Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijacked Internet pages [Solved]

Started by Kristina , Oct 28 2012 06:36 AM

  • This topic is locked This topic is locked

#1
Kristina
Posted 28 October 2012 - 06:36 AM

Kristina

    Member

  • Member
  • PipPipPip
  • 319 posts
For about a month I've noticed pages in my browser get hijacked, when I click on the search engine results (I use Google as default engine and Mozilla Firefox as browser). It happens to all kinds of websites with no problems whatsoever. When I click back to the Google results and click again on the link, the link works correctly. Also my browser seems to load slower than before.

Could you help me discover what malware is causing this? I've run Superantispyware several times and it doesn't solve the problem, also ran MalwareBytes. Thank you in advance!




OTL logfile created on: 28.10.2012 14:21:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adina\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

3,30 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 50,50% Memory free
4,30 Gb Paging File | 2,27 Gb Available in Paging File | 52,82% Paging File free
Paging file location(s): c:\pagefile.sys 1024 3096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 32,92 Gb Free Space | 33,74% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 30,73 Gb Free Space | 8,35% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 8,40 Gb Free Space | 3,61% Space Free | Partition Type: NTFS

Computer Name: ADINA-PC | User Name: Adina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.28 14:21:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adina\Desktop\OTL.exe
PRC - [2012.10.28 12:18:33 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.10.20 13:31:21 | 004,762,496 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012.10.13 13:59:40 | 000,698,240 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
PRC - [2012.10.12 14:33:10 | 001,026,432 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012.10.09 16:47:29 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012.09.25 10:00:46 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.25 09:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.25 09:52:49 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.24 20:59:16 | 000,490,880 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
PRC - [2012.09.19 18:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.09.01 23:47:49 | 001,549,312 | ---- | M] (AIMP DevTeam) -- C:\Program Files\AIMP3\AIMP3.exe
PRC - [2012.08.18 12:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2012.07.20 20:08:04 | 008,186,368 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2012.06.28 17:41:58 | 002,206,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winamp.exe
PRC - [2012.05.27 17:35:13 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012.05.25 03:25:02 | 006,595,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011.12.22 18:11:20 | 000,818,952 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008.11.11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008.09.19 07:52:04 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008.06.03 07:02:34 | 000,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012.10.28 12:18:33 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.10.18 16:27:48 | 000,623,616 | ---- | M] () -- C:\Program Files\Winamp\System\jnetlib.w5s
MOD - [2012.10.18 16:27:48 | 000,313,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_wm.dll
MOD - [2012.10.18 16:27:48 | 000,294,912 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_local.dll
MOD - [2012.10.18 16:27:48 | 000,290,816 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mp3.dll
MOD - [2012.10.18 16:27:48 | 000,253,440 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_vorbis.dll
MOD - [2012.10.18 16:27:48 | 000,249,856 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_devices.dll
MOD - [2012.10.18 16:27:48 | 000,240,640 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_pmp.dll
MOD - [2012.10.18 16:27:48 | 000,201,728 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_disc.dll
MOD - [2012.10.18 16:27:48 | 000,174,080 | ---- | M] () -- C:\Program Files\Winamp\System\auth.w5s
MOD - [2012.10.18 16:27:48 | 000,170,496 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_ipod.dll
MOD - [2012.10.18 16:27:48 | 000,164,864 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mod.dll
MOD - [2012.10.18 16:27:48 | 000,154,624 | ---- | M] () -- C:\Program Files\Winamp\System\jpeg.w5s
MOD - [2012.10.18 16:27:48 | 000,124,928 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_online.dll
MOD - [2012.10.18 16:27:48 | 000,118,272 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_p4s.dll
MOD - [2012.10.18 16:27:48 | 000,113,664 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_wifi.dll
MOD - [2012.10.18 16:27:48 | 000,109,568 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_midi.dll
MOD - [2012.10.18 16:27:48 | 000,102,400 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_cdda.dll
MOD - [2012.10.18 16:27:48 | 000,091,136 | ---- | M] () -- C:\Program Files\Winamp\System\xml.w5s
MOD - [2012.10.18 16:27:48 | 000,087,552 | ---- | M] () -- C:\Program Files\Winamp\System\png.w5s
MOD - [2012.10.18 16:27:48 | 000,084,480 | ---- | M] () -- C:\Program Files\Winamp\System\playlist.w5s
MOD - [2012.10.18 16:27:48 | 000,084,480 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_playlists.dll
MOD - [2012.10.18 16:27:48 | 000,083,968 | ---- | M] () -- C:\Program Files\Winamp\tataki.dll
MOD - [2012.10.18 16:27:48 | 000,083,456 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_plg.dll
MOD - [2012.10.18 16:27:48 | 000,075,264 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_nsv.dll
MOD - [2012.10.18 16:27:48 | 000,072,192 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_dshow.dll
MOD - [2012.10.18 16:27:48 | 000,068,608 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_avi.dll
MOD - [2012.10.18 16:27:48 | 000,064,512 | ---- | M] () -- C:\Program Files\Winamp\zlib.dll
MOD - [2012.10.18 16:27:48 | 000,061,440 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_flac.dll
MOD - [2012.10.18 16:27:48 | 000,060,928 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_android.dll
MOD - [2012.10.18 16:27:48 | 000,057,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_impex.dll
MOD - [2012.10.18 16:27:48 | 000,053,760 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_usb.dll
MOD - [2012.10.18 16:27:48 | 000,052,736 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mp4.dll
MOD - [2012.10.18 16:27:48 | 000,052,224 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_ds.dll
MOD - [2012.10.18 16:27:48 | 000,052,224 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_history.dll
MOD - [2012.10.18 16:27:48 | 000,049,152 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mkv.dll
MOD - [2012.10.18 16:27:48 | 000,044,544 | ---- | M] () -- C:\Program Files\Winamp\System\devices.w5s
MOD - [2012.10.18 16:27:48 | 000,043,008 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_flv.dll
MOD - [2012.10.18 16:27:48 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\System\timer.w5s
MOD - [2012.10.18 16:27:48 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_rg.dll
MOD - [2012.10.18 16:27:48 | 000,032,256 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_transcode.dll
MOD - [2012.10.18 16:27:48 | 000,028,672 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_bookmarks.dll
MOD - [2012.10.18 16:27:48 | 000,028,672 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_autotag.dll
MOD - [2012.10.18 16:27:48 | 000,023,552 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_swf.dll
MOD - [2012.10.18 16:27:48 | 000,023,552 | ---- | M] () -- C:\Program Files\Winamp\System\albumart.w5s
MOD - [2012.10.18 16:27:48 | 000,022,528 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_disk.dll
MOD - [2012.10.18 16:27:48 | 000,021,504 | ---- | M] () -- C:\Program Files\Winamp\System\tagz.w5s
MOD - [2012.10.18 16:27:48 | 000,020,480 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_njb.dll
MOD - [2012.10.18 16:27:48 | 000,019,456 | ---- | M] () -- C:\Program Files\Winamp\System\gif.w5s
MOD - [2012.10.18 16:27:48 | 000,019,456 | ---- | M] () -- C:\Program Files\Winamp\System\bmp.w5s
MOD - [2012.10.18 16:27:48 | 000,018,432 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_wave.dll
MOD - [2012.10.18 16:27:48 | 000,016,896 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_wave.dll
MOD - [2012.10.18 16:27:48 | 000,016,896 | ---- | M] () -- C:\Program Files\Winamp\System\dlmgr.w5s
MOD - [2012.10.18 16:27:48 | 000,016,384 | ---- | M] () -- C:\Program Files\Winamp\System\gracenote.w5s
MOD - [2012.10.18 16:27:48 | 000,014,336 | ---- | M] () -- C:\Program Files\Winamp\System\filereader.w5s
MOD - [2012.10.18 16:27:48 | 000,013,824 | ---- | M] () -- C:\Program Files\Winamp\System\primo.w5s
MOD - [2012.10.18 16:27:48 | 000,007,168 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_linein.dll
MOD - [2012.10.18 16:27:47 | 001,737,728 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_ff.dll
MOD - [2012.10.18 16:27:47 | 000,417,280 | ---- | M] () -- C:\Program Files\Winamp\nsutil.dll
MOD - [2012.10.18 16:27:47 | 000,340,992 | ---- | M] () -- C:\Program Files\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
MOD - [2012.10.18 16:27:47 | 000,318,976 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_ml.dll
MOD - [2012.10.18 16:27:47 | 000,253,440 | ---- | M] () -- C:\Program Files\Winamp\libsndfile.dll
MOD - [2012.10.18 16:27:47 | 000,185,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_jumpex.dll
MOD - [2012.10.18 16:27:47 | 000,078,848 | ---- | M] () -- C:\Program Files\Winamp\nde.dll
MOD - [2012.10.18 16:27:47 | 000,057,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_orgler.dll
MOD - [2012.10.18 16:27:47 | 000,028,160 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_hotkeys.dll
MOD - [2012.10.18 16:27:47 | 000,025,600 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_tray.dll
MOD - [2012.10.09 16:47:29 | 009,814,968 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012.09.19 16:19:14 | 000,142,208 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\ASCExtMenu.dll
MOD - [2012.09.01 23:47:49 | 001,198,080 | ---- | M] () -- C:\Program Files\AIMP3\Modules\aimp_libvorbis.dll
MOD - [2012.09.01 23:47:49 | 000,443,904 | ---- | M] () -- C:\Program Files\AIMP3\sqlite3.dll
MOD - [2012.09.01 23:47:49 | 000,237,568 | ---- | M] () -- C:\Program Files\AIMP3\Plugins\OptimFROG.dll
MOD - [2012.09.01 23:47:49 | 000,125,952 | ---- | M] () -- C:\Program Files\AIMP3\Plugins\PandemicAnalogMeter.dll
MOD - [2012.09.01 23:47:49 | 000,054,272 | ---- | M] () -- C:\Program Files\AIMP3\Plugins\aimp_lastfm.dll
MOD - [2012.09.01 23:47:49 | 000,026,624 | ---- | M] () -- C:\Program Files\AIMP3\Plugins\Aorta.svp
MOD - [2012.05.25 03:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012.05.25 03:25:00 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009.09.15 17:20:50 | 000,177,152 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2009.09.15 17:20:50 | 000,044,544 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2009.09.15 17:20:46 | 000,342,528 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2009.05.15 23:22:42 | 000,716,800 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll
MOD - [2008.12.06 00:41:50 | 000,619,008 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PhoneBrowser.dll


========== Services (SafeList) ==========

SRV - [2012.10.28 12:18:33 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.12 14:33:10 | 001,026,432 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012.10.09 16:47:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.25 10:00:46 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.25 09:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.09.15 10:02:52 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012.08.18 12:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.4)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.20 20:08:04 | 008,186,368 | ---- | M] () [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.03 12:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.22 18:11:20 | 000,818,952 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Corporate.11.0)
SRV - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.04.08 17:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Disabled | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2011.01.06 01:19:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.03.25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.11.11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (gdrv)
DRV - [2012.10.01 16:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.24 08:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.13 09:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.07.03 12:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.29 13:10:06 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.10.30 12:14:50 | 000,027,600 | ---- | M] (CrystalIdea Software) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\CisUtMonitor.sys -- (CisUtMonitor)
DRV - [2011.08.07 13:45:06 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.08.07 13:45:06 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.02.03 00:36:34 | 000,232,960 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009.11.06 04:20:24 | 000,106,880 | ---- | M] (AnyDATA.NET INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adusbser.sys -- (adusbser)
DRV - [2008.08.26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.01.10 19:34:44 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007.05.02 15:32:34 | 000,135,680 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsa.sys -- (nmwcdsa)
DRV - [2007.05.02 15:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacm.sys -- (nmwcdsacm)
DRV - [2007.05.02 15:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacj.sys -- (nmwcdsacj)
DRV - [2007.05.02 15:31:54 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsac.sys -- (nmwcdsac)
DRV - [2004.10.18 15:02:20 | 000,049,152 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....3.1010000&st=10
IE - HKLM\..\SearchScopes,DefaultScope = {0BC6E3FA-78EF-4886-842C-5A1258C4455A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ro-RO
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 D1 04 BB C5 6F CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0BC6E3FA-78EF-4886-842C-5A1258C4455A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0001c6f654eb443
IE - HKCU\..\SearchScopes\{A13074A0-3EF3-4E01-854B-8977D377AF24}: "URL" = http://www.google.co...1I7GUEA_enRO461
IE - HKCU\..\SearchScopes\{AFC3ADD4-572A-4B77-AE1E-0FB34A2A9E89}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}
IE - HKCU\..\SearchScopes\{F52E4F46-0E6B-41DE-8B52-2D272071CEB8}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Adina\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2011.12.07 12:53:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 12:18:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.28 12:18:30 | 000,000,000 | ---D | M]

[2010.12.29 15:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Extensions
[2012.10.18 20:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\extensions
[2012.10.06 00:41:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.18 20:59:15 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\e94gfn82.default\extensions\[email protected]
[2012.10.23 20:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions
[2012.10.06 00:41:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.18 20:59:16 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions\[email protected]
[2012.10.06 00:30:15 | 000,006,796 | ---- | M] () (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions\[email protected]
[2012.07.21 19:28:15 | 000,004,876 | ---- | M] () (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions\[email protected]
[2012.08.22 12:57:35 | 000,222,566 | ---- | M] () (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
[2012.07.25 08:24:14 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.28 12:18:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.10.28 12:18:29 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012.10.28 12:18:33 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.16 11:26:02 | 001,825,680 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.02.25 19:34:03 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.10.13 04:38:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.26 09:39:53 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.10.13 04:38:56 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2011.11.23 07:29:56 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipediaro.xml

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\

O1 HOSTS File: ([2010.05.13 16:53:40 | 000,001,204 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Adina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F6421F5-384B-48E3-9DF6-F92AB8B726DF}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{19a5272d-ea72-11e0-9fb0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{19a5272d-ea72-11e0-9fb0-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Launcher.exe
O33 - MountPoints2\{19a52754-ea72-11e0-9fb0-1c6f654eb443}\Shell - "" = AutoRun
O33 - MountPoints2\{19a52754-ea72-11e0-9fb0-1c6f654eb443}\Shell\AutoRun\command - "" = H:\Launcher.exe
O33 - MountPoints2\{bdc93360-a965-11e1-b753-1c6f654eb443}\Shell - "" = AutoRun
O33 - MountPoints2\{bdc93360-a965-11e1-b753-1c6f654eb443}\Shell\AutoRun\command - "" = H:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk /r \??\H:)
O34 - HKLM BootExecute: (autocheck autochk /r \??\H:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.28 14:21:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Adina\Desktop\OTL.exe
[2012.10.28 12:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.20 05:59:39 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\bacalaureat 2012 DIVERSE
[2012.10.20 05:27:49 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\CV_materialeinspectie_20.10.2012
[2012.10.19 16:31:53 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
[2012.10.18 20:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2012.10.18 20:15:51 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\MASAURI REMEDIALE examen BAC 18.10.2012
[2012.10.17 18:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.10.17 17:50:38 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\Avira
[2012.10.17 17:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.17 17:45:12 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.17 17:45:12 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.10.17 17:45:12 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.17 17:45:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.10.17 17:45:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.17 17:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.10.15 17:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11
[2012.10.15 17:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ABBYY
[2012.10.15 17:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 11
[2012.10.15 16:19:32 | 000,027,600 | ---- | C] (CrystalIdea Software) -- C:\Windows\System32\drivers\CisUtMonitor.sys
[2012.10.15 16:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Tool
[2012.10.15 16:19:32 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\CrystalIdea Software
[2012.10.14 23:11:06 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\materiale pt. lectii mate
[2012.10.13 11:57:17 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\documente catedra 2012-2013
[2012.10.10 20:15:58 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Local\CrashRpt
[2012.10.10 20:15:49 | 000,000,000 | ---D | C] -- C:\Users\Adina\Documents\Smile
[2012.10.10 20:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\Webshots
[2012.10.10 15:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AGI
[2012.10.09 14:55:45 | 000,000,000 | ---D | C] -- C:\Users\Adina\Desktop\poze vechi
[2012.10.06 00:41:06 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.10.06 00:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.10.06 00:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.10.06 00:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.10.06 00:40:10 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\DVDVideoSoft
[2012.10.03 16:55:46 | 000,000,000 | ---D | C] -- C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
[2012.10.03 16:55:43 | 000,000,000 | ---D | C] -- C:\xampp
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.10.28 14:21:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adina\Desktop\OTL.exe
[2012.10.28 14:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.28 14:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.28 13:55:42 | 000,013,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.28 13:55:42 | 000,013,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.28 12:00:04 | 000,705,488 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012.10.28 12:00:04 | 000,627,066 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.28 12:00:04 | 000,131,134 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012.10.28 12:00:04 | 000,107,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.28 11:54:12 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.28 11:54:05 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\IJITECL.job
[2012.10.28 11:54:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.28 11:53:55 | 2660,880,384 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.21 19:16:37 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.10.21 19:09:13 | 000,022,528 | ---- | M] () -- C:\Users\Adina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.20 08:00:59 | 000,092,006 | ---- | M] () -- C:\Users\Adina\Desktop\Mirela_adresascoliplandeactiuneexamenenationale.zip
[2012.10.18 16:27:47 | 000,000,969 | ---- | M] () -- C:\Users\Adina\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012.10.15 16:46:04 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT
[2012.10.14 00:49:52 | 000,003,299 | ---- | M] () -- C:\Users\Adina\Documents\DVDVideo1_DVD.nrd
[2012.10.11 23:23:43 | 000,094,208 | RHS- | M] () -- C:\Windows\System32\fltMCR.dll
[2012.10.11 10:13:53 | 003,979,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.08 06:37:38 | 000,002,835 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Pro 5.lnk
[2012.10.06 01:25:42 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.03 16:55:46 | 000,000,621 | ---- | M] () -- C:\Users\Adina\Desktop\XAMPP Control Panel.lnk
[2012.10.01 16:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.10.20 07:54:00 | 000,092,006 | ---- | C] () -- C:\Users\Adina\Desktop\Mirela_adresascoliplandeactiuneexamenenationale.zip
[2012.10.14 00:49:52 | 000,003,299 | ---- | C] () -- C:\Users\Adina\Documents\DVDVideo1_DVD.nrd
[2012.10.11 23:23:43 | 000,094,208 | RHS- | C] () -- C:\Windows\System32\fltMCR.dll
[2012.10.11 23:23:43 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\IJITECL.job
[2012.10.11 10:29:12 | 000,001,172 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2012.10.11 10:28:47 | 000,001,134 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2012.10.11 10:28:34 | 000,001,227 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2012.10.11 10:27:31 | 000,001,318 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2012.10.11 10:27:26 | 000,001,484 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2012.10.03 16:55:46 | 000,000,621 | ---- | C] () -- C:\Users\Adina\Desktop\XAMPP Control Panel.lnk
[2012.07.08 15:02:21 | 000,000,088 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\usb.inf
[2011.12.15 21:46:12 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2011.12.15 21:31:06 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.12.15 21:30:41 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.12.15 21:30:41 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.12.15 21:30:41 | 000,000,000 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\Filesystems
[2011.12.15 21:30:41 | 000,000,000 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\External Build System
[2011.11.22 19:28:39 | 000,185,248 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\NMM-MetaData.db
[2011.06.17 12:48:03 | 000,000,000 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\chrtmp
[2011.05.13 18:37:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.21 16:43:03 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.04.21 16:42:33 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.17 13:02:14 | 000,004,009 | ---- | C] () -- C:\Users\Adina\AppData\Local\iforex.config
[2011.03.26 21:06:40 | 000,033,134 | ---- | C] () -- C:\Users\Adina\AppData\Roaming\UserTile.png
[2011.03.09 21:12:31 | 000,705,488 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2011.03.09 21:12:31 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2011.03.09 21:12:31 | 000,131,134 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2011.03.09 21:12:31 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2011.02.19 14:57:07 | 000,022,528 | ---- | C] () -- C:\Users\Adina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.09 18:57:00 | 000,004,096 | -H-- | C] () -- C:\Users\Adina\AppData\Local\keyfile3.drm
[2010.12.30 16:04:21 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.12.29 17:33:51 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2010.12.29 17:33:41 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp2ml3.dll
[2010.12.29 15:40:08 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.29 15:30:58 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.12.29 15:30:58 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.12.29 15:23:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.29 15:04:21 | 000,007,663 | ---- | C] () -- C:\Users\Adina\AppData\Local\Resmon.ResmonCfg
[2010.12.29 14:58:22 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010.12.29 14:58:22 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.12.29 14:58:22 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.12.29 14:58:22 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.12.29 14:55:18 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011.01.21 21:59:18 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\ACD Systems
[2011.04.14 11:01:01 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\adma
[2012.10.28 14:17:52 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\AIMP3
[2011.06.21 18:43:24 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Auslogics
[2011.09.17 23:22:41 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\AutoCorect Contemporan
[2012.06.18 15:40:49 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\BSplayer
[2011.01.08 19:58:08 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\BSplayer Pro
[2011.06.20 18:58:23 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Canon
[2012.01.16 02:03:56 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.01.16 01:47:13 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.10.15 16:19:32 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\CrystalIdea Software
[2012.05.29 19:12:20 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\DAEMON Tools Lite
[2011.09.10 10:13:00 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Design Science
[2012.06.09 20:50:57 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Dropbox
[2012.10.06 00:41:14 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\DVDVideoSoft
[2012.10.06 00:41:06 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.25 11:50:36 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\FireShot
[2010.12.29 17:42:22 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Foxit Software
[2011.10.02 00:39:23 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\GetRightToGo
[2011.06.26 17:47:19 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\GrabPro
[2011.10.02 00:55:30 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\ImTOO Software Studio
[2012.10.18 20:57:26 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\IObit
[2011.05.22 15:50:22 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\IrfanView
[2011.03.19 16:06:19 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\iSpring Solutions
[2011.12.06 16:54:46 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\iWin
[2011.02.20 22:43:35 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Leadertech
[2012.03.04 16:05:26 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Media Finder
[2012.10.07 11:23:15 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Mp3tag
[2011.09.27 14:43:07 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Multimedia Player
[2011.04.19 20:27:26 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Nitro PDF
[2012.05.22 17:49:43 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Octoshape
[2011.03.27 16:36:12 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\OpenCandy
[2011.09.27 12:44:58 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\PC Suite
[2011.06.26 17:47:21 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\ProgSense
[2012.10.07 11:18:00 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\QuickScan
[2011.11.22 19:28:39 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Samsung
[2011.12.09 14:57:37 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\TeamViewer
[2012.03.31 12:56:23 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Total Eclipse
[2010.12.30 22:16:12 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\TuneUp Software
[2011.01.06 00:45:23 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Uniblue
[2012.10.28 14:28:35 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\uTorrent
[2011.09.13 16:08:30 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Webshots
[2012.09.02 13:22:42 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\Xilisoft
[2010.12.29 15:29:57 | 000,000,000 | ---D | M] -- C:\Users\Adina\AppData\Roaming\XnView

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0E1DD4C5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:66C6A515
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:290A724C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >


















OTL Extras logfile created on: 28.10.2012 14:21:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adina\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

3,30 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 50,50% Memory free
4,30 Gb Paging File | 2,27 Gb Available in Paging File | 52,82% Paging File free
Paging file location(s): c:\pagefile.sys 1024 3096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 32,92 Gb Free Space | 33,74% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 30,73 Gb Free Space | 8,35% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 8,40 Gb Free Space | 3,61% Space Free | Partition Type: NTFS

Computer Name: ADINA-PC | User Name: Adina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\WinHlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.txt [@ = AutoCorectFile] -- C:\Program Files\AutoCorect\AutoCorect.exe (Softset)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\WinHlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 5.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\5.0\ACDSeeQVPro5.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A106EB-7846-4F71-B237-09B4C16D430B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0665E938-AB62-43B7-A5D3-A572046FCFB8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{08E9C034-F393-4248-BC8C-6347B472EC87}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1283EE64-67B8-49E3-8CC5-F8202DFA2352}" = lport=445 | protocol=6 | dir=in | app=system |
"{17A422C2-EBB5-4049-953A-7403E91966C2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{18CFFAB7-3330-4A8E-90CB-8FB3F00ED22B}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{1F82D55E-8EF8-4A18-9F85-F0BA84DAAA4A}" = lport=137 | protocol=17 | dir=in | app=system |
"{210B966D-149D-4934-90E6-CDED8BFE8E3E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{227D9AFF-C68C-430B-AA9B-3E20F95AB81B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F3484F8-9058-45BD-8ECF-442B0EBCE8FE}" = rport=138 | protocol=17 | dir=out | app=system |
"{3335508D-081A-46B7-9A40-0D42F1F90495}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4DF32C77-F525-4860-A94E-780DD0B989AE}" = lport=139 | protocol=6 | dir=in | app=system |
"{5164DB39-BE91-418A-B923-0FE12AE7033E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5311A714-F81F-41E3-B88D-CBA3A9E56A01}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{57AFCC31-A0BA-4B76-8B4C-4A00A5DFE862}" = rport=137 | protocol=17 | dir=out | app=system |
"{59D26556-EB7A-4D7C-BA06-465F9257756A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6171278E-55CC-4C75-9A1D-E48E66D2EB56}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{665E8FAE-C2D6-40FD-8C6A-1D901E1A40F0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6E775984-FB8E-4028-ACC0-305A3DDDE1D0}" = lport=138 | protocol=17 | dir=in | app=system |
"{8B3A8531-0C09-40C1-A7C0-F01972FFD3F0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CEB490A7-41E1-4214-A714-3BEF6AF6B25C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB0BED99-930D-4D57-9866-D5918D576387}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{DE77401D-4690-4D3E-AD3D-6BED4C5146E8}" = rport=445 | protocol=6 | dir=out | app=system |
"{F6FB9D6C-2E56-45BD-9365-CCB818D55556}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{FDEC0E45-5211-4762-9383-A9B84AF3C2AD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{FF83ACD7-E467-45BB-AC82-6A1B73A91525}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B80918-3EB5-45EF-B035-B884446B8EE9}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{10742BAC-21E8-403A-851E-9F2839D8236B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{14AA5E64-871B-4862-833A-E2D8D5B86382}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A0A0BA3-B9CA-489A-97B0-7268C5210D64}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{3E058F7C-6448-4E22-9F79-00BF85A1AEE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42D946DA-00AA-4907-B8B9-C53E617502AB}" = protocol=6 | dir=in | app=c:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe |
"{59C12610-771C-4EA1-B6E8-6901E44EE7BD}" = protocol=17 | dir=in | app=c:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe |
"{68DBA296-6AF6-407A-AA5F-A90577BF17F8}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{6A62ADFD-372A-4870-BCD5-1CDDEB521DF5}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{70FAF749-8C54-4F9B-94D6-82F665374C6A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{76E46BDA-2D6B-4623-9FD6-DEA60B4076B0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7817BBCF-8D10-44B5-B08E-F20B4ABD8362}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A4AE856-710B-4F50-B567-8444274A93D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7A8453E0-C825-4696-A740-412E450C8523}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{7C154415-6BDE-4231-95E7-19CFFE45DE68}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{7CB4D38C-224E-4719-98B1-2FFB03E05E48}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{879A6BBD-2B1A-4408-8296-509CB3D89873}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{93EEDF9E-6009-4136-A541-934BA948EE0B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{A1709533-D2D9-4FD3-9C6D-EC830A9E00D9}" = protocol=6 | dir=out | app=system |
"{A39A3DFD-30F4-4C4D-8017-EFDD53D28D68}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC796949-8E92-412A-8D11-E9D9A81D3A73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B3FB211D-F1AD-472A-BD68-C10FACBC7A53}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BC3E328D-DE4B-4DE8-AFC0-9848E5094B23}" = protocol=6 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{BC97ED64-6748-4420-87AB-E35771FCD201}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{C6BFCF99-777B-4707-8BF9-77412F7E68DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C772B847-25C6-4491-B59C-9283729B6E5A}" = protocol=17 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{CCDF49A1-5587-4CD3-980E-0A7F24779B51}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE238F28-C517-4690-969D-1054C95A01D8}" = protocol=17 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{D0D2E486-7DC9-4CCD-949C-109944275E0F}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{D6DC5F11-77A8-41B1-8F3D-2289A869B058}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{DDEB5AD4-F4D8-44F6-AB47-8EE114623C13}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E5FD7B13-4031-4DFD-8AA2-B00D5ED6F89F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F3186F03-2B4E-40B9-8F19-D55C9F5489AD}" = protocol=6 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{F4ABE299-544F-43DE-9FE3-BED36B1A5257}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FA24696C-436F-4E5D-A9BF-46624093BBF7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"TCP Query User{0CA13DEB-B693-4380-AA4D-02AB345C0BC6}C:\users\adina\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\adina\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{16698D35-A8D6-42C1-9BDE-A3CBE4AD2285}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{16EBAF60-6C3F-442F-ACBD-46841E4EB723}C:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{1BAB3BD8-D737-4127-B89A-DD49288A1E2D}C:\program files\strongdc++\strongdc.exe" = protocol=6 | dir=in | app=c:\program files\strongdc++\strongdc.exe |
"TCP Query User{3D2EED05-3361-4100-8333-386B4A9E3582}C:\program files\strongdc++\strongdc.exe" = protocol=6 | dir=in | app=c:\program files\strongdc++\strongdc.exe |
"TCP Query User{7A8CC01B-01CC-4E84-B1F5-D5523CEF306E}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{A5620B3E-672B-456D-AA42-6E13098C9E53}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{D1403207-B4FB-4F4C-8015-DC56371CAF81}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E9407B41-F6B2-4672-8F0D-EEDD4347741D}C:\program files\nero\nero burning rom\nero.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero burning rom\nero.exe |
"UDP Query User{11026EFF-346B-4260-9700-10F109AE78AE}C:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\adina\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4296701F-0F01-460F-961E-9DE63469F2A0}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{4515A6ED-7885-47BD-A2BA-12E5D68A4C6F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{49B4820D-4A37-4713-AAF0-823AFD4E8C46}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{5D84BD84-3719-488F-8B2C-F62CB6E530C1}C:\program files\strongdc++\strongdc.exe" = protocol=17 | dir=in | app=c:\program files\strongdc++\strongdc.exe |
"UDP Query User{5E5A275A-7D95-49BC-B5D5-E31D1B1B29D6}C:\program files\nero\nero burning rom\nero.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero burning rom\nero.exe |
"UDP Query User{88E936EF-A781-4A68-85ED-FB31CE5C505C}C:\users\adina\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\adina\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{D58571BA-865B-446E-AD6C-F77077C7C9E0}C:\program files\strongdc++\strongdc.exe" = protocol=17 | dir=in | app=c:\program files\strongdc++\strongdc.exe |
"UDP Query User{E92AB952-607B-491B-9054-5B580B2F30CE}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0DB87EAC-F695-4D59-9609-C93119AE6B35}" = SAMSUNG Dr.Printer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460" = Canon MP460
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1D2CF076-A63F-41A5-00A1-5924FADFAD9D}" = The Godfather™ The Game
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 29
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}" = ACDSee Pro 5
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{631A0B87-B0B7-4B47-00A2-119A4B942EB6}" = Clive Barker's Undying™
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BFDC0CD-ADF5-49F6-8A47-3177EF2AE6D2}" = Google Book Downloader
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70E4E07C-4C81-4B19-9D49-37AEB65E3A6B}_is1" = Smile Desktop version 1.0.4.259
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901F0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Proofing Tools
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92E64C51-5096-442F-9A44-61CB2941391D}" = ACDSee 4.0 PowerPack Suite
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6F6C80-1C35-4672-BDEF-F26FF214C409}" = Samsung PC Studio 7
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-2448-0000-A00000000003}" = Chinese Traditional Fonts Support For Adobe Reader X
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{EACCC042-848D-4166-9D97-B13D1D108722}" = Google Drive
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F1100000-0010-0000-0000-074957833700}" = ABBYY FineReader 11 Corporate Edition
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"AIMP3" = AIMP3
"AutoCorect stil contemporan_is1" = AutoCorect 4.1.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Defraggler" = Defraggler
"DSMT6" = MathType 6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fallout New Vegas_is1" = Fallout New Vegas
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"HaaliMkx" = Haali Media Splitter
"IrfanView" = IrfanView (remove only)
"iWinArcade" = iWin Games (remove only)
"Jewel Quest" = Jewel Quest (remove only)
"Jewel Quest II" = Jewel Quest II (remove only)
"Jewel Quest Online Party" = Jewel Quest Online Party (remove only)
"Mah Jong Quest II" = Mah Jong Quest II (remove only)
"Mah Jong Quest III" = Mah Jong Quest III (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.0" = Canon MP Navigator 3.0
"Mp3tag" = Mp3tag v2.51
"Nero8Lite_is1" = Nero 8 Micro
"Picasa 3" = Picasa 3
"Samsung ML-1640 Series" = Samsung ML-1640 Series
"Samsung PC Studio 7" = Samsung PC Studio 7
"SpywareBlaster_is1" = SpywareBlaster 4.6
"TeamViewer 6" = TeamViewer 6
"Totalcmd" = Total Commander (Remove or Repair)
"Uninstall Tool_is1" = Uninstall Tool
"uTorrent" = µTorrent
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 2.0.2
"VobSub" = VobSub v2.23 (Remove Only)
"WavePad" = WavePad Sound Editor
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"Wordscape Online Party" = Wordscape Online Party (remove only)
"xampp" = XAMPP 1.8.1
"Xilisoft MP4 to DVD Converter" = Xilisoft MP4 to DVD Converter
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Yahoo! Messenger" = Yahoo! Messenger
"YTD PRO INSTALLER Crack Version" = YTD PRO INSTALLER Crack Version

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Octoshape Streaming Services" = Octoshape Streaming Services
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23.04.2012 11:35:25 | Computer Name = Adina-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 23.04.2012 12:35:25 | Computer Name = Adina-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 23.04.2012 13:10:25 | Computer Name = Adina-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 23.04.2012 13:35:25 | Computer Name = Adina-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 23.04.2012 14:35:25 | Computer Name = Adina-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 23.04.2012 15:10:25 | Computer Name = Adina-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 23.04.2012 15:35:25 | Computer Name = Adina-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 23.04.2012 16:35:25 | Computer Name = Adina-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 24.04.2012 07:08:47 | Computer Name = Adina-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 24.04.2012 07:44:14 | Computer Name = Adina-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung
PC Studio 7\TIS_VistaPIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 24.04.2012 23:50:03 | Computer Name = Adina-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 25.04.2012 00:40:09 | Computer Name = Adina-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

[ Media Center Events ]
Error - 11.02.2011 12:51:02 | Computer Name = Adina-PC | Source = MCUpdate | ID = 0
Description = 6:51:02 PM - Error connecting to the internet. 6:51:02 PM - Unable
to contact server..

Error - 11.02.2011 12:51:34 | Computer Name = Adina-PC | Source = MCUpdate | ID = 0
Description = 6:51:31 PM - Error connecting to the internet. 6:51:31 PM - Unable
to contact server..

Error - 11.02.2011 13:52:13 | Computer Name = Adina-PC | Source = MCUpdate | ID = 0
Description = 7:52:13 PM - Error connecting to the internet. 7:52:13 PM - Unable
to contact server..

Error - 11.02.2011 13:52:43 | Computer Name = Adina-PC | Source = MCUpdate | ID = 0
Description = 7:52:42 PM - Error connecting to the internet. 7:52:42 PM - Unable
to contact server..

Error - 12.02.2011 00:54:00 | Computer Name = Adina-PC | Source = MCUpdate | ID = 0
Description = 6:54:00 AM - Error connecting to the internet. 6:54:00 AM - Unable
to contact server..

Error - 12.02.2011 00:54:32 | Computer Name = Adina-PC | Source = MCUpdate | ID = 0
Description = 6:54:29 AM - Error connecting to the internet. 6:54:30 AM - Unable
to contact server..

Error - 12.02.2011 01:55:10 | Computer Name = Adina-PC | Source = MCUpdate | ID = 0
Description = 7:55:10 AM - Error connecting to the internet. 7:55:10 AM - Unable
to contact server..

Error - 12.02.2011 01:55:40 | Computer Name = Adina-PC | Source = MCUpdate | ID = 0
Description = 7:55:39 AM - Error connecting to the internet. 7:55:39 AM - Unable
to contact server..

Error - 15.02.2011 12:26:11 | Computer Name = Adina-PC | Source = MCUpdate | ID = 0
Description = 6:26:11 PM - Error connecting to the internet. 6:26:11 PM - Unable
to contact server..

Error - 15.02.2011 12:26:20 | Computer Name = Adina-PC | Source = MCUpdate | ID = 0
Description = 6:26:16 PM - Error connecting to the internet. 6:26:16 PM - Unable
to contact server..

[ OSession Events ]
Error - 15.03.2012 15:58:47 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 6116 seconds with 4380 seconds of active time. This session ended with a
crash.

Error - 05.05.2012 11:17:05 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5179
seconds with 1380 seconds of active time. This session ended with a crash.

Error - 18.05.2012 17:57:30 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 39
seconds with 0 seconds of active time. This session ended with a crash.

Error - 06.07.2012 13:06:21 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 246
seconds with 240 seconds of active time. This session ended with a crash.

Error - 06.07.2012 13:06:32 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12.09.2012 14:58:04 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8804
seconds with 6420 seconds of active time. This session ended with a crash.

Error - 13.09.2012 03:48:26 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8865
seconds with 4680 seconds of active time. This session ended with a crash.

Error - 13.09.2012 03:51:42 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 185
seconds with 180 seconds of active time. This session ended with a crash.

Error - 13.09.2012 04:22:48 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1851
seconds with 1620 seconds of active time. This session ended with a crash.

Error - 13.09.2012 04:49:50 | Computer Name = Adina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1610
seconds with 1560 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 23.10.2012 23:06:40 | Computer Name = Adina-PC | Source = DCOM | ID = 10001
Description =

Error - 24.10.2012 04:31:26 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%193

Error - 25.10.2012 00:09:56 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%193

Error - 25.10.2012 04:25:10 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%193

Error - 25.10.2012 08:31:39 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%193

Error - 26.10.2012 04:56:24 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%193

Error - 27.10.2012 02:01:13 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%193

Error - 28.10.2012 05:54:07 | Computer Name = Adina-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%193

Error - 28.10.2012 05:55:24 | Computer Name = Adina-PC | Source = DCOM | ID = 10001
Description =

Error - 28.10.2012 06:00:45 | Computer Name = Adina-PC | Source = DCOM | ID = 10001
Description =


< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 28 October 2012 - 08:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets check you out

CLEAR THE BAD TOOLBARS

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

THEN

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
    Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.

  • 0

#3
Kristina
Posted 28 October 2012 - 08:53 AM

Kristina

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts
Hi and thank you for the quick reply!

Here are the logs:



# AdwCleaner v2.005 - Logfile created 10/28/2012 at 16:45:55
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (32 bits)
# User : Adina - ADINA-PC
# Boot Mode : Normal
# Running from : C:\Users\Adina\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Adina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
File Deleted : C:\Users\Adina\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
File Deleted : C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\searchplugins\SweetIm.xml
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\[email protected]
Folder Deleted : C:\ProgramData\AGI
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Adina\AppData\Local\Babylon
Folder Deleted : C:\Users\Adina\AppData\Local\Conduit
Folder Deleted : C:\Users\Adina\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Adina\AppData\LocalLow\AGI
Folder Deleted : C:\Users\Adina\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Adina\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Adina\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Adina\AppData\Roaming\iWin
Folder Deleted : C:\Users\Adina\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Adina\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]
Folder Deleted : C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\ConduitCommon
Folder Deleted : C:\Users\Adina\AppData\Roaming\OpenCandy
Folder Deleted : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AGI
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AGI
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000&st=10 --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\prefs.js

C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\lev0xhsv.default\user.js ... Deleted !

Deleted : user_pref("CT2786678..clientLogIsEnabled", true);
Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Deleted : user_pref("CT2786678.CTID", "CT2786678");
Deleted : user_pref("CT2786678.CurrentServerDate", "28-10-2011");
Deleted : user_pref("CT2786678.DSInstall", true);
Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Fri Sep 30 2011 15:30:44 GMT+0300 (GTB Daylight T[...]
Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Deleted : user_pref("CT2786678.EMailNotifierCheckInterval", "5");
Deleted : user_pref("CT2786678.EMailNotifierLabelLength", 5);
Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Fri Sep 30 2011 23:56:00 GMT+0300 (GTB Daylight Time)"[...]
Deleted : user_pref("CT2786678.EMailNotifierSound", "DEFAULT");
Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 34);
Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Fri Sep 30 2011 15:30:45 GMT+0300 (GTB Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Fri Sep 30 2011 15:30:44 GMT+0300 (GTB Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Fri Sep 30 2011 15:30:44 GMT+0300 (GTB Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Fri Sep 30 2011 15:30:44 GMT+0300 (GTB Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Fri Sep 30 2011 15:30:45 GMT+0300 (GTB Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Fri Sep 30 2011 15:30:45 GMT+0300 (GTB Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Fri Sep 30 2011 15:30:44 GMT+0300 (GTB Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Fri Sep 30 2011 15:30:45 GMT+0300 (GTB Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Fri Sep 30 2011 15:30:45 GMT+0300 (GTB Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Fri Sep 30 2011 15:30:45 GMT+0300 (GTB Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Fri Sep 30 2011 15:30:44 GMT+0300 (GTB Dayli[...]
Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2786678.FirstServerDate", "28-10-2011");
Deleted : user_pref("CT2786678.FirstTime", true);
Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2786678.HPInstall", false);
Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2786678.HomepageBeforeUnload", "hxxp://www.google.ro");
Deleted : user_pref("CT2786678.Initialize", true);
Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2786678.InstalledDate", "Fri Sep 30 2011 15:30:44 GMT+0300 (GTB Daylight Time)");
Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);
Deleted : user_pref("CT2786678.IsGrouping", false);
Deleted : user_pref("CT2786678.IsInitSetupIni", true);
Deleted : user_pref("CT2786678.IsMulticommunity", false);
Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Fri Sep 30 2011 15:30:45 GMT+0300 (GTB Daylight Ti[...]
Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2786678.LastLogin_3.7.0.6", "Fri Sep 30 2011 23:56:01 GMT+0300 (GTB Daylight Time)");
Deleted : user_pref("CT2786678.LatestVersion", "3.7.0.6");
Deleted : user_pref("CT2786678.Locale", "en");
Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2786678.MCDetectTooltipShow", false);
Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2786678.MyStuffComponents297851811", false);
Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2786678.OriginalFirstVersion", "3.7.0.6");
Deleted : user_pref("CT2786678.SearchBoxWidth", 100);
Deleted : user_pref("CT2786678.SearchCaption", " ");
Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "Google");
Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Fri Sep 30 2011 15:30:45 GMT+0300 (GTB Daylight [...]
Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2786678.SearchProtectorEnabled", false);
Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT2786678.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Fri Sep 30 2011 15:30:43 GMT+0300 (GTB Daylight Time[...]
Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Fri Sep 30 2011 23:56:00 GMT+0300 (GTB Daylight Time)"[...]
Deleted : user_pref("CT2786678.SettingsLastUpdate", "1314985690");
Deleted : user_pref("CT2786678.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");
Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Fri Sep 30 2011 15:30:43 GMT+0300 (GTB Dayligh[...]
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2786678.ToolbarDisabled", true);
Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2786678.UserID", "UN94098946709331786");
Deleted : user_pref("CT2786678.ValidationData_Search", 0);
Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2786678.WeatherNetwork", "");
Deleted : user_pref("CT2786678.WeatherPollDate", "Fri Sep 30 2011 16:34:50 GMT+0300 (GTB Daylight Time)");
Deleted : user_pref("CT2786678.WeatherUnit", "C");
Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Deleted : user_pref("CT2786678.approveUntrustedApps", false);
Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "4672692053657020333020323031312031353A33313A31322[...]
Deleted : user_pref("CT2786678.backendstorage.currenttorrent", "3432464641343333373541354230354239354534393835[...]
Deleted : user_pref("CT2786678.backendstorage.pairingkey", "37373430444139423638423733364434333735463643334334[...]
Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F7777772E766964656F6C616E2E6F72672F7[...]
Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333137333836303733343538");
Deleted : user_pref("CT2786678.backendstorage.uttorrents", "7B226275696C64223A32353830362C226C6162656C223A5B5D[...]
Deleted : user_pref("CT2786678.components.1000034", true);
Deleted : user_pref("CT2786678.components.1000234", false);
Deleted : user_pref("CT2786678.components.129295698017012804", false);
Deleted : user_pref("CT2786678.components.129309485163350924", false);
Deleted : user_pref("CT2786678.components.129309489763975460", false);
Deleted : user_pref("CT2786678.components.129315411424256896", false);
Deleted : user_pref("CT2786678.components.129526967958500204", false);
Deleted : user_pref("CT2786678.components.129579220236217502", false);
Deleted : user_pref("CT2786678.components.5690698542593514850", false);
Deleted : user_pref("CT2786678.counterAppsAdded", 1);
Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Fri Sep 30 2011 23:56:01 GMT+0300 (GTB Dayl[...]
Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.initDone", true);
Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2786678.myStuffEnabled", true);
Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129295698017012804[...]
Deleted : user_pref("CT2786678.revertSettingsEnabled", true);
Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.testingCtid", "");
Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Fri Sep 30 2011 15:30:44 GMT+0300 (GTB Dayli[...]
Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Fri Sep 30 2011 15:30:45 GMT+0300 (GTB Dayli[...]
Deleted : user_pref("CT2786678.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/RO", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1417646/1413302/RO", "\"1-2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"c88[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Adina\\AppData\\Roaming\\Mozilla\\F[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.triplegames.com/shared/apps/gamearcade/ar[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://click.linksynergy.com/fs-bin/click?id=8TgJQBd[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://listen.grooveshark.com/ ", "800x586");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://youtube.conduitapps.com/v115/gadget.php?appMo[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=mcafee[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Sep 30 2011 15:30:45 GMT+0300 (GTB[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "d9210650-e718-481a-b4c9-450af02d011e");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Sep 30 2011 15:30:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Sep 30 2011 18:22:26 GMT+030[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Sep 30 2011 15:30:44 GMT+0300 (G[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "43ee46d7-844a-4eeb-b04f-de2e30564e77");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.ro");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Deleted : user_pref("browser.search.defaultenginename", "SweetIM Search");
Deleted : user_pref("browser.search.order.1", "Web Search");
Deleted : user_pref("extensions.50767e97e6864.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.aniweather.timeShifted", 1748013);
Deleted : user_pref("quickstores.toolbar.affid", "2017");
Deleted : user_pref("quickstores.toolbar.guid", "{99780A1D-3B1D-1D89-3BE2-C2DC5698ECD6}");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Yahoo");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://google.ro");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000&st=10");

Profile name : default
File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1sq91csa.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Adina\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [20406 octets] - [28/10/2012 16:45:55]

########## EOF - C:\AdwCleaner[S1].txt - [20467 octets] ##########









RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Adina [Admin rights]
Mode : Scan -- Date : 10/28/2012 16:50:46

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤
[TASK][SUSP PATH] {722176A9-A517-4824-8D63-FFC830D36ABB} : C:\Windows\System32\pcalua.exe -a C:\Users\Adina\Desktop\bsplayer258.1058.exe -d "C:\Program Files\Mozilla Firefox" -> FOUND
[TASK][SUSP PATH] {8AF96D41-7E91-4E4E-8711-0B830CA600CF} : C:\Windows\System32\pcalua.exe -a C:\ProgramData\Installations\{AB6F6C80-1C35-4672-BDEF-F26FF214C409}\Samsung_PC_Studio_7.2.24.9.exe -> FOUND
[TASK][SUSP PATH] {B8215E94-C18C-4CB2-88C4-07A1760AFCDC} : C:\Windows\System32\pcalua.exe -a C:\Users\Adina\AppData\Local\Temp\{F8604589-275F-41CA-BDD5-79EE3B45C918}\adobeshockwavextrabundle.exe -d C:\Users\Adina\Desktop -c /xtrabundle=BC_SwaStrm -> FOUND
[TASK][SUSP PATH] {E23512AD-CA5D-461D-BF37-8B1DCF23CCDA} : C:\Windows\System32\pcalua.exe -a C:\Users\Adina\Desktop\MsiZap.exe -d C:\Users\Adina\Desktop -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[84] : NtCreateSection @ 0x82E6C06D -> HOOKED (Unknown @ 0x8F453596)
SSDT[299] : NtRequestWaitReplyPort @ 0x82E86A63 -> HOOKED (Unknown @ 0x8F4535A0)
SSDT[316] : NtSetContextThread @ 0x82F26745 -> HOOKED (Unknown @ 0x8F45359B)
SSDT[347] : NtSetSecurityObject @ 0x82E4A742 -> HOOKED (Unknown @ 0x8F4535A5)
SSDT[368] : NtSystemDebugControl @ 0x82ECE6BC -> HOOKED (Unknown @ 0x8F4535AA)
SSDT[370] : NtTerminateProcess @ 0x82EA3BFB -> HOOKED (Unknown @ 0x8F453537)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8F4535BE)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8F4535C3)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAJB-00WGA0 ATA Device +++++
--- User ---
[MBR] 5231831356bf3feb3c8aceb614c6e456
[BSP] e1039ea1997a15c7530702acec90c1cd : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD5000AAKS-00A7B2 ATA Device +++++
--- User ---
[MBR] 0b735270b10fc1d2a35744d280a35c05
[BSP] 55abaa3f14ff4165fb3931f73505a1ed : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99899 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204800000 | Size: 376938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WD 2500BEV External USB Device +++++
--- User ---
[MBR] ed66a3eb86da702d987f0700a5e19124
[BSP] d0ec2211ba2260ee6d54a28c5292c11f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#4
Essexboy
Posted 28 October 2012 - 09:01 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm that has given me pause for thought... Lots of bad stuff gone there, so lets check out my other concern

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#5
Kristina
Posted 28 October 2012 - 09:15 AM

Kristina

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts
I ran the program and it found 7 threats, but there is no "Cure" button.



17:14:15.0893 2188 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
17:14:16.0015 2188 ============================================================
17:14:16.0015 2188 Current date / time: 2012/10/28 17:14:16.0015
17:14:16.0015 2188 SystemInfo:
17:14:16.0015 2188
17:14:16.0015 2188 OS Version: 6.1.7601 ServicePack: 1.0
17:14:16.0015 2188 Product type: Workstation
17:14:16.0015 2188 ComputerName: ADINA-PC
17:14:16.0015 2188 UserName: Adina
17:14:16.0015 2188 Windows directory: C:\Windows
17:14:16.0015 2188 System windows directory: C:\Windows
17:14:16.0015 2188 Processor architecture: Intel x86
17:14:16.0015 2188 Number of processors: 4
17:14:16.0015 2188 Page size: 0x1000
17:14:16.0015 2188 Boot type: Normal boot
17:14:16.0015 2188 ============================================================
17:14:16.0774 2188 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:14:16.0782 2188 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
17:14:16.0784 2188 Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:14:16.0785 2188 ============================================================
17:14:16.0785 2188 \Device\Harddisk0\DR0:
17:14:16.0785 2188 MBR partitions:
17:14:16.0785 2188 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
17:14:16.0785 2188 \Device\Harddisk1\DR1:
17:14:16.0785 2188 MBR partitions:
17:14:16.0785 2188 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:14:16.0785 2188 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31D800
17:14:16.0785 2188 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x2E035000
17:14:16.0786 2188 \Device\Harddisk2\DR2:
17:14:16.0786 2188 MBR partitions:
17:14:16.0786 2188 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
17:14:16.0786 2188 ============================================================
17:14:16.0798 2188 C: <-> \Device\Harddisk1\DR1\Partition2
17:14:16.0826 2188 D: <-> \Device\Harddisk1\DR1\Partition3
17:14:16.0839 2188 E: <-> \Device\Harddisk0\DR0\Partition1
17:14:16.0842 2188 I: <-> \Device\Harddisk2\DR2\Partition1
17:14:16.0842 2188 ============================================================
17:14:16.0842 2188 Initialize success
17:14:16.0842 2188 ============================================================
17:14:29.0553 4520 ============================================================
17:14:29.0553 4520 Scan started
17:14:29.0553 4520 Mode: Manual; SigCheck; TDLFS;
17:14:29.0553 4520 ============================================================
17:14:30.0175 4520 ================ Scan system memory ========================
17:14:30.0175 4520 System memory - ok
17:14:30.0175 4520 ================ Scan services =============================
17:14:30.0226 4520 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:14:30.0285 4520 !SASCORE - ok
17:14:30.0408 4520 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:14:30.0437 4520 1394ohci - ok
17:14:30.0561 4520 [ 8912B38E7906BDE9999E4BBDC4E65BDC ] ABBYY.Licensing.FineReader.Corporate.11.0 C:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe
17:14:30.0603 4520 ABBYY.Licensing.FineReader.Corporate.11.0 - ok
17:14:30.0646 4520 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
17:14:30.0664 4520 ACDaemon - ok
17:14:30.0675 4520 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:14:30.0694 4520 ACPI - ok
17:14:30.0700 4520 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:14:30.0719 4520 AcpiPmi - ok
17:14:30.0768 4520 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:14:30.0781 4520 AdobeARMservice - ok
17:14:30.0820 4520 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:14:30.0836 4520 AdobeFlashPlayerUpdateSvc - ok
17:14:30.0865 4520 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:14:30.0883 4520 adp94xx - ok
17:14:30.0899 4520 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:14:30.0912 4520 adpahci - ok
17:14:30.0926 4520 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:14:30.0937 4520 adpu320 - ok
17:14:30.0955 4520 [ E4283B3DE62494325818D60C638CDD51 ] adusbser C:\Windows\system32\DRIVERS\adusbser.sys
17:14:30.0960 4520 adusbser ( UnsignedFile.Multi.Generic ) - warning
17:14:30.0961 4520 adusbser - detected UnsignedFile.Multi.Generic (1)
17:14:31.0025 4520 [ 7652940ADA176D26D8938B9BE309F4EE ] AdvancedSystemCareService6 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
17:14:31.0058 4520 AdvancedSystemCareService6 - ok
17:14:31.0078 4520 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:14:31.0092 4520 AeLookupSvc - ok
17:14:31.0115 4520 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
17:14:31.0131 4520 AFD - ok
17:14:31.0148 4520 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
17:14:31.0158 4520 agp440 - ok
17:14:31.0168 4520 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
17:14:31.0178 4520 aic78xx - ok
17:14:31.0187 4520 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
17:14:31.0199 4520 ALG - ok
17:14:31.0212 4520 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
17:14:31.0222 4520 aliide - ok
17:14:31.0235 4520 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:14:31.0247 4520 amdagp - ok
17:14:31.0260 4520 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
17:14:31.0271 4520 amdide - ok
17:14:31.0277 4520 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:14:31.0291 4520 AmdK8 - ok
17:14:31.0303 4520 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:14:31.0316 4520 AmdPPM - ok
17:14:31.0336 4520 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:14:31.0348 4520 amdsata - ok
17:14:31.0365 4520 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:14:31.0378 4520 amdsbs - ok
17:14:31.0394 4520 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:14:31.0405 4520 amdxata - ok
17:14:31.0445 4520 [ 548DFB36A6B1A8123BBA4DCFE0BEAD83 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:14:31.0456 4520 AntiVirSchedulerService - ok
17:14:31.0498 4520 [ 2FC40C57EECC7C7E400654605E76A0B3 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:14:31.0509 4520 AntiVirService - ok
17:14:31.0569 4520 [ 2467E63FC4F5831898A57FA3482EAFD5 ] Apache2.4 C:\xampp\apache\bin\httpd.exe
17:14:31.0573 4520 Apache2.4 ( UnsignedFile.Multi.Generic ) - warning
17:14:31.0573 4520 Apache2.4 - detected UnsignedFile.Multi.Generic (1)
17:14:31.0597 4520 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
17:14:31.0626 4520 AppID - ok
17:14:31.0649 4520 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:14:31.0675 4520 AppIDSvc - ok
17:14:31.0700 4520 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
17:14:31.0726 4520 Appinfo - ok
17:14:31.0736 4520 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
17:14:31.0748 4520 AppMgmt - ok
17:14:31.0757 4520 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:14:31.0766 4520 arc - ok
17:14:31.0770 4520 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:14:31.0780 4520 arcsas - ok
17:14:31.0790 4520 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:14:31.0815 4520 AsyncMac - ok
17:14:31.0833 4520 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
17:14:31.0842 4520 atapi - ok
17:14:31.0868 4520 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:14:31.0897 4520 AudioEndpointBuilder - ok
17:14:31.0912 4520 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:14:31.0942 4520 Audiosrv - ok
17:14:31.0980 4520 [ 583B68234A159BA64090F3CAE7360F03 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:14:31.0992 4520 avgntflt - ok
17:14:32.0011 4520 [ C499333D8915597FE415F0058EFFD7D2 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:14:32.0022 4520 avipbb - ok
17:14:32.0032 4520 [ 52EC5F852B42136C513B9009A3C27891 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:14:32.0043 4520 avkmgr - ok
17:14:32.0053 4520 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:14:32.0068 4520 AxInstSV - ok
17:14:32.0084 4520 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
17:14:32.0099 4520 b06bdrv - ok
17:14:32.0114 4520 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
17:14:32.0127 4520 b57nd60x - ok
17:14:32.0135 4520 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
17:14:32.0147 4520 BDESVC - ok
17:14:32.0158 4520 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
17:14:32.0183 4520 Beep - ok
17:14:32.0198 4520 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
17:14:32.0224 4520 BFE - ok
17:14:32.0251 4520 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
17:14:32.0281 4520 BITS - ok
17:14:32.0291 4520 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:14:32.0303 4520 blbdrive - ok
17:14:32.0315 4520 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:14:32.0327 4520 bowser - ok
17:14:32.0333 4520 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:14:32.0345 4520 BrFiltLo - ok
17:14:32.0355 4520 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:14:32.0368 4520 BrFiltUp - ok
17:14:32.0391 4520 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
17:14:32.0404 4520 Browser - ok
17:14:32.0420 4520 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:14:32.0436 4520 Brserid - ok
17:14:32.0447 4520 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:14:32.0461 4520 BrSerWdm - ok
17:14:32.0465 4520 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:14:32.0477 4520 BrUsbMdm - ok
17:14:32.0481 4520 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:14:32.0491 4520 BrUsbSer - ok
17:14:32.0494 4520 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:14:32.0506 4520 BTHMODEM - ok
17:14:32.0516 4520 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
17:14:32.0539 4520 bthserv - ok
17:14:32.0546 4520 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:14:32.0571 4520 cdfs - ok
17:14:32.0588 4520 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:14:32.0599 4520 cdrom - ok
17:14:32.0620 4520 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
17:14:32.0645 4520 CertPropSvc - ok
17:14:32.0653 4520 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:14:32.0666 4520 circlass - ok
17:14:32.0698 4520 [ 03809544B21D43B1F40DE67215D4153A ] CisUtMonitor C:\Windows\system32\DRIVERS\CisUtMonitor.sys
17:14:32.0709 4520 CisUtMonitor - ok
17:14:32.0718 4520 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
17:14:32.0731 4520 CLFS - ok
17:14:32.0780 4520 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:14:32.0790 4520 clr_optimization_v2.0.50727_32 - ok
17:14:32.0820 4520 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:14:32.0833 4520 clr_optimization_v4.0.30319_32 - ok
17:14:32.0843 4520 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:14:32.0854 4520 CmBatt - ok
17:14:32.0873 4520 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:14:32.0882 4520 cmdide - ok
17:14:32.0907 4520 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
17:14:32.0927 4520 CNG - ok
17:14:32.0937 4520 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:14:32.0946 4520 Compbatt - ok
17:14:32.0955 4520 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:14:32.0968 4520 CompositeBus - ok
17:14:32.0971 4520 COMSysApp - ok
17:14:32.0976 4520 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:14:32.0985 4520 crcdisk - ok
17:14:33.0008 4520 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:14:33.0020 4520 CryptSvc - ok
17:14:33.0039 4520 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
17:14:33.0053 4520 CSC - ok
17:14:33.0070 4520 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
17:14:33.0088 4520 CscService - ok
17:14:33.0100 4520 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:14:33.0127 4520 DcomLaunch - ok
17:14:33.0144 4520 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
17:14:33.0171 4520 defragsvc - ok
17:14:33.0187 4520 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:14:33.0211 4520 DfsC - ok
17:14:33.0251 4520 [ B327B0CA9FCE58893D456EE2360378AF ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
17:14:33.0256 4520 DgiVecp ( UnsignedFile.Multi.Generic ) - warning
17:14:33.0256 4520 DgiVecp - detected UnsignedFile.Multi.Generic (1)
17:14:33.0281 4520 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:14:33.0308 4520 Dhcp - ok
17:14:33.0321 4520 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
17:14:33.0348 4520 discache - ok
17:14:33.0355 4520 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:14:33.0367 4520 Disk - ok
17:14:33.0395 4520 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:14:33.0409 4520 Dnscache - ok
17:14:33.0433 4520 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
17:14:33.0457 4520 dot3svc - ok
17:14:33.0476 4520 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
17:14:33.0500 4520 DPS - ok
17:14:33.0516 4520 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:14:33.0529 4520 drmkaud - ok
17:14:33.0553 4520 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:14:33.0565 4520 dtsoftbus01 - ok
17:14:33.0594 4520 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:14:33.0616 4520 DXGKrnl - ok
17:14:33.0629 4520 [ 22EF8965101685ADD128F03A2B03CE16 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
17:14:33.0641 4520 E1G60 - ok
17:14:33.0655 4520 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
17:14:33.0681 4520 EapHost - ok
17:14:33.0736 4520 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
17:14:33.0778 4520 ebdrv - ok
17:14:33.0797 4520 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
17:14:33.0808 4520 EFS - ok
17:14:33.0839 4520 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:14:33.0858 4520 ehRecvr - ok
17:14:33.0868 4520 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
17:14:33.0882 4520 ehSched - ok
17:14:33.0895 4520 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:14:33.0913 4520 elxstor - ok
17:14:33.0932 4520 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:14:33.0943 4520 ErrDev - ok
17:14:33.0975 4520 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
17:14:34.0006 4520 EventSystem - ok
17:14:34.0016 4520 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
17:14:34.0039 4520 exfat - ok
17:14:34.0052 4520 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:14:34.0076 4520 fastfat - ok
17:14:34.0094 4520 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
17:14:34.0109 4520 Fax - ok
17:14:34.0122 4520 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:14:34.0132 4520 fdc - ok
17:14:34.0138 4520 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
17:14:34.0162 4520 fdPHost - ok
17:14:34.0171 4520 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
17:14:34.0194 4520 FDResPub - ok
17:14:34.0204 4520 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:14:34.0213 4520 FileInfo - ok
17:14:34.0226 4520 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:14:34.0249 4520 Filetrace - ok
17:14:34.0257 4520 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:14:34.0267 4520 flpydisk - ok
17:14:34.0282 4520 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:14:34.0292 4520 FltMgr - ok
17:14:34.0322 4520 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
17:14:34.0340 4520 FontCache - ok
17:14:34.0378 4520 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:14:34.0395 4520 FontCache3.0.0.0 - ok
17:14:34.0407 4520 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:14:34.0430 4520 FsDepends - ok
17:14:34.0446 4520 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:14:34.0456 4520 Fs_Rec - ok
17:14:34.0473 4520 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:14:34.0488 4520 fvevol - ok
17:14:34.0502 4520 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:14:34.0512 4520 gagp30kx - ok
17:14:34.0515 4520 gdrv - ok
17:14:34.0541 4520 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
17:14:34.0571 4520 gpsvc - ok
17:14:34.0596 4520 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:14:34.0604 4520 gupdate - ok
17:14:34.0612 4520 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:14:34.0621 4520 gupdatem - ok
17:14:34.0635 4520 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:14:34.0644 4520 gusvc - ok
17:14:34.0654 4520 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:14:34.0665 4520 hcw85cir - ok
17:14:34.0687 4520 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:14:34.0703 4520 HdAudAddService - ok
17:14:34.0717 4520 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:14:34.0731 4520 HDAudBus - ok
17:14:34.0752 4520 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:14:34.0764 4520 HidBatt - ok
17:14:34.0774 4520 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:14:34.0788 4520 HidBth - ok
17:14:34.0795 4520 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:14:34.0810 4520 HidIr - ok
17:14:34.0831 4520 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
17:14:34.0859 4520 hidserv - ok
17:14:34.0869 4520 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:14:34.0881 4520 HidUsb - ok
17:14:34.0899 4520 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:14:34.0929 4520 hkmsvc - ok
17:14:34.0949 4520 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:14:34.0964 4520 HomeGroupListener - ok
17:14:34.0983 4520 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:14:34.0998 4520 HomeGroupProvider - ok
17:14:35.0007 4520 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:14:35.0020 4520 HpSAMD - ok
17:14:35.0046 4520 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:14:35.0074 4520 HTTP - ok
17:14:35.0099 4520 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:14:35.0109 4520 hwpolicy - ok
17:14:35.0119 4520 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:14:35.0130 4520 i8042prt - ok
17:14:35.0157 4520 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:14:35.0173 4520 iaStorV - ok
17:14:35.0215 4520 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:14:35.0224 4520 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:14:35.0225 4520 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:14:35.0259 4520 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:14:35.0294 4520 idsvc - ok
17:14:35.0473 4520 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
17:14:35.0575 4520 igfx - ok
17:14:35.0648 4520 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:14:35.0669 4520 iirsp - ok
17:14:35.0700 4520 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
17:14:35.0750 4520 IKEEXT - ok
17:14:35.0774 4520 [ BF31740828A26AB451803E3B35432651 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
17:14:35.0786 4520 IntcDAud - ok
17:14:35.0799 4520 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
17:14:35.0809 4520 intelide - ok
17:14:35.0818 4520 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:14:35.0831 4520 intelppm - ok
17:14:35.0852 4520 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:14:35.0880 4520 IPBusEnum - ok
17:14:35.0886 4520 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:14:35.0911 4520 IpFilterDriver - ok
17:14:35.0941 4520 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:14:35.0970 4520 iphlpsvc - ok
17:14:35.0984 4520 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:14:35.0996 4520 IPMIDRV - ok
17:14:36.0005 4520 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:14:36.0031 4520 IPNAT - ok
17:14:36.0038 4520 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:14:36.0050 4520 IRENUM - ok
17:14:36.0058 4520 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:14:36.0069 4520 isapnp - ok
17:14:36.0082 4520 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:14:36.0094 4520 iScsiPrt - ok
17:14:36.0134 4520 [ FE1A970E7CE330BB844E333C374C6599 ] iWinTrusted C:\Program Files\iWin Games\iWinTrusted.exe
17:14:36.0143 4520 iWinTrusted - ok
17:14:36.0157 4520 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:14:36.0166 4520 kbdclass - ok
17:14:36.0172 4520 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:14:36.0185 4520 kbdhid - ok
17:14:36.0198 4520 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
17:14:36.0210 4520 KeyIso - ok
17:14:36.0227 4520 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:14:36.0239 4520 KSecDD - ok
17:14:36.0254 4520 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:14:36.0266 4520 KSecPkg - ok
17:14:36.0280 4520 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
17:14:36.0308 4520 KtmRm - ok
17:14:36.0318 4520 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
17:14:36.0344 4520 LanmanServer - ok
17:14:36.0352 4520 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:14:36.0378 4520 LanmanWorkstation - ok
17:14:36.0390 4520 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:14:36.0414 4520 lltdio - ok
17:14:36.0439 4520 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:14:36.0468 4520 lltdsvc - ok
17:14:36.0479 4520 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
17:14:36.0506 4520 lmhosts - ok
17:14:36.0517 4520 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:14:36.0529 4520 LSI_FC - ok
17:14:36.0541 4520 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:14:36.0551 4520 LSI_SAS - ok
17:14:36.0563 4520 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:14:36.0572 4520 LSI_SAS2 - ok
17:14:36.0576 4520 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:14:36.0587 4520 LSI_SCSI - ok
17:14:36.0595 4520 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
17:14:36.0619 4520 luafv - ok
17:14:36.0633 4520 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:14:36.0644 4520 MBAMProtector - ok
17:14:36.0685 4520 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:14:36.0719 4520 MBAMService - ok
17:14:36.0734 4520 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:14:36.0750 4520 Mcx2Svc - ok
17:14:36.0765 4520 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:14:36.0777 4520 megasas - ok
17:14:36.0788 4520 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:14:36.0799 4520 MegaSR - ok
17:14:36.0823 4520 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
17:14:36.0849 4520 MMCSS - ok
17:14:36.0855 4520 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
17:14:36.0879 4520 Modem - ok
17:14:36.0902 4520 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:14:36.0914 4520 monitor - ok
17:14:36.0932 4520 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:14:36.0942 4520 mouclass - ok
17:14:36.0952 4520 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:14:36.0964 4520 mouhid - ok
17:14:36.0988 4520 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:14:36.0999 4520 mountmgr - ok
17:14:37.0021 4520 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:14:37.0031 4520 MozillaMaintenance - ok
17:14:37.0048 4520 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
17:14:37.0060 4520 mpio - ok
17:14:37.0064 4520 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:14:37.0088 4520 mpsdrv - ok
17:14:37.0111 4520 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:14:37.0140 4520 MpsSvc - ok
17:14:37.0160 4520 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:14:37.0176 4520 MRxDAV - ok
17:14:37.0190 4520 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:14:37.0203 4520 mrxsmb - ok
17:14:37.0225 4520 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:14:37.0238 4520 mrxsmb10 - ok
17:14:37.0245 4520 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:14:37.0258 4520 mrxsmb20 - ok
17:14:37.0261 4520 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
17:14:37.0270 4520 msahci - ok
17:14:37.0290 4520 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:14:37.0301 4520 msdsm - ok
17:14:37.0312 4520 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
17:14:37.0326 4520 MSDTC - ok
17:14:37.0336 4520 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:14:37.0358 4520 Msfs - ok
17:14:37.0369 4520 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:14:37.0392 4520 mshidkmdf - ok
17:14:37.0402 4520 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:14:37.0411 4520 msisadrv - ok
17:14:37.0431 4520 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:14:37.0457 4520 MSiSCSI - ok
17:14:37.0460 4520 msiserver - ok
17:14:37.0467 4520 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:14:37.0490 4520 MSKSSRV - ok
17:14:37.0501 4520 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:14:37.0524 4520 MSPCLOCK - ok
17:14:37.0527 4520 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:14:37.0550 4520 MSPQM - ok
17:14:37.0558 4520 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:14:37.0569 4520 MsRPC - ok
17:14:37.0575 4520 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:14:37.0584 4520 mssmbios - ok
17:14:37.0588 4520 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:14:37.0610 4520 MSTEE - ok
17:14:37.0613 4520 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:14:37.0623 4520 MTConfig - ok
17:14:37.0635 4520 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
17:14:37.0644 4520 Mup - ok
17:14:37.0690 4520 mysql - ok
17:14:37.0718 4520 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
17:14:37.0773 4520 napagent - ok
17:14:37.0802 4520 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:14:37.0821 4520 NativeWifiP - ok
17:14:37.0876 4520 [ E4534BCCDD1EA7A7A256BB9D6688A5FC ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
17:14:37.0902 4520 NAUpdate - ok
17:14:37.0939 4520 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:14:37.0962 4520 NDIS - ok
17:14:37.0974 4520 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:14:38.0005 4520 NdisCap - ok
17:14:38.0017 4520 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:14:38.0038 4520 NdisTapi - ok
17:14:38.0060 4520 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:14:38.0088 4520 Ndisuio - ok
17:14:38.0113 4520 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:14:38.0135 4520 NdisWan - ok
17:14:38.0148 4520 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:14:38.0171 4520 NDProxy - ok
17:14:38.0179 4520 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:14:38.0204 4520 NetBIOS - ok
17:14:38.0220 4520 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:14:38.0243 4520 NetBT - ok
17:14:38.0248 4520 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
17:14:38.0259 4520 Netlogon - ok
17:14:38.0279 4520 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
17:14:38.0304 4520 Netman - ok
17:14:38.0319 4520 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
17:14:38.0344 4520 netprofm - ok
17:14:38.0364 4520 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:14:38.0372 4520 NetTcpPortSharing - ok
17:14:38.0386 4520 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:14:38.0395 4520 nfrd960 - ok
17:14:38.0423 4520 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:14:38.0452 4520 NlaSvc - ok
17:14:38.0471 4520 [ A579A2CC4768B4B3F7E4F86808EA8206 ] nmwcdsa C:\Windows\system32\drivers\nmwcdsa.sys
17:14:38.0482 4520 nmwcdsa - ok
17:14:38.0493 4520 [ 0A6436274D5CDB33B6AC2FC304037D82 ] nmwcdsac C:\Windows\system32\drivers\nmwcdsac.sys
17:14:38.0502 4520 nmwcdsac - ok
17:14:38.0515 4520 [ 23CA32DEC0F1E68448C9C3C1F2E1DEEE ] nmwcdsacj C:\Windows\system32\drivers\nmwcdsacj.sys
17:14:38.0525 4520 nmwcdsacj - ok
17:14:38.0536 4520 [ 23CA32DEC0F1E68448C9C3C1F2E1DEEE ] nmwcdsacm C:\Windows\system32\drivers\nmwcdsacm.sys
17:14:38.0547 4520 nmwcdsacm - ok
17:14:38.0562 4520 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:14:38.0593 4520 Npfs - ok
17:14:38.0604 4520 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
17:14:38.0629 4520 nsi - ok
17:14:38.0634 4520 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:14:38.0657 4520 nsiproxy - ok
17:14:38.0693 4520 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:14:38.0722 4520 Ntfs - ok
17:14:38.0738 4520 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
17:14:38.0762 4520 Null - ok
17:14:38.0787 4520 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:14:38.0798 4520 nvraid - ok
17:14:38.0816 4520 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:14:38.0827 4520 nvstor - ok
17:14:38.0844 4520 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:14:38.0855 4520 nv_agp - ok
17:14:38.0905 4520 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:14:38.0923 4520 odserv - ok
17:14:38.0944 4520 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:14:38.0955 4520 ohci1394 - ok
17:14:38.0978 4520 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:14:38.0987 4520 ose - ok
17:14:39.0012 4520 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:14:39.0030 4520 p2pimsvc - ok
17:14:39.0059 4520 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
17:14:39.0077 4520 p2psvc - ok
17:14:39.0093 4520 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:14:39.0105 4520 Parport - ok
17:14:39.0149 4520 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:14:39.0171 4520 partmgr - ok
17:14:39.0179 4520 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
17:14:39.0192 4520 Parvdm - ok
17:14:39.0206 4520 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:14:39.0226 4520 PcaSvc - ok
17:14:39.0242 4520 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
17:14:39.0251 4520 pccsmcfd - ok
17:14:39.0262 4520 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
17:14:39.0276 4520 pci - ok
17:14:39.0285 4520 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
17:14:39.0296 4520 pciide - ok
17:14:39.0306 4520 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:14:39.0318 4520 pcmcia - ok
17:14:39.0328 4520 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
17:14:39.0339 4520 pcw - ok
17:14:39.0359 4520 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:14:39.0390 4520 PEAUTH - ok
17:14:39.0416 4520 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:14:39.0438 4520 PeerDistSvc - ok
17:14:39.0491 4520 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
17:14:39.0531 4520 pla - ok
17:14:39.0551 4520 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:14:39.0565 4520 PlugPlay - ok
17:14:39.0572 4520 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:14:39.0587 4520 PNRPAutoReg - ok
17:14:39.0603 4520 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:14:39.0618 4520 PNRPsvc - ok
17:14:39.0634 4520 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:14:39.0665 4520 PolicyAgent - ok
17:14:39.0690 4520 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
17:14:39.0719 4520 Power - ok
17:14:39.0731 4520 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:14:39.0756 4520 PptpMiniport - ok
17:14:39.0770 4520 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:14:39.0781 4520 Processor - ok
17:14:39.0801 4520 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
17:14:39.0815 4520 ProfSvc - ok
17:14:39.0823 4520 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:14:39.0834 4520 ProtectedStorage - ok
17:14:39.0847 4520 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:14:39.0873 4520 Psched - ok
17:14:39.0905 4520 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:14:39.0936 4520 ql2300 - ok
17:14:39.0943 4520 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:14:39.0954 4520 ql40xx - ok
17:14:39.0968 4520 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
17:14:39.0983 4520 QWAVE - ok
17:14:39.0988 4520 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:14:40.0002 4520 QWAVEdrv - ok
17:14:40.0013 4520 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:14:40.0037 4520 RasAcd - ok
17:14:40.0059 4520 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:14:40.0081 4520 RasAgileVpn - ok
17:14:40.0096 4520 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
17:14:40.0125 4520 RasAuto - ok
17:14:40.0133 4520 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:14:40.0158 4520 Rasl2tp - ok
17:14:40.0171 4520 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
17:14:40.0196 4520 RasMan - ok
17:14:40.0205 4520 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:14:40.0231 4520 RasPppoe - ok
17:14:40.0243 4520 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:14:40.0266 4520 RasSstp - ok
17:14:40.0282 4520 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:14:40.0308 4520 rdbss - ok
17:14:40.0320 4520 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:14:40.0333 4520 rdpbus - ok
17:14:40.0362 4520 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:14:40.0388 4520 RDPCDD - ok
17:14:40.0403 4520 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:14:40.0416 4520 RDPDR - ok
17:14:40.0423 4520 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:14:40.0448 4520 RDPENCDD - ok
17:14:40.0460 4520 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:14:40.0482 4520 RDPREFMP - ok
17:14:40.0499 4520 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:14:40.0509 4520 RdpVideoMiniport - ok
17:14:40.0525 4520 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:14:40.0537 4520 RDPWD - ok
17:14:40.0550 4520 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:14:40.0562 4520 rdyboost - ok
17:14:40.0584 4520 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
17:14:40.0608 4520 RemoteAccess - ok
17:14:40.0620 4520 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:14:40.0645 4520 RemoteRegistry - ok
17:14:40.0659 4520 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:14:40.0684 4520 RpcEptMapper - ok
17:14:40.0704 4520 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
17:14:40.0715 4520 RpcLocator - ok
17:14:40.0726 4520 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
17:14:40.0755 4520 RpcSs - ok
17:14:40.0761 4520 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:14:40.0784 4520 rspndr - ok
17:14:40.0809 4520 [ B9D0028390A7BEEBD16CF956955D5C29 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
17:14:40.0825 4520 RTL8167 - ok
17:14:40.0838 4520 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:14:40.0849 4520 s3cap - ok
17:14:40.0856 4520 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
17:14:40.0868 4520 SamSs - ok
17:14:40.0895 4520 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:14:40.0905 4520 SASDIFSV - ok
17:14:40.0916 4520 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:14:40.0927 4520 SASKUTIL - ok
17:14:40.0933 4520 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:14:40.0945 4520 sbp2port - ok
17:14:40.0956 4520 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:14:40.0981 4520 SCardSvr - ok
17:14:40.0996 4520 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:14:41.0019 4520 scfilter - ok
17:14:41.0051 4520 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
17:14:41.0084 4520 Schedule - ok
17:14:41.0096 4520 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:14:41.0118 4520 SCPolicySvc - ok
17:14:41.0140 4520 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:14:41.0153 4520 SDRSVC - ok
17:14:41.0161 4520 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:14:41.0187 4520 secdrv - ok
17:14:41.0190 4520 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
17:14:41.0215 4520 seclogon - ok
17:14:41.0225 4520 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
17:14:41.0250 4520 SENS - ok
17:14:41.0258 4520 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:14:41.0269 4520 SensrSvc - ok
17:14:41.0272 4520 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:14:41.0281 4520 Serenum - ok
17:14:41.0294 4520 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:14:41.0304 4520 Serial - ok
17:14:41.0310 4520 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:14:41.0320 4520 sermouse - ok
17:14:41.0357 4520 [ 3EC8DE67B1C78C31E54C0F030E6BD7D5 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
17:14:41.0366 4520 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
17:14:41.0366 4520 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
17:14:41.0385 4520 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
17:14:41.0410 4520 SessionEnv - ok
17:14:41.0429 4520 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:14:41.0439 4520 sffdisk - ok
17:14:41.0445 4520 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:14:41.0455 4520 sffp_mmc - ok
17:14:41.0459 4520 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:14:41.0470 4520 sffp_sd - ok
17:14:41.0479 4520 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:14:41.0489 4520 sfloppy - ok
17:14:41.0520 4520 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:14:41.0548 4520 SharedAccess - ok
17:14:41.0565 4520 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:14:41.0591 4520 ShellHWDetection - ok
17:14:41.0602 4520 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:14:41.0611 4520 sisagp - ok
17:14:41.0618 4520 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:14:41.0627 4520 SiSRaid2 - ok
17:14:41.0635 4520 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:14:41.0644 4520 SiSRaid4 - ok
17:14:41.0664 4520 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:14:41.0673 4520 SkypeUpdate - ok
17:14:41.0684 4520 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:14:41.0706 4520 Smb - ok
17:14:41.0732 4520 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:14:41.0744 4520 SNMPTRAP - ok
17:14:41.0754 4520 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
17:14:41.0763 4520 spldr - ok
17:14:41.0789 4520 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
17:14:41.0805 4520 Spooler - ok
17:14:41.0879 4520 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
17:14:41.0941 4520 sppsvc - ok
17:14:41.0962 4520 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:14:41.0986 4520 sppuinotify - ok
17:14:42.0011 4520 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:14:42.0024 4520 srv - ok
17:14:42.0038 4520 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:14:42.0053 4520 srv2 - ok
17:14:42.0067 4520 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:14:42.0079 4520 srvnet - ok
17:14:42.0091 4520 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:14:42.0122 4520 SSDPSRV - ok
17:14:42.0138 4520 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
17:14:42.0145 4520 ssmdrv - ok
17:14:42.0152 4520 [ EF3458337D7341A05169CEFC73709264 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
17:14:42.0155 4520 SSPORT ( UnsignedFile.Multi.Generic ) - warning
17:14:42.0155 4520 SSPORT - detected UnsignedFile.Multi.Generic (1)
17:14:42.0165 4520 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:14:42.0189 4520 SstpSvc - ok
17:14:42.0199 4520 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:14:42.0208 4520 stexstor - ok
17:14:42.0235 4520 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
17:14:42.0254 4520 StiSvc - ok
17:14:42.0275 4520 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:14:42.0284 4520 storflt - ok
17:14:42.0296 4520 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
17:14:42.0308 4520 StorSvc - ok
17:14:42.0319 4520 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:14:42.0329 4520 storvsc - ok
17:14:42.0335 4520 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
17:14:42.0345 4520 swenum - ok
17:14:42.0432 4520 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:14:42.0462 4520 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
17:14:42.0462 4520 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
17:14:42.0477 4520 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
17:14:42.0510 4520 swprv - ok
17:14:42.0513 4520 Synth3dVsc - ok
17:14:42.0549 4520 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
17:14:42.0576 4520 SysMain - ok
17:14:42.0594 4520 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:14:42.0611 4520 TabletInputService - ok
17:14:42.0635 4520 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
17:14:42.0661 4520 TapiSrv - ok
17:14:42.0675 4520 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
17:14:42.0702 4520 TBS - ok
17:14:42.0745 4520 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:14:42.0776 4520 Tcpip - ok
17:14:42.0804 4520 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:14:42.0831 4520 TCPIP6 - ok
17:14:42.0848 4520 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:14:42.0872 4520 tcpipreg - ok
17:14:42.0898 4520 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:14:42.0910 4520 TDPIPE - ok
17:14:42.0924 4520 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:14:42.0937 4520 TDTCP - ok
17:14:42.0961 4520 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:14:42.0988 4520 tdx - ok
17:14:43.0067 4520 [ EFD6843C137991CD253CA959E300E886 ] TeamViewer6 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
17:14:43.0116 4520 TeamViewer6 - ok
17:14:43.0125 4520 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:14:43.0135 4520 TermDD - ok
17:14:43.0157 4520 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
17:14:43.0186 4520 TermService - ok
17:14:43.0197 4520 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
17:14:43.0211 4520 Themes - ok
17:14:43.0223 4520 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
17:14:43.0247 4520 THREADORDER - ok
17:14:43.0256 4520 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
17:14:43.0280 4520 TrkWks - ok
17:14:43.0319 4520 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:14:43.0341 4520 TrustedInstaller - ok
17:14:43.0350 4520 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:14:43.0372 4520 tssecsrv - ok
17:14:43.0385 4520 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:14:43.0394 4520 TsUsbFlt - ok
17:14:43.0398 4520 tsusbhub - ok
17:14:43.0416 4520 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:14:43.0438 4520 tunnel - ok
17:14:43.0454 4520 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:14:43.0463 4520 uagp35 - ok
17:14:43.0483 4520 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:14:43.0506 4520 udfs - ok
17:14:43.0519 4520 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:14:43.0530 4520 UI0Detect - ok
17:14:43.0547 4520 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:14:43.0556 4520 uliagpkx - ok
17:14:43.0564 4520 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
17:14:43.0573 4520 umbus - ok
17:14:43.0580 4520 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:14:43.0590 4520 UmPass - ok
17:14:43.0598 4520 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
17:14:43.0610 4520 UmRdpService - ok
17:14:43.0620 4520 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
17:14:43.0646 4520 upnphost - ok
17:14:43.0666 4520 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:14:43.0676 4520 usbccgp - ok
17:14:43.0683 4520 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:14:43.0695 4520 usbcir - ok
17:14:43.0718 4520 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:14:43.0728 4520 usbehci - ok
17:14:43.0745 4520 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:14:43.0757 4520 usbhub - ok
17:14:43.0775 4520 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:14:43.0787 4520 usbohci - ok
17:14:43.0790 4520 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:14:43.0803 4520 usbprint - ok
17:14:43.0820 4520 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:14:43.0834 4520 usbscan - ok
17:14:43.0859 4520 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:14:43.0871 4520 USBSTOR - ok
17:14:43.0878 4520 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:14:43.0889 4520 usbuhci - ok
17:14:43.0901 4520 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
17:14:43.0926 4520 UxSms - ok
17:14:43.0929 4520 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
17:14:43.0940 4520 VaultSvc - ok
17:14:43.0944 4520 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:14:43.0954 4520 vdrvroot - ok
17:14:43.0978 4520 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
17:14:44.0005 4520 vds - ok
17:14:44.0011 4520 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:14:44.0023 4520 vga - ok
17:14:44.0034 4520 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:14:44.0057 4520 VgaSave - ok
17:14:44.0060 4520 VGPU - ok
17:14:44.0077 4520 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:14:44.0088 4520 vhdmp - ok
17:14:44.0093 4520 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:14:44.0103 4520 viaagp - ok
17:14:44.0115 4520 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
17:14:44.0126 4520 ViaC7 - ok
17:14:44.0139 4520 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
17:14:44.0148 4520 viaide - ok
17:14:44.0168 4520 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:14:44.0180 4520 vmbus - ok
17:14:44.0191 4520 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:14:44.0201 4520 VMBusHID - ok
17:14:44.0209 4520 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:14:44.0219 4520 volmgr - ok
17:14:44.0233 4520 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:14:44.0247 4520 volmgrx - ok
17:14:44.0256 4520 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:14:44.0269 4520 volsnap - ok
17:14:44.0279 4520 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:14:44.0290 4520 vsmraid - ok
17:14:44.0322 4520 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
17:14:44.0358 4520 VSS - ok
17:14:44.0382 4520 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:14:44.0395 4520 vwifibus - ok
17:14:44.0421 4520 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
17:14:44.0453 4520 W32Time - ok
17:14:44.0457 4520 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:14:44.0469 4520 WacomPen - ok
17:14:44.0481 4520 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:14:44.0506 4520 WANARP - ok
17:14:44.0509 4520 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:14:44.0533 4520 Wanarpv6 - ok
17:14:44.0572 4520 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:14:44.0602 4520 WatAdminSvc - ok
17:14:44.0628 4520 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
17:14:44.0652 4520 wbengine - ok
17:14:44.0657 4520 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:14:44.0673 4520 WbioSrvc - ok
17:14:44.0697 4520 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:14:44.0717 4520 wcncsvc - ok
17:14:44.0729 4520 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:14:44.0742 4520 WcsPlugInService - ok
17:14:44.0750 4520 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:14:44.0760 4520 Wd - ok
17:14:44.0767 4520 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:14:44.0784 4520 Wdf01000 - ok
17:14:44.0795 4520 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:14:44.0809 4520 WdiServiceHost - ok
17:14:44.0812 4520 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:14:44.0826 4520 WdiSystemHost - ok
17:14:44.0848 4520 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
17:14:44.0863 4520 WebClient - ok
17:14:44.0871 4520 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:14:44.0897 4520 Wecsvc - ok
17:14:44.0903 4520 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:14:44.0926 4520 wercplsupport - ok
17:14:44.0933 4520 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
17:14:44.0957 4520 WerSvc - ok
17:14:44.0969 4520 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:14:44.0991 4520 WfpLwf - ok
17:14:44.0995 4520 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:14:45.0004 4520 WIMMount - ok
17:14:45.0049 4520 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:14:45.0068 4520 WinDefend - ok
17:14:45.0072 4520 WinHttpAutoProxySvc - ok
17:14:45.0121 4520 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:14:45.0160 4520 Winmgmt - ok
17:14:45.0192 4520 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
17:14:45.0227 4520 WinRM - ok
17:14:45.0245 4520 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:14:45.0257 4520 WinUsb - ok
17:14:45.0278 4520 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:14:45.0301 4520 Wlansvc - ok
17:14:45.0314 4520 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:14:45.0326 4520 WmiAcpi - ok
17:14:45.0342 4520 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:14:45.0356 4520 wmiApSrv - ok
17:14:45.0386 4520 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:14:45.0407 4520 WMPNetworkSvc - ok
17:14:45.0421 4520 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:14:45.0433 4520 WPCSvc - ok
17:14:45.0451 4520 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:14:45.0466 4520 WPDBusEnum - ok
17:14:45.0485 4520 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:14:45.0513 4520 ws2ifsl - ok
17:14:45.0524 4520 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
17:14:45.0541 4520 wscsvc - ok
17:14:45.0543 4520 WSearch - ok
17:14:45.0609 4520 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:14:45.0661 4520 wuauserv - ok
17:14:45.0669 4520 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:14:45.0693 4520 WudfPf - ok
17:14:45.0712 4520 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:14:45.0737 4520 WUDFRd - ok
17:14:45.0757 4520 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:14:45.0783 4520 wudfsvc - ok
17:14:45.0795 4520 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:14:45.0812 4520 WwanSvc - ok
17:14:45.0816 4520 ================ Scan global ===============================
17:14:45.0852 4520 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:14:45.0868 4520 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
17:14:45.0875 4520 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
17:14:45.0895 4520 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:14:45.0912 4520 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:14:45.0916 4520 [Global] - ok
17:14:45.0916 4520 ================ Scan MBR ==================================
17:14:45.0935 4520 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:14:46.0053 4520 \Device\Harddisk0\DR0 - ok
17:14:46.0058 4520 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
17:14:46.0310 4520 \Device\Harddisk1\DR1 - ok
17:14:46.0315 4520 [ 8464D19686910A2E5D0E5C28C70A95AB ] \Device\Harddisk2\DR2
17:14:46.0400 4520 \Device\Harddisk2\DR2 - ok
17:14:46.0403 4520 ================ Scan VBR ==================================
17:14:46.0404 4520 [ D10D99A3BD259B92F2DAEEDCF42ED9B3 ] \Device\Harddisk0\DR0\Partition1
17:14:46.0407 4520 \Device\Harddisk0\DR0\Partition1 - ok
17:14:46.0410 4520 [ AB0A76689B3258D254B10C096A65350D ] \Device\Harddisk1\DR1\Partition1
17:14:46.0414 4520 \Device\Harddisk1\DR1\Partition1 - ok
17:14:46.0441 4520 [ C732F59BCB4FAD5F22B9A629F938B7BA ] \Device\Harddisk1\DR1\Partition2
17:14:46.0444 4520 \Device\Harddisk1\DR1\Partition2 - ok
17:14:46.0458 4520 [ 4E9CD813D2B548897B62CAD6CB27E6B5 ] \Device\Harddisk1\DR1\Partition3
17:14:46.0461 4520 \Device\Harddisk1\DR1\Partition3 - ok
17:14:46.0467 4520 [ 48697B127238F56B6ECEA918B4B2D215 ] \Device\Harddisk2\DR2\Partition1
17:14:46.0470 4520 \Device\Harddisk2\DR2\Partition1 - ok
17:14:46.0470 4520 ============================================================
17:14:46.0470 4520 Scan finished
17:14:46.0470 4520 ============================================================
17:14:46.0485 5732 Detected object count: 7
17:14:46.0485 5732 Actual detected object count: 7
17:14:48.0390 5732 adusbser ( UnsignedFile.Multi.Generic ) - skipped by user
17:14:48.0390 5732 adusbser ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:14:48.0390 5732 Apache2.4 ( UnsignedFile.Multi.Generic ) - skipped by user
17:14:48.0391 5732 Apache2.4 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:14:48.0392 5732 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
17:14:48.0392 5732 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:14:48.0394 5732 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:14:48.0394 5732 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:14:48.0394 5732 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
17:14:48.0394 5732 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:14:48.0397 5732 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
17:14:48.0397 5732 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:14:48.0398 5732 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
17:14:48.0398 5732 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#6
Essexboy
Posted 28 October 2012 - 10:16 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now check for redirects please and if they occur let me know which browser it is in
  • 0

#7
Kristina
Posted 28 October 2012 - 10:29 AM

Kristina

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts
There don't seem to be anymore hijacks now as far as I've checked several sites. Still the pages load slow at times, other times they load normally.
  • 0

#8
Essexboy
Posted 28 October 2012 - 10:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now clear the caches and see if that speeds it up a bit.. After this could you let me know of any remaining problems

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

  • 0

#9
Kristina
Posted 29 October 2012 - 10:30 AM

Kristina

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts
I cleared the cache and checked today how the surfing is going. Generally the Internet works ok (especially the sites I access more frequently), still at times sites load slowly. Also noticed I keep getting some cookies/spyware, though I ran the antispyware yesterday and today. However, there's no more hijacking going on! :thumbsup:
  • 0

#10
Essexboy
Posted 29 October 2012 - 12:12 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
To be honest cookies are not the problem they are made out to be, you can set IE9 to empty all of that when you close the browser
Go to Control Panel > Internet Options > Advanced Tab
Under Security select "Empty Internet Folders on Closing"


Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

Advertisements

#11
Kristina
Posted 29 October 2012 - 02:15 PM

Kristina

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts
I have just run OTL, and while it was running the PC restarted by itself and it said "windows failed to start" and I launched into recovery mode. It ran Startup Repair once, then again it said windows failed to start and recommended system restore, so I chose "system restore" and after this the PC started normally...

Is there something more wrong?

I'm taking care of the suggestions (Java and Windows update, Malware bytes). Filehippo updater seems a very handy tool!


Edit: I also noticed in the past hours pages sometimes don't load by themselves (it's just a blank page that keeps loading), I need to press the reload button and after that they load normally.

Edited by Kristina, 29 October 2012 - 02:26 PM.

  • 0

#12
Essexboy
Posted 29 October 2012 - 02:27 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It was probably a one off, but let me know if it happens again
  • 0

#13
Kristina
Posted 29 October 2012 - 02:44 PM

Kristina

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts
I ran OTL again, this time it ran to the end at I received the following log:

All processes killed
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!

[EMPTYTEMP]

User: Adina
->Temp folder emptied: 91183920 bytes
->Temporary Internet Files folder emptied: 108889 bytes
->Java cache emptied: 1874 bytes
->FireFox cache emptied: 9803265 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 643 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 895464 bytes

Total Files Cleaned = 97,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10292012_223554

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...





I also remembered about another problem I've been having for 1-2 months. When I open my emails from the Yahoo messenger email button, most oftenly the email page opens together with the following pop-up window:

"You have chosen to open
st
which is a: application/octet-stream
from: http:ad.yieldmanager.com

What should Firefox do with the file?"

I always press cancel and go to my mail... This ad.yieldmanager keeps appearing whenever I run Superantispyware.

What can I do about this error/spyware?
  • 0

#14
Kristina
Posted 29 October 2012 - 04:08 PM

Kristina

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 319 posts
The need to refresh the pages for them to load correctly is getting worse...:(

I updated lots of programs with the update checker (I had 16 updates!). I'd like to know what are the Beta updates, should I install them? I think they are newer updates not largely tested?
  • 0

#15
Essexboy
Posted 29 October 2012 - 04:37 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Aye you do not want any beta updates.. Leave them to the nutters like me

Many public sites such as Yahoo! and the Yahoo! Instant Messenger (YIM) utilise ad.yieldmanager which can be effectively blocked using an ad-blocker or the NoScript add-on in FireFox, but once the cookie is installed it keeps returning even after being removed (by eg SuperAntiSpyware) and being blocked in the browser because use of YIM ensures the cookie returns to spy on your every move.

To cure this add noscript to your Firefox

Is the refresh problem in Firefox only or does it occur in IE as well ?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP