0923 1424 nvlddmkm - ok
19:44:44.0032 1424 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:44:44.0048 1424 nvraid - ok
19:44:44.0079 1424 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:44:44.0095 1424 nvstor - ok
19:44:44.0142 1424 nvsvc (4e70b5247914426722621180b8764514) C:\Windows\system32\nvvsvc.exe
19:44:44.0157 1424 nvsvc - ok
19:44:44.0188 1424 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:44:44.0220 1424 nv_agp - ok
19:44:44.0235 1424 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:44:44.0266 1424 ohci1394 - ok
19:44:44.0298 1424 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:44:44.0329 1424 p2pimsvc - ok
19:44:44.0360 1424 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:44:44.0376 1424 p2psvc - ok
19:44:44.0407 1424 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:44:44.0438 1424 Parport - ok
19:44:44.0469 1424 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
19:44:44.0485 1424 partmgr - ok
19:44:44.0500 1424 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:44:44.0532 1424 PcaSvc - ok
19:44:44.0563 1424 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:44:44.0578 1424 pci - ok
19:44:44.0594 1424 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:44:44.0594 1424 pciide - ok
19:44:44.0625 1424 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:44:44.0641 1424 pcmcia - ok
19:44:44.0656 1424 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:44:44.0688 1424 pcw - ok
19:44:44.0797 1424 pdfcDispatcher - ok
19:44:44.0875 1424 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:44:44.0953 1424 PEAUTH - ok
19:44:45.0015 1424 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:44:45.0046 1424 PerfHost - ok
19:44:45.0156 1424 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
19:44:45.0234 1424 pla - ok
19:44:45.0280 1424 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
19:44:45.0312 1424 PlugPlay - ok
19:44:45.0327 1424 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:44:45.0343 1424 PNRPAutoReg - ok
19:44:45.0374 1424 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:44:45.0390 1424 PNRPsvc - ok
19:44:45.0421 1424 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
19:44:45.0452 1424 PolicyAgent - ok
19:44:45.0483 1424 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:44:45.0514 1424 Power - ok
19:44:45.0561 1424 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:44:45.0624 1424 PptpMiniport - ok
19:44:45.0639 1424 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:44:45.0655 1424 Processor - ok
19:44:45.0686 1424 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
19:44:45.0733 1424 ProfSvc - ok
19:44:45.0764 1424 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:44:45.0764 1424 ProtectedStorage - ok
19:44:45.0809 1424 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:44:45.0854 1424 Psched - ok
19:44:45.0943 1424 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:44:45.0981 1424 ql2300 - ok
19:44:46.0109 1424 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:44:46.0139 1424 ql40xx - ok
19:44:46.0179 1424 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:44:46.0211 1424 QWAVE - ok
19:44:46.0222 1424 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:44:46.0236 1424 QWAVEdrv - ok
19:44:46.0259 1424 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:44:46.0285 1424 RasAcd - ok
19:44:46.0305 1424 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:44:46.0331 1424 RasAgileVpn - ok
19:44:46.0345 1424 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:44:46.0384 1424 RasAuto - ok
19:44:46.0406 1424 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:44:46.0432 1424 Rasl2tp - ok
19:44:46.0465 1424 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
19:44:46.0504 1424 RasMan - ok
19:44:46.0539 1424 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:44:46.0599 1424 RasPppoe - ok
19:44:46.0618 1424 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:44:46.0643 1424 RasSstp - ok
19:44:46.0663 1424 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:44:46.0701 1424 rdbss - ok
19:44:46.0709 1424 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:44:46.0730 1424 rdpbus - ok
19:44:46.0754 1424 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:44:46.0780 1424 RDPCDD - ok
19:44:46.0795 1424 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:44:46.0813 1424 RDPENCDD - ok
19:44:46.0828 1424 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:44:46.0844 1424 RDPREFMP - ok
19:44:46.0875 1424 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
19:44:46.0891 1424 RDPWD - ok
19:44:46.0922 1424 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:44:46.0953 1424 rdyboost - ok
19:44:46.0969 1424 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:44:47.0016 1424 RemoteAccess - ok
19:44:47.0047 1424 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:44:47.0078 1424 RemoteRegistry - ok
19:44:47.0078 1424 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:44:47.0109 1424 RpcEptMapper - ok
19:44:47.0125 1424 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:44:47.0125 1424 RpcLocator - ok
19:44:47.0156 1424 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\System32\rpcss.dll
19:44:47.0187 1424 RpcSs - ok
19:44:47.0218 1424 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:44:47.0281 1424 rspndr - ok
19:44:47.0328 1424 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:44:47.0328 1424 RTL8167 - ok
19:44:47.0359 1424 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:44:47.0359 1424 SamSs - ok
19:44:47.0374 1424 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:44:47.0390 1424 sbp2port - ok
19:44:47.0406 1424 SBRE - ok
19:44:47.0421 1424 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:44:47.0468 1424 SCardSvr - ok
19:44:47.0484 1424 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:44:47.0499 1424 scfilter - ok
19:44:47.0593 1424 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
19:44:47.0624 1424 Schedule - ok
19:44:47.0640 1424 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
19:44:47.0671 1424 SCPolicySvc - ok
19:44:47.0686 1424 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
19:44:47.0718 1424 SDRSVC - ok
19:44:47.0764 1424 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:44:47.0838 1424 secdrv - ok
19:44:47.0850 1424 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
19:44:47.0889 1424 seclogon - ok
19:44:47.0901 1424 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:44:47.0934 1424 SENS - ok
19:44:47.0947 1424 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:44:47.0961 1424 SensrSvc - ok
19:44:47.0975 1424 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:44:47.0994 1424 Serenum - ok
19:44:48.0007 1424 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:44:48.0023 1424 Serial - ok
19:44:48.0039 1424 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:44:48.0059 1424 sermouse - ok
19:44:48.0088 1424 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
19:44:48.0117 1424 SessionEnv - ok
19:44:48.0141 1424 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:44:48.0185 1424 sffdisk - ok
19:44:48.0197 1424 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:44:48.0215 1424 sffp_mmc - ok
19:44:48.0220 1424 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:44:48.0239 1424 sffp_sd - ok
19:44:48.0265 1424 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:44:48.0281 1424 sfloppy - ok
19:44:48.0331 1424 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:44:48.0395 1424 SharedAccess - ok
19:44:48.0428 1424 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
19:44:48.0460 1424 ShellHWDetection - ok
19:44:48.0478 1424 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:44:48.0486 1424 SiSRaid2 - ok
19:44:48.0507 1424 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:44:48.0516 1424 SiSRaid4 - ok
19:44:48.0617 1424 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:44:48.0629 1424 SkypeUpdate - ok
19:44:48.0656 1424 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:44:48.0691 1424 Smb - ok
19:44:48.0730 1424 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:44:48.0751 1424 SNMPTRAP - ok
19:44:48.0775 1424 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:44:48.0782 1424 spldr - ok
19:44:48.0829 1424 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
19:44:48.0844 1424 Spooler - ok
19:44:49.0094 1424 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
19:44:49.0141 1424 sppsvc - ok
19:44:49.0250 1424 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:44:49.0312 1424 sppuinotify - ok
19:44:49.0375 1424 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:44:49.0406 1424 srv - ok
19:44:49.0437 1424 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:44:49.0484 1424 srv2 - ok
19:44:49.0500 1424 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:44:49.0515 1424 srvnet - ok
19:44:49.0546 1424 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:44:49.0593 1424 SSDPSRV - ok
19:44:49.0593 1424 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:44:49.0640 1424 SstpSvc - ok
19:44:49.0687 1424 Steam Client Service - ok
19:44:49.0718 1424 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:44:49.0749 1424 stexstor - ok
19:44:49.0812 1424 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
19:44:49.0843 1424 stisvc - ok
19:44:49.0858 1424 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:44:49.0858 1424 swenum - ok
19:44:49.0905 1424 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:44:49.0936 1424 swprv - ok
19:44:50.0061 1424 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
19:44:50.0092 1424 SysMain - ok
19:44:50.0186 1424 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
19:44:50.0217 1424 TabletInputService - ok
19:44:50.0248 1424 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
19:44:50.0295 1424 TapiSrv - ok
19:44:50.0311 1424 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:44:50.0342 1424 TBS - ok
19:44:50.0514 1424 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
19:44:50.0560 1424 Tcpip - ok
19:44:50.0732 1424 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
19:44:50.0779 1424 TCPIP6 - ok
19:44:50.0826 1424 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:44:50.0888 1424 tcpipreg - ok
19:44:50.0904 1424 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:44:50.0919 1424 TDPIPE - ok
19:44:50.0950 1424 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
19:44:50.0997 1424 TDTCP - ok
19:44:51.0013 1424 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:44:51.0044 1424 tdx - ok
19:44:51.0044 1424 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:44:51.0060 1424 TermDD - ok
19:44:51.0122 1424 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
19:44:51.0153 1424 TermService - ok
19:44:51.0169 1424 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:44:51.0200 1424 Themes - ok
19:44:51.0231 1424 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:44:51.0247 1424 THREADORDER - ok
19:44:51.0262 1424 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:44:51.0294 1424 TrkWks - ok
19:44:51.0340 1424 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
19:44:51.0372 1424 TrustedInstaller - ok
19:44:51.0387 1424 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:44:51.0434 1424 tssecsrv - ok
19:44:51.0465 1424 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:44:51.0512 1424 tunnel - ok
19:44:51.0528 1424 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:44:51.0528 1424 uagp35 - ok
19:44:51.0559 1424 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:44:51.0590 1424 udfs - ok
19:44:51.0621 1424 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:44:51.0637 1424 UI0Detect - ok
19:44:51.0637 1424 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:44:51.0652 1424 uliagpkx - ok
19:44:51.0668 1424 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:44:51.0684 1424 umbus - ok
19:44:51.0684 1424 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:44:51.0708 1424 UmPass - ok
19:44:51.0739 1424 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:44:51.0780 1424 upnphost - ok
19:44:51.0799 1424 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
19:44:51.0834 1424 usbccgp - ok
19:44:51.0870 1424 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:44:51.0900 1424 usbcir - ok
19:44:51.0924 1424 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
19:44:51.0931 1424 usbehci - ok
19:44:51.0947 1424 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
19:44:51.0954 1424 usbfilter - ok
19:44:52.0000 1424 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
19:44:52.0038 1424 usbhub - ok
19:44:52.0052 1424 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
19:44:52.0073 1424 usbohci - ok
19:44:52.0096 1424 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:44:52.0119 1424 usbprint - ok
19:44:52.0142 1424 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
19:44:52.0163 1424 USBSTOR - ok
19:44:52.0184 1424 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
19:44:52.0199 1424 usbuhci - ok
19:44:52.0222 1424 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:44:52.0281 1424 UxSms - ok
19:44:52.0305 1424 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:44:52.0313 1424 VaultSvc - ok
19:44:52.0338 1424 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:44:52.0349 1424 vdrvroot - ok
19:44:52.0389 1424 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
19:44:52.0431 1424 vds - ok
19:44:52.0446 1424 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:44:52.0457 1424 vga - ok
19:44:52.0472 1424 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:44:52.0505 1424 VgaSave - ok
19:44:52.0528 1424 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:44:52.0538 1424 vhdmp - ok
19:44:52.0549 1424 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:44:52.0556 1424 viaide - ok
19:44:52.0569 1424 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:44:52.0578 1424 volmgr - ok
19:44:52.0601 1424 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:44:52.0613 1424 volmgrx - ok
19:44:52.0636 1424 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:44:52.0648 1424 volsnap - ok
19:44:52.0671 1424 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:44:52.0671 1424 vsmraid - ok
19:44:52.0781 1424 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
19:44:52.0812 1424 VSS - ok
19:44:52.0905 1424 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:44:52.0937 1424 vwifibus - ok
19:44:52.0952 1424 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:44:52.0983 1424 vwififlt - ok
19:44:52.0999 1424 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:44:53.0015 1424 vwifimp - ok
19:44:53.0046 1424 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:44:53.0077 1424 W32Time - ok
19:44:53.0093 1424 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:44:53.0108 1424 WacomPen - ok
19:44:53.0139 1424 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:44:53.0171 1424 WANARP - ok
19:44:53.0171 1424 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:44:53.0202 1424 Wanarpv6 - ok
19:44:53.0327 1424 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:44:53.0373 1424 WatAdminSvc - ok
19:44:53.0467 1424 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
19:44:53.0529 1424 wbengine - ok
19:44:53.0623 1424 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:44:53.0639 1424 WbioSrvc - ok
19:44:53.0685 1424 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
19:44:53.0732 1424 wcncsvc - ok
19:44:53.0795 1424 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:44:53.0826 1424 WcsPlugInService - ok
19:44:53.0869 1424 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:44:53.0884 1424 Wd - ok
19:44:53.0931 1424 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:44:53.0961 1424 Wdf01000 - ok
19:44:53.0973 1424 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:44:53.0999 1424 WdiServiceHost - ok
19:44:54.0001 1424 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:44:54.0014 1424 WdiSystemHost - ok
19:44:54.0045 1424 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
19:44:54.0067 1424 WebClient - ok
19:44:54.0098 1424 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:44:54.0141 1424 Wecsvc - ok
19:44:54.0156 1424 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:44:54.0182 1424 wercplsupport - ok
19:44:54.0210 1424 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:44:54.0237 1424 WerSvc - ok
19:44:54.0276 1424 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:44:54.0324 1424 WfpLwf - ok
19:44:54.0336 1424 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:44:54.0344 1424 WIMMount - ok
19:44:54.0372 1424 WinDefend - ok
19:44:54.0376 1424 WinHttpAutoProxySvc - ok
19:44:54.0412 1424 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:44:54.0451 1424 Winmgmt - ok
19:44:54.0581 1424 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
19:44:54.0637 1424 WinRM - ok
19:44:54.0787 1424 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:44:54.0817 1424 Wlansvc - ok
19:44:54.0984 1424 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:44:55.0015 1424 wlidsvc - ok
19:44:55.0078 1424 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:44:55.0109 1424 WmiAcpi - ok
19:44:55.0187 1424 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:44:55.0202 1424 wmiApSrv - ok
19:44:55.0234 1424 WMPNetworkSvc - ok
19:44:55.0249 1424 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:44:55.0280 1424 WPCSvc - ok
19:44:55.0296 1424 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
19:44:55.0327 1424 WPDBusEnum - ok
19:44:55.0358 1424 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:44:55.0390 1424 ws2ifsl - ok
19:44:55.0421 1424 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
19:44:55.0452 1424 wscsvc - ok
19:44:55.0452 1424 WSearch - ok
19:44:55.0639 1424 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:44:55.0686 1424 wuauserv - ok
19:44:55.0795 1424 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:44:55.0858 1424 WudfPf - ok
19:44:55.0889 1424 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:44:55.0904 1424 WUDFRd - ok
19:44:55.0920 1424 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
19:44:55.0967 1424 wudfsvc - ok
19:44:55.0982 1424 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:44:55.0998 1424 WwanSvc - ok
19:44:56.0076 1424 X6va008 - ok
19:44:56.0092 1424 MBR (0x1B8) (a5a5ed0a94039c16ac2861624629ccc3) \Device\Harddisk0\DR0
19:44:56.0388 1424 \Device\Harddisk0\DR0 - ok
19:44:56.0404 1424 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:44:57.0137 1424 \Device\Harddisk1\DR1 - ok
19:44:57.0137 1424 Boot (0x1200) (9ed98489e83e13873dcef85fbad4f8ea) \Device\Harddisk0\DR0\Partition0
19:44:57.0137 1424 \Device\Harddisk0\DR0\Partition0 - ok
19:44:57.0152 1424 Boot (0x1200) (1b12671326a8680b4e03ef628c60ca91) \Device\Harddisk0\DR0\Partition1
19:44:57.0168 1424 \Device\Harddisk0\DR0\Partition1 - ok
19:44:57.0199 1424 Boot (0x1200) (6ad9ec187254c1b25117f7efeb2a588f) \Device\Harddisk0\DR0\Partition2
19:44:57.0199 1424 \Device\Harddisk0\DR0\Partition2 - ok
19:44:57.0199 1424 Boot (0x1200) (3338ac64d0ac95a2cd4090a0905e245c) \Device\Harddisk1\DR1\Partition0
19:44:57.0199 1424 \Device\Harddisk1\DR1\Partition0 - ok
19:44:57.0199 1424 ============================================================
19:44:57.0199 1424 Scan finished
19:44:57.0199 1424 ============================================================
19:44:57.0215 4280 Detected object count: 1
19:44:57.0215 4280 Actual detected object count: 1
19:49:47.0832 4280 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:49:47.0832 4280 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:49:52.0172 3572 Deinitialize success


Mbam log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.28.09

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Boris :: HP_KAASVRETER [administrator]

28-6-2012 20:03:15
mbam-log-2012-06-28 (20-03-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216499
Time elapsed: 1 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Boris\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.

(end)

OTL.txt

OTL logfile created on: 6/28/2012 8:18:42 PM - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Boris\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy

6.00 Gb Total Physical Memory | 4.24 Gb Available Physical Memory | 70.60% Memory free
12.00 Gb Paging File | 10.07 Gb Available in Paging File | 83.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.07 Gb Total Space | 803.56 Gb Free Space | 87.53% Space Free | Partition Type: NTFS
Drive D: | 13.34 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 931.39 Gb Free Space | 99.99% Space Free | Partition Type: NTFS

Computer Name: HP_KAASVRETER | User Name: Boris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/28 20:17:31 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Boris\Downloads\OTL (1).exe
PRC - [2012/06/20 11:53:09 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/06/07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Boris\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2011/12/22 16:27:40 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/10/21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/28 20:59:06 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2010/09/28 17:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/04/23 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009/05/09 01:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/09 01:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/28 04:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 19:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/20 11:53:09 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/06/20 11:53:06 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/06/20 11:53:06 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/06/20 11:53:06 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/06/20 11:53:06 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/06/07 10:14:43 | 000,441,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 10:14:42 | 003,922,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 10:13:27 | 000,553,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 10:13:26 | 000,117,784 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 10:13:16 | 000,134,696 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 10:13:15 | 000,250,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 10:13:14 | 002,375,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/06/07 09:23:19 | 009,252,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2010/09/28 21:10:14 | 001,699,384 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2010/09/28 20:59:20 | 012,286,008 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2009/07/14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/02/28 04:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/20 02:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/06 04:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/20 11:53:09 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/06 20:04:21 | 003,417,376 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/28 17:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/06/19 03:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/05 06:57:54 | 001,041,760 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/09/03 08:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/08/13 15:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/13 15:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/06/22 03:07:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/03/10 17:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/12/22 11:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPDTDF
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPDTDF
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPDTDF
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000d0df9a922431
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?s...q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-03-11 11:09:40&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - default_search_provider: Blekko (Enabled)
CHR - default_search_provider: search_url = http://blekko.com/?s...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Boris\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Skype Click to Call = C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2012/06/28 19:31:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Updater For Spam Free Search Bar) - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll (Visicom Media)
O2 - BHO: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll ()
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll ()
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Boris\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.121.1.34 195.121.1.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57D959DD-DFBE-446B-96B4-72C85303B119}: DhcpNameServer = 195.121.1.34 195.121.1.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98475FA0-04A8-43DA-AF47-CF0850FC0CDD}: DhcpNameServer = 195.121.1.34 195.121.1.66
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/28 20:10:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/28 20:02:22 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Malwarebytes
[2012/06/28 20:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/28 20:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/28 20:02:17 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/28 20:02:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/28 19:33:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/28 18:52:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/28 18:52:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/28 18:52:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/28 18:52:37 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/28 18:52:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/28 18:52:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/28 18:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/06/28 13:27:03 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{1FB80E63-1DDC-4BC3-B51A-57F311D41180}
[2012/06/28 13:26:47 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{A41341C1-64E4-4A7B-9CBF-ADF7DD6887FB}
[2012/06/28 00:47:12 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{0C7B3653-70AE-41AF-AE69-59288BCD56C4}
[2012/06/28 00:47:00 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{FB8D548B-EC37-4782-A234-1635E3120173}
[2012/06/27 12:46:28 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{8D837CD6-D216-4169-827D-DB4AD3DF3AAB}
[2012/06/27 12:46:16 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{AB13BD80-768E-47E6-AE83-75883F3BD60E}
[2012/06/26 23:15:15 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{21465F64-3A7D-45EB-84DD-07263FB833AF}
[2012/06/26 23:15:02 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{1813E460-6402-4ECF-A605-181CCED83933}
[2012/06/26 19:19:02 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\adaware
[2012/06/26 19:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/06/26 19:18:23 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\adawarebp
[2012/06/26 19:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/06/26 19:18:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2012/06/26 19:18:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012/06/26 11:14:29 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{462929F4-0264-4CA5-B53F-61F4B66E03B9}
[2012/06/26 11:14:14 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{3F8D0B1E-2E9D-4B13-9417-494392B5C888}
[2012/06/25 13:29:00 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{18793FF0-1332-4B27-B10A-6C3ADCDC1514}
[2012/06/25 13:28:47 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{1285EBAF-43D5-47E4-850B-124839E5B0EB}
[2012/06/25 01:28:17 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{490ACBCE-96E3-4632-B3A2-870747EA0385}
[2012/06/25 01:28:06 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{8F872DC2-4E5B-41ED-B96B-7326F92B2F97}
[2012/06/24 13:31:15 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/24 13:31:15 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/24 13:31:15 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/24 13:30:24 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/24 13:30:24 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/24 13:30:24 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/24 13:30:05 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/24 13:30:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/24 13:27:35 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{C2E6FFEC-51D9-4A47-93E0-459399769F32}
[2012/06/24 13:27:22 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{63C871FC-FB88-46C2-B2F2-C5B03A1357B9}
[2012/06/23 23:49:39 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{5486716D-34AA-4CE8-9764-75F0A08D528E}
[2012/06/23 21:18:52 | 000,000,000 | ---D | C] -- C:\Users\Boris\Documents\Cross Fire
[2012/06/23 21:18:22 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossfire Europe
[2012/06/23 21:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe
[2012/06/23 21:15:14 | 000,000,000 | ---D | C] -- C:\SG Interactive
[2012/06/23 11:49:13 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{14FD5F28-7ED6-4BE2-825B-E7B3E598A5D0}
[2012/06/23 11:49:02 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{3FED0CD7-9A2D-4740-ABC1-4135608CAB72}
[2012/06/23 11:24:52 | 000,000,000 | ---D | C] -- C:\Windows\nl
[2012/06/23 11:23:58 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/23 11:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/06/23 11:14:17 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{2058F8B4-EA66-4BD4-9ADE-6894C34492A5}
[2012/06/23 11:14:05 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{E23898E8-27DF-46B3-B2E1-A0473AF0EC2E}
[2012/06/22 18:29:58 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{352CF637-2A91-449D-8A9E-8BFD9F8D1D6C}
[2012/06/22 12:03:11 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Diagnostics
[2012/06/22 03:00:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/22 03:00:40 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/22 03:00:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/22 03:00:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/22 03:00:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/22 03:00:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/22 03:00:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/22 03:00:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/22 03:00:36 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/22 03:00:36 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/22 03:00:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/22 03:00:36 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/22 03:00:35 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/21 22:14:09 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/06/21 16:08:34 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\TeamViewer
[2012/06/16 21:30:06 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tremulous
[2012/06/16 21:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tremulous
[2012/06/16 21:29:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tremulous
[2012/06/13 12:44:08 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 12:44:08 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 12:44:07 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 12:44:04 | 005,505,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 12:44:03 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/13 12:44:03 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 12:43:56 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/13 12:43:49 | 001,460,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 12:43:49 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/06 21:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya
[2012/06/06 21:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\alaplaya
[2012/06/06 20:05:32 | 652,554,512 | ---- | C] (InstallShield Software Corporation) -- C:\Users\Boris\Desktop\S4_League_EU_v1167.exe
[2012/06/06 20:04:56 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Akamai
[2012/06/06 20:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2012/06/04 16:25:59 | 000,000,000 | ---D | C] -- C:\$AVG

========== Files - Modified Within 30 Days ==========

[2012/06/28 20:17:52 | 000,001,463 | ---- | M] () -- C:\Users\Boris\Desktop\OTL (1).exe - Shortcut.lnk
[2012/06/28 20:17:07 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 20:17:07 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 20:10:02 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/28 20:09:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/28 20:09:41 | 536,301,567 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/28 20:02:18 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/28 19:59:26 | 000,001,598 | ---- | M] () -- C:\Users\Boris\Desktop\mbam-setup-1.61.0.1400.exe - Shortcut.lnk
[2012/06/28 19:51:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/28 19:43:55 | 000,001,490 | ---- | M] () -- C:\Users\Boris\Desktop\tdsskiller.exe - Shortcut.lnk
[2012/06/28 19:31:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/28 18:51:59 | 000,001,472 | ---- | M] () -- C:\Users\Boris\Desktop\ComboFix.exe - Shortcut.lnk
[2012/06/28 18:34:25 | 000,000,512 | ---- | M] () -- C:\Users\Boris\Desktop\MBR.dat
[2012/06/28 18:09:35 | 000,001,452 | ---- | M] () -- C:\Users\Boris\Desktop\aswMBR.exe - Shortcut.lnk
[2012/06/28 18:09:18 | 000,007,597 | ---- | M] () -- C:\Users\Boris\AppData\Local\Resmon.ResmonCfg
[2012/06/27 12:53:56 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/27 12:53:56 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/27 12:53:56 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/26 22:03:21 | 000,001,738 | ---- | M] () -- C:\Windows\SysWow64\EmailAVConfig.xml
[2012/06/26 22:03:20 | 000,019,220 | ---- | M] () -- C:\Windows\SysWow64\FirewallConfig.xml
[2012/06/26 22:03:20 | 000,001,190 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/06/26 17:29:04 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/24 23:33:29 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBoris.job
[2012/06/23 21:18:22 | 000,000,847 | ---- | M] () -- C:\Users\Boris\Desktop\Crossfire Europe.lnk
[2012/06/23 21:10:40 | 571,203,792 | ---- | M] () -- C:\Users\Boris\Desktop\Crossfire_Install_1077.exe
[2012/06/21 22:14:50 | 000,734,810 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/14 09:50:53 | 000,314,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 12:36:22 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/13 12:36:22 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/12 13:53:02 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/08 17:06:04 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHP_KAASVRETER$.job
[2012/06/06 21:39:23 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk
[2012/06/06 21:32:08 | 652,554,512 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Boris\Desktop\S4_League_EU_v1167.exe
[2012/06/03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/03 00:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

========== Files Created - No Company Name ==========

[2012/06/28 20:17:42 | 000,001,463 | ---- | C] () -- C:\Users\Boris\Desktop\OTL (1).exe - Shortcut.lnk
[2012/06/28 20:02:18 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/28 19:59:18 | 000,001,598 | ---- | C] () -- C:\Users\Boris\Desktop\mbam-setup-1.61.0.1400.exe - Shortcut.lnk
[2012/06/28 19:43:16 | 000,001,490 | ---- | C] () -- C:\Users\Boris\Desktop\tdsskiller.exe - Shortcut.lnk
[2012/06/28 18:52:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/28 18:52:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/28 18:52:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/28 18:52:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/28 18:52:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/28 18:50:12 | 000,001,472 | ---- | C] () -- C:\Users\Boris\Desktop\ComboFix.exe - Shortcut.lnk
[2012/06/28 18:34:25 | 000,000,512 | ---- | C] () -- C:\Users\Boris\Desktop\MBR.dat
[2012/06/28 18:09:09 | 000,001,452 | ---- | C] () -- C:\Users\Boris\Desktop\aswMBR.exe - Shortcut.lnk
[2012/06/27 15:37:55 | 000,007,597 | ---- | C] () -- C:\Users\Boris\AppData\Local\Resmon.ResmonCfg
[2012/06/26 22:03:21 | 000,001,738 | ---- | C] () -- C:\Windows\SysWow64\EmailAVConfig.xml
[2012/06/26 22:03:20 | 000,019,220 | ---- | C] () -- C:\Windows\SysWow64\FirewallConfig.xml
[2012/06/26 22:03:20 | 000,001,190 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/06/23 21:18:22 | 000,000,847 | ---- | C] () -- C:\Users\Boris\Desktop\Crossfire Europe.lnk
[2012/06/23 20:55:36 | 571,203,792 | ---- | C] () -- C:\Users\Boris\Desktop\Crossfire_Install_1077.exe
[2012/06/21 22:15:18 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/06/21 22:14:50 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/06 21:39:23 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk
[2012/01/24 18:41:01 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/12/11 01:38:16 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/08/16 16:27:03 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/09/21 19:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2010/09/21 16:45:54 | 008,606,296 | ---- | M] (Firaxis Games) -- C:\CivilizationV.exe
[2010/09/21 16:45:55 | 014,556,760 | ---- | M] (Firaxis Games) -- C:\CivilizationV_DX11.exe
[2010/09/22 21:24:56 | 000,018,432 | ---- | M] (Arctic0ne) -- C:\Fixer.exe
[2010/02/10 23:49:20 | 000,057,856 | ---- | M] () -- C:\HL2Loader.exe
[2009/05/01 22:49:56 | 000,034,304 | ---- | M] () -- C:\revLoader.exe

< %SYSTEMDRIVE%\*.exe >
[2010/09/21 16:45:54 | 008,606,296 | ---- | M] (Firaxis Games) -- C:\CivilizationV.exe
[2010/09/21 16:45:55 | 014,556,760 | ---- | M] (Firaxis Games) -- C:\CivilizationV_DX11.exe
[2010/09/22 21:24:56 | 000,018,432 | ---- | M] (Arctic0ne) -- C:\Fixer.exe
[2010/02/10 23:49:20 | 000,057,856 | ---- | M] () -- C:\HL2Loader.exe
[2009/05/01 22:49:56 | 000,034,304 | ---- | M] () -- C:\revLoader.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/05/17 14:58:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\.minecraft
[2011/12/10 16:45:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Adobe
[2012/02/20 10:49:55 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Babylon
[2012/05/15 15:22:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Cetuy
[2011/12/21 22:21:48 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\CyberLink
[2012/05/03 23:06:58 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\fltk.org
[2011/12/25 23:10:37 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Hewlett-Packard
[2012/06/24 13:38:11 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\HP Support Assistant
[2011/12/11 18:44:12 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\hpqLog
[2012/06/24 13:38:11 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\HpUpdate
[2011/12/10 16:49:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Identities
[2011/12/10 18:30:17 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\LolClient
[2012/05/26 11:44:58 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\LolClient2
[2011/12/10 16:50:10 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Macromedia
[2012/06/28 20:02:22 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Malwarebytes
[2009/07/14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Media Center Programs
[2012/05/15 15:22:43 | 000,000,000 | --SD | M] -- C:\Users\Boris\AppData\Roaming\Microsoft
[2011/12/12 16:18:28 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\OpenOffice.org
[2011/12/10 16:57:43 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Opera
[2011/12/10 16:50:20 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\PictureMover
[2012/06/28 18:45:58 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Skype
[2012/06/21 16:08:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TeamViewer
[2012/02/11 16:43:58 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TS3Client
[2012/02/02 19:48:02 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ventrilo
[2011/12/11 18:41:24 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\WinBatch
[2011/12/31 13:50:52 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\WinRAR
[2012/05/15 15:22:44 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Yqiho

< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_1f6d6691df50b157\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/08/16 16:47:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/08/16 16:48:30 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/08/16 16:47:43 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2011/08/16 16:46:42 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011/08/16 16:48:30 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011/08/16 16:46:42 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011/08/16 16:48:30 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011/08/16 16:46:42 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/08/16 16:48:30 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/08/16 16:47:43 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011/08/16 16:46:42 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2011/08/16 16:47:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache86\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\erdnt\cache64\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011/08/16 16:48:30 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/08/16 16:48:30 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\erdnt\cache64\winlogon.exe
[2011/08/16 16:48:30 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2011/08/16 16:48:30 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/06/07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/06/07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/06/07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/06/07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/02/29 19:44:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/02/29 19:44:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/02/29 19:44:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/05/18 01:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/05/18 01:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ShowIconsCommand [2012/06/15 21:53:26 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /HideIconsCommand [2012/06/15 21:53:26 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ReInstallBrowser [2012/06/15 21:53:26 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files (x86)\Opera\Opera.exe" [2012/06/15 21:53:26 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /HideIconsCommand [2012/06/15 21:53:26 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ShowIconsCommand [2012/06/15 21:53:26 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ReInstallBrowser [2012/06/15 21:53:26 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files (x86)\Opera\Opera.exe" [2012/06/15 21:53:26 | 000,874,384 | ---- | M] (Opera Software)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/06/07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/06/07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/06/07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/06/07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/02/29 19:44:43 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/02/29 19:44:43 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/02/29 19:44:43 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/05/18 01:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/05/18 01:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /SHOWICONSCOMMAND [2012/06/15 21:53:26 | 000,874,384 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /HIDEICONSCOMMAND [2012/06/15 21:53:26 | 000,874,384 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /REINSTALLBROWSER [2012/06/15 21:53:26 | 000,874,384 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" [2012/06/15 21:53:26 | 000,874,384 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /HIDEICONSCOMMAND [2012/06/15 21:53:26 | 000,874,384 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /SHOWICONSCOMMAND [2012/06/15 21:53:26 | 000,874,384 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /REINSTALLBROWSER [2012/06/15 21:53:26 | 000,874,384 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" [2012/06/15 21:53:26 | 000,874,384 | ---- | M] (Opera Software)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Files - Unicode (All) ==========
[2012/05/29 23:43:22 | 000,083,519 | ---- | C] ()(C:\Users\Boris\Documents\PvZ Kingler vs M?Stephano on Autel Tal'darim EC[f36edc22].SC2Replay) -- C:\Users\Boris\Documents\PvZ Kingler vs MǂStephano on Autel Tal'darim EC[f36edc22].SC2Replay
[2012/05/29 23:43:22 | 000,082,467 | ---- | C] ()(C:\Users\Boris\Documents\PvZ OMGDTDROP vs M?Stephano on Chantier naval d’Antiga[40e523fb].SC2Replay) -- C:\Users\Boris\Documents\PvZ OMGDTDROP vs MǂStephano on Chantier naval d’Antiga[40e523fb].SC2Replay
[2012/05/29 23:43:22 | 000,072,740 | ---- | C] ()(C:\Users\Boris\Documents\PvZ NaViBabyK vs M?Stephano on Plateau de Shakuras[9676f740].SC2Replay) -- C:\Users\Boris\Documents\PvZ NaViBabyK vs MǂStephano on Plateau de Shakuras[9676f740].SC2Replay
[2012/05/29 23:43:22 | 000,066,166 | ---- | C] ()(C:\Users\Boris\Documents\PvZ OMGDTDROP vs M?Stephano on Temple brisé[f8ac07e8].SC2Replay) -- C:\Users\Boris\Documents\PvZ OMGDTDROP vs MǂStephano on Temple brisé[f8ac07e8].SC2Replay
[2012/05/29 23:43:22 | 000,065,307 | ---- | C] ()(C:\Users\Boris\Documents\PvZ Grubby vs M?Stephano on Métalopolis[4c848de2].SC2Replay) -- C:\Users\Boris\Documents\PvZ Grubby vs MǂStephano on Métalopolis[4c848de2].SC2Replay
[2012/05/29 23:43:22 | 000,053,769 | ---- | C] ()(C:\Users\Boris\Documents\PvZ WhiteRa vs M?Stephano on Crypte des Nérazims[0dfe49f8].SC2Replay) -- C:\Users\Boris\Documents\PvZ WhiteRa vs MǂStephano on Crypte des Nérazims[0dfe49f8].SC2Replay
[2012/05/29 23:43:22 | 000,041,549 | ---- | C] ()(C:\Users\Boris\Documents\PvZ DreAm vs M?Stephano on Métalopolis[b354f8ea].SC2Replay) -- C:\Users\Boris\Documents\PvZ DreAm vs MǂStephano on Métalopolis[b354f8ea].SC2Replay
[2012/05/29 23:43:22 | 000,010,622 | ---- | C] ()(C:\Users\Boris\Documents\PvZ OMGDTDROP vs M?Stephano on Autel Tal'darim EC[e5658df6].SC2Replay) -- C:\Users\Boris\Documents\PvZ OMGDTDROP vs MǂStephano on Autel Tal'darim EC[e5658df6].SC2Replay
[2011/11/06 00:42:56 | 000,082,467 | ---- | M] ()(C:\Users\Boris\Documents\PvZ OMGDTDROP vs M?Stephano on Chantier naval d’Antiga[40e523fb].SC2Replay) -- C:\Users\Boris\Documents\PvZ OMGDTDROP vs MǂStephano on Chantier naval d’Antiga[40e523fb].SC2Replay
[2011/11/06 00:42:54 | 000,065,307 | ---- | M] ()(C:\Users\Boris\Documents\PvZ Grubby vs M?Stephano on Métalopolis[4c848de2].SC2Replay) -- C:\Users\Boris\Documents\PvZ Grubby vs MǂStephano on Métalopolis[4c848de2].SC2Replay
[2011/11/06 00:42:54 | 000,053,769 | ---- | M] ()(C:\Users\Boris\Documents\PvZ WhiteRa vs M?Stephano on Crypte des Nérazims[0dfe49f8].SC2Replay) -- C:\Users\Boris\Documents\PvZ WhiteRa vs MǂStephano on Crypte des Nérazims[0dfe49f8].SC2Replay
[2011/11/06 00:42:52 | 000,083,519 | ---- | M] ()(C:\Users\Boris\Documents\PvZ Kingler vs M?Stephano on Autel Tal'darim EC[f36edc22].SC2Replay) -- C:\Users\Boris\Documents\PvZ Kingler vs MǂStephano on Autel Tal'darim EC[f36edc22].SC2Replay
[2011/11/06 00:42:52 | 000,072,740 | ---- | M] ()(C:\Users\Boris\Documents\PvZ NaViBabyK vs M?Stephano on Plateau de Shakuras[9676f740].SC2Replay) -- C:\Users\Boris\Documents\PvZ NaViBabyK vs MǂStephano on Plateau de Shakuras[9676f740].SC2Replay
[2011/11/06 00:42:52 | 000,041,549 | ---- | M] ()(C:\Users\Boris\Documents\PvZ DreAm vs M?Stephano on Métalopolis[b354f8ea].SC2Replay) -- C:\Users\Boris\Documents\PvZ DreAm vs MǂStephano on Métalopolis[b354f8ea].SC2Replay
[2011/11/06 00:42:50 | 000,066,166 | ---- | M] ()(C:\Users\Boris\Documents\PvZ OMGDTDROP vs M?Stephano on Temple brisé[f8ac07e8].SC2Replay) -- C:\Users\Boris\Documents\PvZ OMGDTDROP vs MǂStephano on Temple brisé[f8ac07e8].SC2Replay
[2011/11/06 00:42:44 | 000,010,622 | ---- | M] ()(C:\Users\Boris\Documents\PvZ OMGDTDROP vs M?Stephano on Autel Tal'darim EC[e5658df6].SC2Replay) -- C:\Users\Boris\Documents\PvZ OMGDTDROP vs MǂStephano on Autel Tal'darim EC[e5658df6].SC2Replay

< End of report >


Extras.txt:



OTL Extras logfile created on: 6/28/2012 8:18:42 PM - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Boris\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy

6.00 Gb Total Physical Memory | 4.24 Gb Available Physical Memory | 70.60% Memory free
12.00 Gb Paging File | 10.07 Gb Available in Paging File | 83.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.07 Gb Total Space | 803.56 Gb Free Space | 87.53% Space Free | Partition Type: NTFS
Drive D: | 13.34 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 931.39 Gb Free Space | 99.99% Space Free | Partition Type: NTFS

Computer Name: HP_KAASVRETER | User Name: Boris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F453ED-84D5-4A11-A446-B14809E60312}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1453BD11-38AE-439C-BDE8-46424D49E2BA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{27A65343-B209-42FA-8B21-6F0598363D7B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27F05CEF-EA5C-45C7-8B48-DF468FE106C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{286792BB-9986-4549-A4D5-0D4F42E8FE80}" = lport=138 | protocol=17 | dir=in | app=system |
"{38056BA0-18FF-45F0-8F40-2DC0A0310C62}" = lport=2869 | protocol=6 | dir=in | app=system |
"{39BB5254-E167-4D75-A602-DC816FB49FA7}" = rport=445 | protocol=6 | dir=out | app=system |
"{3CA50D6A-C295-4721-AEE0-144B7F2ABDB4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{401F28F1-D9A7-4986-99A4-3F3715DE0933}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B12EF6A-D384-49BE-B0D7-8FE2425FFEE6}" = lport=445 | protocol=6 | dir=in | app=system |
"{4B9A3FED-A10D-483B-8AE7-B8BB2998B60C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5E0299F1-3C00-4C76-83D2-00FD65E067D2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{749CF81B-867E-4FF0-91A3-A09B5DE6ECF6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7A019E1A-FDB5-42BE-BE72-D3F7A1E7386F}" = rport=139 | protocol=6 | dir=out | app=system |
"{8323D18F-CCAC-40FB-9211-A075D2A35D1D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{886773A4-EE1F-4E52-8676-4BBE93D82F51}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C1D48CE-AD89-4065-A708-D40C17DAAF72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{951AE3DA-23E3-4231-85C8-97774350E1F6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C5ADAD80-D4F9-4166-A793-EAEA7044CAB2}" = lport=137 | protocol=17 | dir=in | app=system |
"{C8D1147A-9372-47BC-9134-295496692986}" = rport=137 | protocol=17 | dir=out | app=system |
"{CCA2C3FF-84F3-497C-82E4-B564C324A4BE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E032D33F-1001-42D8-950B-D790F5C5AFEB}" = lport=139 | protocol=6 | dir=in | app=system |
"{F21F694F-10B3-446D-ACAE-2AAC367D1C6D}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09D3EFC1-477F-420C-A2CE-3FE701C5CE4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A8192EC-D096-4499-A3F2-EC6CA95AF948}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{18196E9F-8E68-4642-8224-D9B9DFC47F15}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{1C9D8B43-1141-4E5F-84FA-EC7525BF64AD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{22B076D8-CDC6-40ED-A1CB-537CBAF60636}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{234DA063-430D-4CA1-BD92-7683FAE99822}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24131D0F-14EC-4A21-BC05-A9EF2DC26D0A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{25F8A77C-7ECA-4F80-AB7C-342B4C85E819}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{27036600-9AC5-4B23-9458-0A7E460BA5BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\vijftig\counter-strike source\hl2.exe |
"{288D4493-F1C4-4707-AAA1-BDE62DE02B31}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{28969114-46E5-43A6-BD04-593BE123BF5D}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\akamai\netsession_win.exe |
"{2AB751B6-7300-4E3B-8861-60A1102658B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2B319247-E662-4ECB-8BF8-1950D22B4C17}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{30869358-331E-4D53-A606-9E38A47871E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38FB6049-9FB6-4916-AEFA-35962952CD8A}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |
"{3A547BBA-65EC-4BE4-815B-89BDA1A02FF9}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{3BE1E90A-22C3-4769-A393-5A551235B7DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4D59B62A-1956-4897-9469-64C29D5486A1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{50B179C3-8FBA-4F77-873E-60A4006B08EE}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{51D74FBC-A9CE-4B65-A8EE-FA3846806A28}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{534B2041-E6C7-4B7D-9AD8-F47B58EE0034}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5404AF06-5402-4FD7-9999-6D618787AD6B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{56C3D985-5E9C-4C6C-B5F6-4D691334DEAF}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{654C2DB0-4263-42B6-809D-8E0FAE702AEC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{66B9731B-73C8-4223-BA18-1AD9C0615C82}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6838F0E9-8EC2-42FD-914A-9AAD4E64366A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{6DB33335-70DD-4914-99BD-B2CFB28B1BE2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6F5103B1-3425-4913-92D8-E0DEC72A16BA}" = protocol=1 | dir=in | name=echo ping request |
"{72DB8B4B-CBD4-44C9-851B-F0F61399D44F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7992DA7B-BDBA-4B4B-A409-F6087520AB13}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{80265771-7408-47E5-BB0D-428747BF5BBF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8147B174-1211-4165-ABE7-2EA177BBD4DC}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{83A7FBDB-901C-4D07-9523-637DD0E73028}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\vijftig\counter-strike source\hl2.exe |
"{83B1F859-BFBD-4B95-8B8A-757F8BB4DCC2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8C2850B4-0EC3-4B08-A877-F28ECF752F27}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{938D305A-5BAB-4977-BBF9-0FC4696D69DD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9635960D-3265-43A0-A824-E056D70C7747}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{9722CB50-9AA1-4047-86F9-A2072C2C3F63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9DAEEB42-7CC6-4B57-B738-3DBF76B360DE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{9E9E7DE1-3625-4DE3-955F-D77DF8D7734F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A26EAB3A-34C8-48AC-B09B-7266610AB0EE}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\akamai\netsession_win.exe |
"{A3156DF4-A995-44EE-BCC8-D3F884B2659F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{A95D9E68-1ACD-4E2A-BD40-DBC927DFF6C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{B025E20E-2317-472C-A68A-4506FD217E5A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B284C212-30A8-4784-A62D-A92D98026885}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BE632716-A637-4718-A1D6-2756AF8351B9}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{C1862E09-5518-4842-AF5C-B7FD7C1347A1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C67B1304-6DE6-44FF-A76E-1B3730365DAC}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{CC4E8DB9-978B-4736-B605-FC5243CEDD07}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{CCEC5CBC-A69E-41F8-BA63-D758EBFCE4EF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D01CE285-43CE-401B-A1AB-A09B97131360}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D4022F24-7E63-449E-AA8C-0E408B247094}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |
"{D56050DA-2587-4F9D-A758-AD292984F67A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D601C2A4-032A-4CE1-81D0-2A7442DB6EC7}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{D7E85C4B-66E7-49E8-8E26-9E6F57DBC9B2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{D907C01B-2B72-424C-97DA-678A37F65ECA}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{E1B7DBE4-90BB-4B76-B864-8A6C4703E5B0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{EBA434BE-268E-486A-A4D0-19577D339D2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EF6B87E0-E44A-470A-ADCC-1D2341C6C900}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{F0EA56A6-1427-420E-A375-8305357B0B71}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FC77F819-D043-4B51-862B-B6237E2723B6}" = protocol=6 | dir=out | app=system |
"TCP Query User{4DE15761-6B66-4B4D-B415-555F22685B3B}C:\program files (x86)\tremulous\tremulous.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tremulous\tremulous.exe |
"TCP Query User{547B5A68-E5C9-4C91-9058-9A4F4C8F0EEA}C:\users\boris\appdata\roaming\cetuy\ucma.exe" = protocol=6 | dir=in | app=c:\users\boris\appdata\roaming\cetuy\ucma.exe |
"TCP Query User{6FF0C351-B927-4208-8595-3FA82D080FB1}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{7553382E-8220-474D-88E9-1BAD590E33BF}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{766951E6-CD71-4874-91E7-05873578CB05}C:\users\boris\downloads\starcraft_2_eu_en-gb.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\starcraft_2_eu_en-gb.exe |
"TCP Query User{7805B483-2789-4356-9551-18D1DCE45D36}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{8DFACC31-EF80-4141-BD42-4E8F02430268}C:\users\boris\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\akamai\netsession_win.exe |
"TCP Query User{9ACA751B-04F9-4F0F-A566-A6BCCC5234B4}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{9E376470-AAD8-48CE-BC93-0C81C5B53201}C:\program files (x86)\steam\steamapps\vijftig\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\vijftig\team fortress 2\hl2.exe |
"TCP Query User{A1583DBE-636C-43C4-AB33-0623B66DE1DA}C:\users\boris\documents\starcraft_2_eu_en-gb.exe" = protocol=6 | dir=in | app=c:\users\boris\documents\starcraft_2_eu_en-gb.exe |
"TCP Query User{C05E3EAB-1C2B-4A2E-879B-B0DCC5DC3215}C:\program files (x86)\microsoft games\age of empires ii trial\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii trial\empires2.exe |
"TCP Query User{C264FE6E-7695-4129-B74A-B64FDDF00703}C:\users\boris\downloads\starcraft_2_eu_en-gb (1).exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\starcraft_2_eu_en-gb (1).exe |
"TCP Query User{FA09FBAF-625A-4FB3-B98D-F6B98A208F39}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{09FA2EB7-02D0-4253-8380-EE6E8F369174}C:\users\boris\appdata\roaming\cetuy\ucma.exe" = protocol=17 | dir=in | app=c:\users\boris\appdata\roaming\cetuy\ucma.exe |
"UDP Query User{14F8C999-70EB-47C0-81C1-2B731BEBCEDB}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{2BAD1804-6324-44DC-85C1-24D4ED1CC92A}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{6097611E-BCE4-495E-875F-FE0C43399AF4}C:\users\boris\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\akamai\netsession_win.exe |
"UDP Query User{733F375F-2182-4F02-B2E1-A297425551A9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{95159C8D-E79B-4AC4-8B53-DD31D138D38F}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{AB541761-1793-4026-9777-D10ECC7B11BC}C:\program files (x86)\steam\steamapps\vijftig\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\vijftig\team fortress 2\hl2.exe |
"UDP Query User{B99AC00A-A4BD-4464-BFC1-7A004EA9045D}C:\program files (x86)\tremulous\tremulous.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tremulous\tremulous.exe |
"UDP Query User{C9F578E3-9503-4C33-8DAF-38F99616E33B}C:\users\boris\documents\starcraft_2_eu_en-gb.exe" = protocol=17 | dir=in | app=c:\users\boris\documents\starcraft_2_eu_en-gb.exe |
"UDP Query User{D7B70824-4B93-4D6A-A3CC-90772BF8C419}C:\users\boris\downloads\starcraft_2_eu_en-gb.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\starcraft_2_eu_en-gb.exe |
"UDP Query User{DF733538-F0DE-447B-B7DF-52044B594A33}C:\users\boris\downloads\starcraft_2_eu_en-gb (1).exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\starcraft_2_eu_en-gb (1).exe |
"UDP Query User{E75B1FD9-F24C-4B7E-9D84-C06DF552ED53}C:\program files (x86)\microsoft games\age of empires ii trial\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii trial\empires2.exe |
"UDP Query User{F986C62A-D822-4560-A9F9-86A5A13CED54}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}" = Opera 10.00
"{24863FD7-EE05-4985-9905-1611B0A5723C}" = S4 League_EU
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C3BAE9CC-EC6B-4B3E-80C1-C1EC29A09AF8}" = OpenOffice.org 3.3
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"adawaretb" = Ad-Aware Security Toolbar
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II Trial" = Microsoft Age of Empires II Trial Version
"Akamai" = Akamai NetSession Interface
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"Auto Mouse_is1" = Auto Mouse 1.3
"BabylonToolbar" = Babylon toolbar on IE
"blekkotb" = Spam Free Search Bar
"Crossfire Europe" = Crossfire Europe
"EasyBits Magic Desktop" = Magic Desktop
"Europe MapleStory_is1" = Europe MapleStory
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MusicStationNetstaller" = MusicStation
"My HP Game Console" = HP Game Console
"Opera" = Opera
"Opera 12.00.1467" = Opera 12.00
"PDF Complete" = PDF Complete Special Edition
"StarCraft II" = StarCraft II
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 440" = Team Fortress 2
"Steam App 57300" = Amnesia: The Dark Descent
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tremulous" = Tremulous 1.1.0
"Tremulous-GPP" = Tremulous Gameplay Preview
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087343" = Dora's World Adventure
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT089299" = Mystery P.I. - The London Caper
"WT089300" = World Cup Cricket 20-20
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/21/2012 11:51:00 AM | Computer Name = HP_Kaasvreter | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x60f8e36c Faulting
process id: 0x274c Faulting application start time: 0x01cd4fbde74ddc39 Faulting application
path: c:\program files (x86)\steam\steamapps\vijftig\counter-strike source\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: e5859746-bbb8-11e1-bc7f-d485649a512c

Error - 6/21/2012 2:41:36 PM | Computer Name = HP_Kaasvreter | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x655fe36c Faulting
process id: 0x310 Faulting application start time: 0x01cd4fdcb139e15c Faulting application
path: c:\program files (x86)\steam\steamapps\vijftig\counter-strike source\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: babc4565-bbd0-11e1-bc7f-d485649a512c

Error - 6/21/2012 3:07:32 PM | Computer Name = HP_Kaasvreter | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x61fae36c Faulting
process id: 0xfc4 Faulting application start time: 0x01cd4fe06628f649 Faulting application
path: c:\program files (x86)\steam\steamapps\vijftig\counter-strike source\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: 5a25888e-bbd4-11e1-9367-d485649a512c

Error - 6/21/2012 5:17:00 PM | Computer Name = HP_Kaasvreter | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x7455e36c Faulting
process id: 0x13e4 Faulting application start time: 0x01cd4fee8bd89c29 Faulting application
path: c:\program files (x86)\steam\steamapps\vijftig\counter-strike source\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: 6fca636a-bbe6-11e1-b47a-d485649a512c

Error - 6/22/2012 6:03:24 AM | Computer Name = HP_Kaasvreter | Source = Application Error | ID = 1000
Description = Faulting application name: LolClient.exe, version: 2.0.2.12610, time
stamp: 0x4c00573a Faulting module name: Adobe AIR.dll, version: 3.1.0.4880, time
stamp: 0x4eb75fb9 Exception code: 0xc0000005 Fault offset: 0x000781a4 Faulting process
id: 0x780 Faulting application start time: 0x01cd5059c10e8eaa Faulting application
path: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.150\deploy\LolClient.exe
Faulting
module path: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.150\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Report Id: 80e296ba-bc51-11e1-8125-d485649a512c

Error - 6/22/2012 11:24:35 AM | Computer Name = HP_Kaasvreter | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x72d5e36c Faulting
process id: 0x320 Faulting application start time: 0x01cd5087969ff65c Faulting application
path: c:\program files (x86)\steam\steamapps\vijftig\counter-strike source\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: 5f433029-bc7e-11e1-9ca9-d485649a512c

Error - 6/22/2012 5:19:03 PM | Computer Name = HP_Kaasvreter | Source = Application Error | ID = 1000
Description = Faulting application name: LolClient.exe, version: 2.0.2.12610, time
stamp: 0x4c00573a Faulting module name: Adobe AIR.dll, version: 3.1.0.4880, time
stamp: 0x4eb75fb9 Exception code: 0xc0000005 Fault offset: 0x000781a4 Faulting process
id: 0x1c80 Faulting application start time: 0x01cd50adf11c48c7 Faulting application
path: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.150\deploy\LolClient.exe
Faulting
module path: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.150\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Report Id: e3fe58c3-bcaf-11e1-9ca9-d485649a512c

Error - 6/23/2012 5:17:23 AM | Computer Name = HP_Kaasvreter | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Windows Search' could not be shut down.

Error - 6/23/2012 8:01:17 AM | Computer Name = HP_Kaasvreter | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x6665e36c Faulting
process id: 0x17bc Faulting application start time: 0x01cd5136bb85e1ef Faulting application
path: c:\program files (x86)\steam\steamapps\vijftig\counter-strike source\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: 23299180-bd2b-11e1-a70b-d485649a512c

Error - 6/23/2012 3:03:28 PM | Computer Name = HP_Kaasvreter | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x70f1e36c Faulting
process id: 0x2378 Faulting application start time: 0x01cd5171ea22610a Faulting application
path: c:\program files (x86)\steam\steamapps\vijftig\counter-strike source\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: 1d9095b8-bd66-11e1-a70b-d485649a512c

[ Hewlett-Packard Events ]
Error - 2/12/2012 12:44:17 PM | Computer Name = HP_Kaasvreter | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 6143 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 2/19/2012 12:24:41 PM | Computer Name = HP_Kaasvreter | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 6143 Ram Utilization: 30 TargetSite: Void UpdateAndDetect()

Error - 2/26/2012 12:49:36 PM | Computer Name = HP_Kaasvreter | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 6143 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 5/13/2012 6:27:50 AM | Computer Name = HP_Kaasvreter | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6143 Ram Utilization: 50 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/13/2012 6:27:50 AM | Computer Name = HP_Kaasvreter | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6143 Ram Utilization: 50 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/20/2012 6:27:13 AM | Computer Name = HP_Kaasvreter | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6143 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/20/2012 6:27:13 AM | Computer Name = HP_Kaasvreter | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6143 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/27/2012 6:13:29 AM | Computer Name = HP_Kaasvreter | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6143 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/27/2012 6:13:30 AM | Computer Name = HP_Kaasvreter | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6143 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/3/2012 6:43:12 AM | Computer Name = HP_Kaasvreter | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6143 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

[ System Events ]
Error - 4/5/2012 12:15:06 PM | Computer Name = HP_Kaasvreter | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 4/5/2012 12:26:06 PM | Computer Name = HP_Kaasvreter | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 4/8/2012 11:19:02 AM | Computer Name = HP_Kaasvreter | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 4/9/2012 9:16:40 AM | Computer Name = HP_Kaasvreter | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 4/9/2012 9:27:40 AM | Computer Name = HP_Kaasvreter | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 4/12/2012 7:11:34 PM | Computer Name = HP_Kaasvreter | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070020: Security Update for Windows 7 for x64-based Systems (KB2653956).

Error - 4/15/2012 2:42:51 PM | Computer Name = HP_Kaasvreter | Source = Microsoft-Windows-Time-Service | ID = 34
Description = The time service has detected that the system time needs to be changed
by -86401 seconds. The time service will not change the system time by more than
54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.19:123) is working
properly.

Error - 4/21/2012 6:02:22 AM | Computer Name = HP_Kaasvreter | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 4/21/2012 6:02:22 AM | Computer Name = HP_Kaasvreter | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 5/3/2012 6:56:39 PM | Computer Name = HP_Kaasvreter | Source = DCOM | ID = 10010
Description =


< End of report >


Vew.txt


Vino's Event Viewer v01c run on Windows 2008 in Dutch
Report run at 28/06/2012 20:48:52

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Kritiek Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Fout Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Waarschuwing Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Vew.txt

Vino's Event Viewer v01c run on Windows 2008 in Dutch
Report run at 28/06/2012 20:49:06

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Kritiek Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Fout Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Waarschuwing Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





Do you also need the log from commandprompt sfc /scannow? It just said that it found no integrity violations.

Thanks in advance.
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,783 posts
  • MVP
Not seeing much in the logs. Let's try ESET:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute for things to settle down.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP