Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My PC goes to 100% cpu usage randomly


  • Please log in to reply

#1
briannzys

briannzys

    New Member

  • Member
  • Pip
  • 6 posts
I've had this problem for months now, but i was too lazy to ask for help or search for help because it didn't really bother me. But it really does now. Basically when i'm playing any games my CPU usage goes up to 100% and sometimes it goes without even me playing any games. It's completely random. It's been happening ever since i installed Windows 7 on my computer. I didn't install an antivirus when i installed Windows 7. I installed it in the next couple of days because i downloaded only stuff that was free of viruses (or so i thought, maybe it's malware). And these days it really bothered me. So here i am, asking for help. Also i have Avira Antivirus 2011. And there are no viruses whatsoever when i scanned my system completely. I haven't defragmented my computer yet though. Oh and the fans are completely normal. They don't make loud noises. Basically everything is fine except for my CPU usage, which goes to 100% randomly. Oh and don't mind the free ram memory, i had a lot of tabs and Bully: Scholarship Edition open.

OTL logfile created on: 16.01.2013 20:14:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kiko\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000042f | Country: Македонија | Language: MKI | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,15 Gb Available Physical Memory | 7,38% Memory free
5,86 Gb Paging File | 0,56 Gb Available in Paging File | 9,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,20 Gb Total Space | 3,17 Gb Free Space | 10,85% Space Free | Partition Type: NTFS
Drive D: | 86,91 Gb Total Space | 12,51 Gb Free Space | 14,40% Space Free | Partition Type: NTFS
Drive E: | 87,37 Gb Total Space | 31,18 Gb Free Space | 35,69% Space Free | Partition Type: NTFS
Drive F: | 29,29 Gb Total Space | 2,63 Gb Free Space | 8,99% Space Free | Partition Type: NTFS
Drive K: | 3,73 Gb Total Space | 3,73 Gb Free Space | 100,00% Space Free | Partition Type: FAT32

Computer Name: KIKOS-PC | User Name: kiko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.01.15 23:35:38 | 000,541,608 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2012.11.30 18:40:45 | 001,354,736 | ---- | M] (Valve Corporation) -- E:\Steam\Steam.exe
PRC - [2012.11.29 14:50:25 | 003,463,080 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.11.07 00:43:20 | 000,312,168 | ---- | M] (Skillbrains) -- C:\Users\kiko\AppData\Local\Skillbrains\lightshot\3.2.0.0\LightShot.exe
PRC - [2012.10.23 17:48:35 | 000,578,611 | ---- | M] () -- C:\Program Files\Droid Explorer\SDK\tools\adb.exe
PRC - [2012.10.05 23:15:39 | 000,077,824 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2012.10.05 23:15:39 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
PRC - [2012.10.02 23:20:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.07.23 16:18:44 | 000,387,224 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files\BlueStacks\HD-FileSystem.exe
PRC - [2012.07.23 16:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe
PRC - [2012.07.23 16:18:24 | 000,387,224 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files\BlueStacks\HD-BlockDevice.exe
PRC - [2012.07.23 16:18:22 | 000,387,224 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files\BlueStacks\HD-Network.exe
PRC - [2012.07.23 16:18:16 | 000,395,416 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files\BlueStacks\HD-Service.exe
PRC - [2012.06.11 01:27:26 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.06.11 01:27:25 | 000,567,464 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.06.11 01:27:25 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.06.11 01:27:25 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.06.11 01:27:25 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.17 12:03:06 | 000,254,464 | ---- | M] (Ryan Conrad) -- C:\Program Files\Droid Explorer\DroidExplorer.Service.exe
PRC - [2011.01.26 15:09:48 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 20:09:40 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.22 21:23:40 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.11.22 21:03:20 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009.01.26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.12.10 11:12:52 | 008,204,288 | ---- | M] () -- E:\Rockstar Games\Bully Scholarship Edition\Bully.exe


========== Modules (No Company Name) ==========

MOD - [2013.01.15 23:36:09 | 000,647,168 | ---- | M] () -- E:\Steam\sdl.dll
MOD - [2013.01.15 23:35:36 | 020,320,240 | ---- | M] () -- E:\Steam\bin\libcef.dll
MOD - [2013.01.15 23:35:31 | 000,969,640 | ---- | M] () -- E:\Steam\bin\chromehtml.dll
MOD - [2013.01.15 23:35:29 | 000,124,416 | ---- | M] () -- E:\Steam\bin\avutil-51.dll
MOD - [2013.01.15 23:35:27 | 000,192,000 | ---- | M] () -- E:\Steam\bin\avformat-53.dll
MOD - [2013.01.15 23:35:25 | 001,100,800 | ---- | M] () -- E:\Steam\bin\avcodec-53.dll
MOD - [2013.01.09 00:43:43 | 014,586,888 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2013.01.08 01:06:22 | 000,460,392 | ---- | M] () -- C:\Users\kiko\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.08 01:06:21 | 012,459,624 | ---- | M] () -- C:\Users\kiko\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
MOD - [2013.01.08 01:06:19 | 004,012,648 | ---- | M] () -- C:\Users\kiko\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
MOD - [2013.01.08 01:05:29 | 000,598,120 | ---- | M] () -- C:\Users\kiko\AppData\Local\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
MOD - [2013.01.08 01:05:28 | 000,124,520 | ---- | M] () -- C:\Users\kiko\AppData\Local\Google\Chrome\Application\24.0.1312.52\libegl.dll
MOD - [2013.01.08 01:05:25 | 001,553,000 | ---- | M] () -- C:\Users\kiko\AppData\Local\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll
MOD - [2012.10.09 19:17:36 | 000,357,376 | ---- | M] () -- C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.5_0\plugin\screen_capture.dll
MOD - [2010.03.14 19:00:00 | 003,565,056 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2008.12.10 11:12:52 | 008,204,288 | ---- | M] () -- E:\Rockstar Games\Bully Scholarship Edition\Bully.exe


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013.01.15 23:35:38 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.01.09 00:43:45 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.29 14:50:25 | 003,463,080 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.05 23:15:39 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2012.10.02 23:20:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.07.23 16:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012.07.23 16:18:16 | 000,395,416 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012.06.11 01:27:26 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.06.11 01:27:25 | 000,567,464 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.06.11 01:27:25 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.06.11 01:27:25 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.06.11 01:27:25 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.06.01 16:39:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.13 17:17:38 | 000,237,272 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.271\McCHSvc.exe -- (McComponentHostService)
SRV - [2011.05.17 12:03:06 | 000,254,464 | ---- | M] (Ryan Conrad) [Auto | Running] -- C:\Program Files\Droid Explorer\DroidExplorer.Service.exe -- (DroidExplorerService)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - [2012.11.17 13:39:30 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.10.02 23:20:00 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.07.23 16:18:34 | 000,064,664 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys -- (BstHdDrv)
DRV - [2012.06.11 01:27:26 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.06.11 01:27:26 | 000,106,904 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2012.06.11 01:27:26 | 000,082,952 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2012.06.11 01:27:26 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.06.06 23:33:21 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010.06.17 13:23:04 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.22 21:00:57 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.11.22 20:37:42 | 000,293,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009.11.22 20:37:42 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009.11.22 20:37:42 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009.11.22 20:37:42 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = mk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 15 1D F0 0E EA CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {B3834E60-12A8-11E0-A289-939FDFD72085}:2.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\kiko\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\kiko\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\kiko\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.06 20:02:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.24 22:03:42 | 000,000,000 | ---D | M]

[2012.06.07 19:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kiko\AppData\Roaming\mozilla\Extensions
[2012.12.06 21:11:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kiko\AppData\Roaming\mozilla\Firefox\Profiles\s70ipxie.default\extensions
[2012.06.22 22:30:05 | 000,000,000 | ---D | M] (Search Assistant) -- C:\Users\kiko\AppData\Roaming\mozilla\Firefox\Profiles\s70ipxie.default\extensions\{B3834E60-12A8-11E0-A289-939FDFD72085}
[2012.12.06 21:11:26 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\kiko\AppData\Roaming\mozilla\firefox\profiles\s70ipxie.default\extensions\[email protected]
[2012.06.06 20:02:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.06.01 16:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.01 16:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.01 16:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\kiko\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\kiko\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\kiko\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\kiko\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Ultimate YouTube Downloader = C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkpkealncpcbfklpgnggcgjjdkbljop\1.0.1.5_0\
CHR - Extension: Screen Capture (by Google) = C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.5_0\
CHR - Extension: eRepublik Advanced = C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebeenikkcpgaekfgbnflbaaihalfifkk\4.1.0.0_1\
CHR - Extension: eRepublik Mercenary Achievement = C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpoihipbfboabnmehaembpncngekkjol\1.2_0\
CHR - Extension: RW.info Autosupport = C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobjficlddlkoldlhbakaafapjffcjll\0.1_0\
CHR - Extension: eRepublik warning link remover = C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleonoamaepndbbbbpgbiifbdbenogoo\1.0_0\
CHR - Extension: eRepublik Hide Energy Bar = C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjangafmejllondkhlnpcopkhjmkgeoi\0.0.5_0\
CHR - Extension: 3D Parking = C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\npgjnhabcgahcfdembgboapbefikbmld\1.0_0\
CHR - Extension: Troll Emoticons = C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedlgpcekbimemkepdmagemjhnnhajl\5.1_0\
CHR - Extension: Auto Refresh Plus = C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\1.8.9.18_0\
CHR - Extension: Google Reader = C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\kiko\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [LightShot] C:\Users\kiko\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\kiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LightShot .lnk = C:\Users\kiko\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O4 - Startup: C:\Users\kiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Steam.lnk = E:\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34FCFC5F-3863-4CE2-962D-8812FAAD6469}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.05.20 00:01:59 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012.05.20 00:02:00 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012.05.20 00:02:00 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.01.16 16:29:54 | 000,000,000 | ---D | C] -- C:\Users\kiko\Documents\Bully Scholarship Edition
[2013.01.13 02:15:04 | 000,000,000 | ---D | C] -- C:\Users\kiko\AppData\Roaming\Teeworlds
[2013.01.10 02:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2013.01.09 23:14:34 | 000,000,000 | ---D | C] -- C:\Users\kiko\AppData\Roaming\.minecraft
[2013.01.09 22:34:23 | 000,000,000 | ---D | C] -- C:\Users\kiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossfire Europe
[2013.01.07 04:20:33 | 000,000,000 | ---D | C] -- C:\Users\kiko\AppData\Local\{13666C2C-6D9B-491F-BD01-5A9129E51ED9}
[2013.01.02 22:05:54 | 000,000,000 | ---D | C] -- C:\Users\kiko\Documents\SimCity 4
[2013.01.01 23:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArtMoney SE
[2013.01.01 23:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\ArtMoney
[2012.12.30 17:46:59 | 000,000,000 | ---D | C] -- C:\CFLog
[2012.12.30 15:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe
[2012.12.26 22:43:56 | 000,000,000 | ---D | C] -- C:\Users\kiko\Documents\EA Games
[2012.12.26 22:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2012.12.25 00:07:10 | 000,000,000 | ---D | C] -- C:\Users\kiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.12.25 00:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.12.25 00:07:06 | 000,000,000 | ---D | C] -- C:\Users\kiko\AppData\Roaming\Notepad++
[2012.12.25 00:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2012.12.25 00:05:12 | 000,000,000 | ---D | C] -- C:\Users\kiko\AppData\Local\{335D3F8C-60B9-4D24-9853-0A3C7E0EB050}
[2012.12.24 22:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.12.24 22:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012.12.24 22:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012.12.24 22:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.12.24 22:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012.12.24 22:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012.12.24 21:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.12.24 21:58:26 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.12.23 02:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012.12.22 17:04:48 | 000,000,000 | ---D | C] -- C:\Users\kiko\AppData\Roaming\fltk.org
[2012.12.22 17:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\fltk.org
[2012.12.22 09:40:11 | 000,000,000 | ---D | C] -- C:\Users\kiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012.12.17 21:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
[2012.12.17 21:41:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012.12.17 21:40:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Pure Networks
[2 C:\Users\kiko\Documents\*.tmp files -> C:\Users\kiko\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.01.16 19:51:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.16 19:43:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.16 19:36:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1677309522-372048533-4060804009-1001UA.job
[2013.01.16 19:27:02 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2013.01.16 17:28:06 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1677309522-372048533-4060804009-1001UA.job
[2013.01.16 16:51:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-1677309522-372048533-4060804009-1001.job
[2013.01.16 15:27:20 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 15:27:20 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 15:19:38 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.16 15:19:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.16 15:19:19 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.10 14:28:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1677309522-372048533-4060804009-1001Core.job
[2013.01.01 23:09:37 | 000,000,970 | ---- | M] () -- C:\Users\kiko\Application Data\Microsoft\Internet Explorer\Quick Launch\ArtMoney SE.lnk
[2012.12.31 11:36:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1677309522-372048533-4060804009-1001Core.job
[2012.12.31 02:23:59 | 000,607,530 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.31 02:23:59 | 000,103,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.25 00:07:10 | 000,001,021 | ---- | M] () -- C:\Users\kiko\Desktop\Notepad++.lnk
[2012.12.24 22:11:53 | 003,766,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.18 21:46:40 | 000,001,060 | ---- | M] () -- C:\Users\kiko\Desktop\TeamViewer 8.lnk
[2 C:\Users\kiko\Documents\*.tmp files -> C:\Users\kiko\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.01 23:09:37 | 000,000,970 | ---- | C] () -- C:\Users\kiko\Application Data\Microsoft\Internet Explorer\Quick Launch\ArtMoney SE.lnk
[2012.12.25 00:07:10 | 000,001,021 | ---- | C] () -- C:\Users\kiko\Desktop\Notepad++.lnk
[2012.12.18 21:46:40 | 000,001,060 | ---- | C] () -- C:\Users\kiko\Desktop\TeamViewer 8.lnk
[2012.12.18 21:40:48 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2012.11.01 19:59:13 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.11.01 19:59:13 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012.11.01 19:59:10 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.11.01 19:59:10 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.11.01 19:59:08 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.10.28 01:38:13 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.10.12 18:14:30 | 000,057,345 | RHS- | C] () -- C:\Users\kiko\AppData\Roaming\svchost.exe
[2012.10.12 18:14:30 | 000,057,345 | RHS- | C] () -- C:\Users\kiko\AppData\Roaming\rundll32.exe
[2012.10.08 19:43:54 | 000,000,173 | ---- | C] () -- C:\Users\kiko\AppData\Local\msmathematics.qat.kiko
[2012.10.05 23:16:00 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe
[2012.10.05 23:16:00 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2012.06.08 18:04:18 | 000,001,006 | ---- | C] () -- C:\Users\kiko\AppData\Local\UserProducts.xml
[2012.06.06 23:33:21 | 000,006,504 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.12.16 16:34:44 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.01.09 23:19:06 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\.minecraft
[2012.06.21 01:57:33 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\DAEMON Tools Lite
[2012.07.30 00:01:44 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\dingogames
[2012.12.22 17:04:48 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\fltk.org
[2012.09.27 14:44:33 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\gd.sos.McPixel
[2012.06.07 10:43:26 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Kalypso Media
[2012.07.31 18:59:56 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Mp3tag
[2012.06.09 14:55:49 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Need for Speed World
[2012.12.25 00:11:01 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Notepad++
[2012.06.06 20:00:43 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Opera
[2012.08.20 01:40:19 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Publish Providers
[2012.07.29 20:32:08 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Rovio
[2012.08.20 01:33:05 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Sony
[2012.10.12 18:14:29 | 000,000,000 | RHSD | M] -- C:\Users\kiko\AppData\Roaming\System32
[2012.11.25 20:04:08 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\SystemRequirementsLab
[2012.06.20 18:46:11 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\TeamViewer
[2013.01.13 02:24:32 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Teeworlds
[2012.06.18 23:53:01 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\TinyAndBigUpThatMountain
[2012.07.21 17:03:03 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Tropico 4
[2013.01.14 23:49:51 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\TS3Client
[2013.01.16 05:05:55 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\uTorrent
[2012.11.10 00:49:32 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\VideoCodec
[2012.07.21 19:39:31 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 16.01.2013 20:14:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kiko\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000042f | Country: Македонија | Language: MKI | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,15 Gb Available Physical Memory | 7,38% Memory free
5,86 Gb Paging File | 0,56 Gb Available in Paging File | 9,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,20 Gb Total Space | 3,17 Gb Free Space | 10,85% Space Free | Partition Type: NTFS
Drive D: | 86,91 Gb Total Space | 12,51 Gb Free Space | 14,40% Space Free | Partition Type: NTFS
Drive E: | 87,37 Gb Total Space | 31,18 Gb Free Space | 35,69% Space Free | Partition Type: NTFS
Drive F: | 29,29 Gb Total Space | 2,63 Gb Free Space | 8,99% Space Free | Partition Type: NTFS
Drive K: | 3,73 Gb Total Space | 3,73 Gb Free Space | 100,00% Space Free | Partition Type: FAT32

Computer Name: KIKOS-PC | User Name: kiko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- D:\ORGANIZIRANO\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E515DE-ED56-4AFC-99F7-AFBA282F9A26}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{10F18CE0-F8CC-4D37-9763-4F28DBD2A75E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A0F84CC-7D1D-48E3-AA39-2737893E9D6D}" = rport=139 | protocol=6 | dir=out | app=system |
"{2329F6F9-07F0-4273-AEE5-3E067FD146BB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{39436265-9E8F-4911-8F42-5913BB051C71}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{630A92E9-0160-47AA-9D15-1A7FA113FC16}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6491D76B-6881-42C9-A987-E0B6809CD5D5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{73975CA1-E5E4-436F-8574-E86DD55990C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{75D24830-AB92-46A4-84B9-104307559AA4}" = rport=138 | protocol=17 | dir=out | app=system |
"{7619FD64-51C1-4BB7-910D-17356CFA5AA6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D88145A-0BD2-4372-8B59-3F845D410696}" = rport=137 | protocol=17 | dir=out | app=system |
"{81C1843B-56A2-48F2-858D-E55002349CAA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{98222DED-B6F9-45D3-9012-A645A13D2616}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{98F968C5-1B6C-466D-B192-46AEB38644A5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{991CF402-CAD2-406C-8894-514354AC2F70}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9AB0AFC2-912F-41BD-B07B-2D29D295FE51}" = lport=139 | protocol=6 | dir=in | app=system |
"{A5E0918D-6942-406F-9063-93E4DA9F540A}" = lport=137 | protocol=17 | dir=in | app=system |
"{AA29CEFE-8497-47A1-98CC-97B63B462747}" = lport=138 | protocol=17 | dir=in | app=system |
"{AD16284F-05E2-446F-950F-70231F0EA447}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AD1E92F2-032E-4CC7-AA7D-8E9C316E1634}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B9D11229-F8CF-4B2A-9B27-1A2E880EF004}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E13A80E1-B5C8-4055-AA5A-C7F61794400D}" = rport=445 | protocol=6 | dir=out | app=system |
"{FA67D8BF-F972-43C5-B0AD-7E31943FD614}" = lport=445 | protocol=6 | dir=in | app=system |
"{FE57B384-3C11-400D-A640-A1A575A600BF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A350B1F-A535-4573-B6F6-A942D0F192DE}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{0FB09E3D-BB88-4367-9457-21F2B96D5B04}" = protocol=6 | dir=in | app=e:\steam\steam.exe |
"{13028083-BCF1-4B2B-AA5C-76D38F26FF43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13611764-F0DE-471B-873C-913F6923744C}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{1EE3F42E-CBC4-4214-83AD-93C15BB0BDF9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3C31D9F2-5C52-4BD0-A051-FDA072A9CC5D}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{3C5BD0D4-F87C-44DC-9DC4-1E3B41F393E7}" = protocol=58 | dir=in | [email protected],-28545 |
"{3F770BA9-E30A-4AE0-88C5-438DFBFF4DE1}" = dir=in | app=c:\users\kiko\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{42D8F8B7-A32B-4A67-AD38-4DD260CEB279}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4334AC82-2C2F-445F-BD5E-E1625405C74F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4CD9FEA8-2AF6-4E2D-9DBF-54C2BCEEDCC0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{524C1874-6F36-4CBC-9E25-5FEF579DCE86}" = protocol=58 | dir=out | [email protected],-28546 |
"{61B4CC7D-2D00-4D23-AAD3-B59ED591B233}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{6F698AFD-8F7A-4C20-9AA5-FEF31518140A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{765F61CB-F623-43E7-96CC-1D144A522BC0}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{7D4DB5F2-CFC8-4A5C-82E3-81109BD3D791}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{7F38C770-4BD0-475A-A92E-17F6796D3D7A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{82F2E054-EFD0-4664-A68A-09EA41A64E25}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{8414BCB5-3D9C-414E-AD78-9110425E3E80}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8980B8CE-CAC0-45C5-898A-F7CB91908FB5}" = protocol=1 | dir=out | [email protected],-28544 |
"{8BEA777E-4A83-461B-8E68-695EAE57A57E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{915D1766-5EC6-4A58-AADA-DA0D00937FCF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{91E40A7A-53B3-4CEC-836B-33CFA71CBAE2}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{92060705-9FE8-4488-B098-54E08F78A524}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C7BAD13-A9CE-42E7-85FB-D46A363D5A23}" = protocol=6 | dir=out | app=system |
"{9FD57758-488B-4BB0-96CE-544A629343E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0112EAE-E516-42B5-9E31-C1EC2E3BF329}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A05107D1-8E7D-4343-8104-7C226C65C974}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A12F0FC3-89C2-4E90-A53F-0530C8C82FCA}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{A45DC5AD-52E6-4291-8A26-569A33BA240C}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{A7CE7E40-67DE-4342-AF2A-80C9F526119B}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{AA5028BA-0315-4F83-85DF-CEE8C9176DFB}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{AFE68730-5B1D-4A90-AE28-B1D9A86A3FB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3F96C91-9ED3-4680-954E-830C5582D851}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{B570E555-97C3-4B9B-934B-37ABC13BF9DD}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B8FE64FD-E3EB-4B53-A030-68912B496E51}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C5B4228E-B2EC-4828-927A-493840F0CE6F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D7325592-4B75-4F08-BE7D-E4C23DBD4B31}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{D75C95E7-C626-4D86-9104-4A17320AA6C8}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{D9047AD4-E420-46CB-AFB4-FFB471481BB7}" = protocol=1 | dir=in | [email protected],-28543 |
"{E09CB7B1-AE37-4EE8-A8D9-3696CF18CF1F}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{E8736588-C00D-41CF-9190-6C6EEF78DC1F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E8B783AB-035B-428F-BAAD-68998433C205}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EDF4F00C-FB0E-478F-811B-8C4BD1A39608}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{EF60B7B9-036A-4424-A1AD-3914FA27992C}" = protocol=17 | dir=in | app=e:\steam\steam.exe |
"{F047166E-5ADD-499A-B427-0956A4D03E93}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2FE1257-F656-44C2-87A2-A5ADA85AC4F4}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{F6BB390C-D226-4715-ADA5-9A3ACF94DFCD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FC124634-BA54-4366-B492-2EA631D8FEE1}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"TCP Query User{33D0C9D6-E9DF-4A45-857A-6B2514E635DE}D:\u torent downloads\nfs world\data\nfsw.exe" = protocol=6 | dir=in | app=d:\u torent downloads\nfs world\data\nfsw.exe |
"UDP Query User{F19C7578-0FDC-411D-A8BD-5DD1E4F1A213}D:\u torent downloads\nfs world\data\nfsw.exe" = protocol=17 | dir=in | app=d:\u torent downloads\nfs world\data\nfsw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C976EC5-842F-4313-B2AB-EDDBCCD3A222}" = System Requirements Lab
"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = lightshot-3.2.0.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}" = Vegas Pro 11.0
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A407FC22-36BF-4C82-A516-59D94BC505A9}" = System Requirements Lab Detection
"{A724605D-B399-4304-B8C7-33B3EF7D4677}" = Bully Scholarship Edition
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7646-000000000001}" = Adobe Reader 6.0
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D62576C2-C084-4698-974A-5BE77714FDDD}" = System Requirements Lab Test
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ECD9B590-821B-4618-99E5-01830BC8F076}" = BlueStacks
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22E395E-F463-4F0A-8946-4D91914BD46D}" = Droid Explorer 0.8.8.2 (x86)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AMCap" = AMCap
"Android SDK Tools" = Android SDK Tools
"ArtMoney SE_is1" = ArtMoney SE v7.40.2
"Avira AntiVir Desktop" = Avira Premium Security Suite
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crossfire Europe" = Crossfire Europe
"DAEMON Tools Lite" = DAEMON Tools Lite
"DX-Ball 1.09" = DX-Ball 1.09
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{A724605D-B399-4304-B8C7-33B3EF7D4677}" = Bully Scholarship Edition
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full)
"McAfee Security Scan" = McAfee Security Scan Plus
"McPixel_is1" = McPixel version 1.0.4
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Notepad++" = Notepad++
"Opera 12.11.1661" = Opera 12.11
"RADVideo" = RAD Video Tools
"Scribblenauts Unlimited_is1" = Scribblenauts Unlimited
"Steam App 17410" = Mirror's Edge
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 92" = Codename Gordon
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 8" = TeamViewer 8
"Tiny and Big - Up that Mountain" = Tiny & Big - Up that Mountain (remove only)
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12.01.2013 11:44:06 | Computer Name = kikos-pc | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "e:\crossfire europe\Aegis64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12.01.2013 11:46:31 | Computer Name = kikos-pc | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 13.01.2013 14:59:37 | Computer Name = kikos-pc | Source = Application Error | ID = 1000
Description = Име на неисправната апликација: gta_sa.exe, верзија: 0.0.0.0, временски
печат: 0x427101ca Име на неисправниот модул: samp.dll_unloaded, верзија: 0.0.0.0,
временски печат: 0x4fa398af Код на исклучок: 0xc0000005 Неисправен офсет: 0x034a146d
ИД
на неисправен процес: 0x16d8 Почетно време на неисправната апликација: 0x01cdf1c01e5675d0
Патека
на неисправната апликација: E:\Rockstar Games\GTA San Andreas\gta_sa.exe Патека
на неисправниот модул: samp.dll Ид на извештајот: 600bc750-5db3-11e2-ae83-00259cee4f56

Error - 14.01.2013 09:46:15 | Computer Name = kikos-pc | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.ApplicationException: Helper process
exited before signaling ready at BlueStacks.hyperDroid.Service.Service.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 15.01.2013 10:22:02 | Computer Name = kikos-pc | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.IO.IOException: The process cannot
access the file 'C:\ProgramData\BlueStacks\Logs\BlueStacks.log' because it is being
used by another process. at System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess
access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions
options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare
share) at BlueStacks.hyperDroid.Common.Logger.Open() at BlueStacks.hyperDroid.Common.Logger.Print(Int32
level, String tag, String fmt, Object[] args) at BlueStacks.hyperDroid.Common.Logger.Print(String
fmt, Object[] args) at BlueStacks.hyperDroid.Common.Logger.Print(String msg)
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)

Error - 15.01.2013 11:01:26 | Computer Name = kikos-pc | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "e:\crossfire europe\Aegis64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 15.01.2013 11:03:52 | Computer Name = kikos-pc | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 16.01.2013 00:04:33 | Computer Name = kikos-pc | Source = Application Error | ID = 1000
Description = Име на неисправната апликација: vidalia.exe, верзија: 0.2.21.0, временски
печат: 0x50ba3144 Име на неисправниот модул: QtCore4.dll, верзија: 4.8.1.0, временски
печат: 0x4f6c7688 Код на исклучок: 0xc0000005 Неисправен офсет: 0x00249020 ИД на неисправен
процес: 0x1740 Почетно време на неисправната апликација: 0x01cdf39e51d2eb20 Патека
на неисправната апликација: D:\ORGANIZIRANO\Tor Browser\App\vidalia.exe Патека на
неисправниот модул: D:\ORGANIZIRANO\Tor Browser\App\QtCore4.dll Ид на извештајот:
d53c9c40-5f91-11e2-b7a8-00259cee4f56

Error - 16.01.2013 11:13:12 | Computer Name = kikos-pc | Source = VSS | ID = 8194
Description =

Error - 16.01.2013 11:47:03 | Computer Name = kikos-pc | Source = Application Error | ID = 1000
Description = Име на неисправната апликација: Bully.exe, верзија: 0.0.0.0, временски
печат: 0x493fea7e Име на неисправниот модул: Bully.exe, верзија: 0.0.0.0, временски
печат: 0x493fea7e Код на исклучок: 0xc0000005 Неисправен офсет: 0x003476b6 ИД на неисправен
процес: 0x1a18 Почетно време на неисправната апликација: 0x01cdf4005f7ca510 Патека
на неисправната апликација: E:\Rockstar Games\Bully Scholarship Edition\Bully.exe
Патека
на неисправниот модул: E:\Rockstar Games\Bully Scholarship Edition\Bully.exe Ид
на извештајот: f8c03570-5ff3-11e2-ac63-00259cee4f56

[ Media Center Events ]
Error - 30.06.2012 14:22:32 | Computer Name = kikos-pc | Source = MCUpdate | ID = 0
Description = 20:22:32 - Failed to retrieve Directory (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 30.06.2012 15:23:30 | Computer Name = kikos-pc | Source = MCUpdate | ID = 0
Description = 21:23:30 - Error connecting to the internet. 21:23:30 - Unable
to contact server..

Error - 30.06.2012 16:23:36 | Computer Name = kikos-pc | Source = MCUpdate | ID = 0
Description = 22:23:36 - Error connecting to the internet. 22:23:36 - Unable
to contact server..

Error - 26.07.2012 07:54:40 | Computer Name = kikos-pc | Source = MCUpdate | ID = 0
Description = 13:54:35 - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

[ System Events ]
Error - 13.12.2012 17:52:23 | Computer Name = kikos-pc | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 14.12.2012 06:07:01 | Computer Name = kikos-pc | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the DroidExplorer
Service service to connect.

Error - 14.12.2012 06:07:01 | Computer Name = kikos-pc | Source = Service Control Manager | ID = 7000
Description = The DroidExplorer Service service failed to start due to the following
error: %%1053

Error - 14.12.2012 06:07:11 | Computer Name = kikos-pc | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry
contains further information.

Error - 14.12.2012 06:07:11 | Computer Name = kikos-pc | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry
contains further information.

Error - 14.12.2012 06:07:11 | Computer Name = kikos-pc | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry
contains further information.

Error - 14.12.2012 07:14:11 | Computer Name = kikos-pc | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:13:04 on ?14.?12.?2012 was unexpected.

Error - 14.12.2012 07:15:07 | Computer Name = kikos-pc | Source = Service Control Manager | ID = 7023
Description = The BlueStacks Android Service service terminated with the following
error: %%1064

Error - 14.12.2012 07:21:38 | Computer Name = kikos-pc | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:20:04 on ?14.?12.?2012 was unexpected.

Error - 14.12.2012 07:22:39 | Computer Name = kikos-pc | Source = Service Control Manager | ID = 7023
Description = The BlueStacks Android Service service terminated with the following
error: %%1064


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Uninstall
McAfee Security Scan Plus
µTorrent
Adobe Reader 6.0
Java™ 7 Update 4
JavaFX 2.1.0

1. Open Avira AntiVir Personal. (There is likely an icon on your desktop, or in your system tray by the clock.)
2. Click the "Configuration" link on the main screen. This opens the configuration panel.
3. Check the "Expert mode" option.
4. Click on General > Security.
5. *Uncheck* the option titled "Protect files and registry entries from manipulation".
6. Click the "OK" button.
7. Reboot your computer.



Copy the text in the code box by highlighting and Ctrl + c

:OTL
O4 - HKCU..\Run: [AdobeBridge] File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found
[2012.10.12 18:14:30 | 000,057,345 | RHS- | C] () -- C:\Users\kiko\AppData\Roaming\svchost.exe
[2012.10.12 18:14:30 | 000,057,345 | RHS- | C] () -- C:\Users\kiko\AppData\Roaming\rundll32.exe
[2012.10.12 18:14:29 | 000,000,000 | RHSD | M] -- C:\Users\kiko\AppData\Roaming\System32



:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\01162013-some number.log so if you don't see then look there.



Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.


Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. I think it overwrite the old log each time so either post it and then run VEW for Applications or copy the log to a different location than C:\vew.txt.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron
  • 0

#3
briannzys

briannzys

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I've done half of the things, i'll do the rest tommorow. Please wait.

Edited by briannzys, 18 January 2013 - 12:00 PM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
No hurry. You can post the logs as you get them if you like.
  • 0

#5
briannzys

briannzys

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Okay, so here's the logs, if there's anything that needs to be explained i'll explain it on the way. Oh and prepare for a bunch of text.

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ not found.
File C:\Users\kiko\AppData\Roaming\svchost.exe not found.
File C:\Users\kiko\AppData\Roaming\rundll32.exe not found.
Folder C:\Users\kiko\AppData\Roaming\System32\ not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: kiko
->Flash cache emptied: 492 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: kiko
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01172013_193308


That log was made after the restart because it didn't give me the log, it just gave me a window to confirm to restart my computer. I clicked OK. It restarted and then i did the scan again. Afterwards it gave me the same window but i clicked the X and this log came up. Oh and i got the log after i got aswMBR's log.

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-17 19:06:04
-----------------------------
19:06:04.592 OS Version: Windows 6.1.7600
19:06:04.592 Number of processors: 2 586 0x6B02
19:06:04.593 ComputerName: KIKOS-PC UserName: kiko
19:06:05.272 Initialize success
19:06:21.940 AVAST engine defs: 13011700
19:07:32.098 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006a
19:07:32.102 Disk 0 Vendor: ExcelSto GM2O Size: 238475MB BusType: 3
19:07:32.121 Disk 0 MBR read successfully
19:07:32.124 Disk 0 MBR scan
19:07:32.159 Disk 0 Windows 7 default MBR code
19:07:32.173 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:07:32.206 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 29903 MB offset 206848
19:07:32.229 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 29996 MB offset 61448625
19:07:32.254 Disk 0 Partition - 00 0F Extended LBA 178464 MB offset 122881185
19:07:32.279 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 89000 MB offset 122881248
19:07:32.291 Disk 0 Partition - 00 05 Extended 89463 MB offset 305154675
19:07:32.316 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 89463 MB offset 305154738
19:07:32.371 Disk 0 scanning sectors +488376000
19:07:32.478 Disk 0 scanning C:\Windows\system32\drivers
19:08:01.154 Service scanning
19:08:44.739 Modules scanning
19:08:58.179 AVAST engine scan C:\Windows
19:09:01.234 AVAST engine scan C:\Windows\system32
19:13:50.755 AVAST engine scan C:\Windows\system32\drivers
19:14:14.445 AVAST engine scan C:\Users\kiko
19:27:23.778 AVAST engine scan C:\ProgramData
19:29:37.214 Scan finished successfully
19:31:46.465 Disk 0 MBR has been saved successfully to "C:\Users\kiko\Desktop\MBR.dat"
19:31:46.478 The log file has been saved successfully to "C:\Users\kiko\Desktop\aswMBR.txt"


For some reason i got a MBR.dat file too.

ComboFix 13-01-17.03 - kiko 17.01.2013 20:06:52.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1251.389.1033.18.2047.1057 [GMT 1:00]
Running from: c:\users\kiko\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: Avira FireWall *Enabled* {31341D0C-2EA1-6D37-1CC3-F0344A49C2CC}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\EPLog.txt
c:\cflog\Host.txt
c:\users\kiko\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
c:\users\kiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LightShot .lnk
c:\users\kiko\Documents\MOO6342.tmp
c:\users\kiko\Documents\MOOD5E5.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-12-17 to 2013-01-17 )))))))))))))))))))))))))))))))
.
.
2013-01-17 19:14 . 2013-01-17 19:20 -------- d-----w- c:\users\kiko\AppData\Local\temp
2013-01-17 19:14 . 2013-01-17 19:14 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-17 19:14 . 2013-01-17 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-17 17:34 . 2013-01-17 17:34 -------- d-----w- C:\_OTL
2013-01-16 15:36 . 2004-05-13 15:26 54784 ----a-w- c:\windows\system32\msvci70.dll
2013-01-13 01:15 . 2013-01-13 01:24 -------- d-----w- c:\users\kiko\AppData\Roaming\Teeworlds
2013-01-10 01:04 . 2013-01-10 01:07 -------- d-----w- c:\programdata\PopCap Games
2013-01-09 22:14 . 2013-01-09 22:19 -------- d-----w- c:\users\kiko\AppData\Roaming\.minecraft
2013-01-01 22:09 . 2013-01-01 22:09 -------- d-----w- c:\program files\ArtMoney
2012-12-26 21:32 . 2012-10-02 22:20 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-26 21:32 . 2012-10-02 22:20 7697768 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-26 21:32 . 2012-10-02 22:20 6127464 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-26 21:32 . 2012-10-02 22:20 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-26 21:32 . 2012-10-02 22:20 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-12-26 21:32 . 2012-10-02 22:20 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-26 21:32 . 2012-10-02 22:20 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
2012-12-26 21:32 . 2012-10-02 22:20 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-26 21:25 . 2013-01-10 13:09 -------- d-----w- c:\program files\Pando Networks
2012-12-24 23:07 . 2012-12-24 23:11 -------- d-----w- c:\users\kiko\AppData\Roaming\Notepad++
2012-12-24 23:07 . 2012-12-24 23:07 -------- d-----w- c:\program files\Notepad++
2012-12-24 21:06 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2012-12-24 21:06 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2012-12-24 21:03 . 2012-12-24 21:03 -------- d-----w- c:\program files\Microsoft Works
2012-12-24 21:02 . 2012-12-24 21:02 -------- d-----w- c:\program files\Microsoft.NET
2012-12-24 21:00 . 2012-12-24 21:00 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-12-24 20:58 . 2012-12-24 20:58 -------- d-----r- C:\MSOCache
2012-12-23 01:03 . 2012-12-23 01:04 71008 ----a-w- c:\windows\system32\PhysXLoader.dll
2012-12-23 01:01 . 2012-12-23 01:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-12-22 16:04 . 2012-12-22 16:04 -------- d-----w- c:\users\kiko\AppData\Roaming\fltk.org
2012-12-22 16:04 . 2012-12-22 16:04 -------- d-----w- c:\programdata\fltk.org
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 23:43 . 2012-06-07 18:56 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-08 23:43 . 2012-06-07 18:56 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-17 12:39 . 2012-11-17 12:39 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-23 16:34 . 2012-10-23 16:34 1867776 ----a-r- c:\users\kiko\AppData\Roaming\Microsoft\Installer\{F22E395E-F463-4F0A-8946-4D91914BD46D}\AppIcon.exe
2012-06-01 15:40 . 2012-06-06 19:02 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightShot"="c:\users\kiko\AppData\Local\Skillbrains\lightshot\LightShot.exe" [2012-11-06 226152]
"Facebook Update"="c:\users\kiko\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-29 138096]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-26 281768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
c:\users\kiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Steam.lnk - e:\steam\Steam.exe [2011-3-16 1354736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Skype.lnk - c:\program files\Skype\Phone\Skype.exe [2012-11-9 17877168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-08-20 21:21 116648 ----atw- c:\users\kiko\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightShot]
2012-11-06 23:43 226152 ----a-w- c:\users\kiko\AppData\Local\Skillbrains\lightshot\LightShot.exe
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 XDva401;XDva401;c:\windows\system32\XDva401.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [x]
S2 DroidExplorerService;DroidExplorer Service;c:\program files\Droid Explorer\DroidExplorer.Service.exe [x]
S2 KMService;KMService;c:\windows\system32\srvany.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 23:43]
.
2013-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1677309522-372048533-4060804009-1001Core.job
- c:\users\kiko\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-29 12:23]
.
2013-01-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1677309522-372048533-4060804009-1001UA.job
- c:\users\kiko\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-29 12:23]
.
2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-16 23:36]
.
2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-16 23:36]
.
2012-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1677309522-372048533-4060804009-1001Core.job
- c:\users\kiko\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-20 21:21]
.
2013-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1677309522-372048533-4060804009-1001UA.job
- c:\users\kiko\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-20 21:21]
.
2013-01-17 c:\windows\Tasks\update-S-1-5-21-1677309522-372048533-4060804009-1001.job
- c:\program files\Skillbrains\Updater\Updater.exe [2012-06-08 20:09]
.
2013-01-17 c:\windows\Tasks\update-sys.job
- c:\program files\Skillbrains\Updater\Updater.exe [2012-06-08 20:09]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\kiko\AppData\Roaming\Mozilla\Firefox\Profiles\s70ipxie.default\
FF - ExtSQL: 2012-12-06 21:11; [email protected]; c:\users\kiko\AppData\Roaming\Mozilla\Firefox\Profiles\s70ipxie.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
AddRemove-Android SDK Tools - c:\program files\Droid Explorer\SDK\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1677309522-372048533-4060804009-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1677309522-372048533-4060804009-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Droid Explorer\SDK\tools\adb.exe
c:\windows\system32\conhost.exe
c:\program files\Droid Explorer\SDK\tools\adb.exe
c:\windows\KMService.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Droid Explorer\SDK\tools\adb.exe
c:\windows\system32\conhost.exe
c:\program files\Droid Explorer\SDK\tools\adb.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Droid Explorer\SDK\tools\adb.exe
c:\windows\system32\conhost.exe
c:\program files\Droid Explorer\SDK\tools\adb.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\taskhost.exe
c:\program files\Droid Explorer\SDK\tools\adb.exe
c:\windows\system32\conhost.exe
c:\program files\Droid Explorer\SDK\tools\adb.exe
c:\program files\Droid Explorer\SDK\tools\adb.exe
c:\windows\system32\conhost.exe
c:\program files\Droid Explorer\SDK\tools\adb.exe
c:\program files\Droid Explorer\SDK\tools\adb.exe
c:\windows\system32\conhost.exe
c:\program files\Droid Explorer\SDK\tools\adb.exe
c:\program files\Avira\AntiVir Desktop\GUARDGUI.EXE
c:\program files\Droid Explorer\SDK\tools\adb.exe
c:\windows\system32\conhost.exe
c:\program files\Droid Explorer\SDK\tools\adb.exe
c:\program files\Droid Explorer\SDK\tools\adb.exe
c:\windows\system32\conhost.exe
c:\program files\Droid Explorer\SDK\tools\adb.exe
.
**************************************************************************
.
Completion time: 2013-01-17 21:10:36 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-17 20:10
.
Pre-Run: 5.365.284.864 bytes free
Post-Run: 8.469.741.568 bytes free
.
- - End Of File - - 51DD2D55E1EB9A5CC7CBDA7E035FC282


ComboFix was quite fine but the annoying thing was that Avira wanted to delete some file, which i didn't allow it to do.

16:59:12.0039 4800 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:59:14.0088 4800 ============================================================
16:59:14.0088 4800 Current date / time: 2013/01/18 16:59:14.0088
16:59:14.0088 4800 SystemInfo:
16:59:14.0088 4800
16:59:14.0088 4800 OS Version: 6.1.7600 ServicePack: 0.0
16:59:14.0088 4800 Product type: Workstation
16:59:14.0088 4800 ComputerName: KIKOS-PC
16:59:14.0097 4800 UserName: kiko
16:59:14.0097 4800 Windows directory: C:\Windows
16:59:14.0097 4800 System windows directory: C:\Windows
16:59:14.0097 4800 Processor architecture: Intel x86
16:59:14.0097 4800 Number of processors: 2
16:59:14.0097 4800 Page size: 0x1000
16:59:14.0097 4800 Boot type: Normal boot
16:59:14.0097 4800 ============================================================
16:59:16.0275 4800 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x1C042, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
16:59:16.0303 4800 Drive \Device\Harddisk1\DR1 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:59:16.0304 4800 ============================================================
16:59:16.0305 4800 \Device\Harddisk0\DR0:
16:59:16.0312 4800 MBR partitions:
16:59:16.0312 4800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:59:16.0312 4800 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A67800
16:59:16.0312 4800 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3A9A1B1, BlocksNum 0x3A962F0
16:59:16.0341 4800 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0xADD4593
16:59:16.0378 4800 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x12304AB2, BlocksNum 0xAEBBC0E
16:59:16.0378 4800 \Device\Harddisk1\DR1:
16:59:16.0379 4800 MBR partitions:
16:59:16.0379 4800 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x777FC1
16:59:16.0379 4800 ============================================================
16:59:16.0482 4800 C: <-> \Device\Harddisk0\DR0\Partition2
16:59:16.0533 4800 D: <-> \Device\Harddisk0\DR0\Partition4
16:59:16.0615 4800 E: <-> \Device\Harddisk0\DR0\Partition5
16:59:16.0677 4800 F: <-> \Device\Harddisk0\DR0\Partition3
16:59:16.0704 4800 ============================================================
16:59:16.0704 4800 Initialize success
16:59:16.0704 4800 ============================================================
17:00:50.0610 3544 ============================================================
17:00:50.0610 3544 Scan started
17:00:50.0610 3544 Mode: Manual; SigCheck; TDLFS;
17:00:50.0610 3544 ============================================================
17:00:51.0254 3544 ================ Scan system memory ========================
17:00:51.0254 3544 System memory - ok
17:00:51.0255 3544 ================ Scan services =============================
17:00:51.0367 3544 [ DC43C521A067CA9C6644C9ADA3D7E824 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
17:00:51.0501 3544 1394ohci - ok
17:00:51.0534 3544 [ 741EEE3B1E855D04256A0CB3F95511D7 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
17:00:51.0550 3544 ACPI - ok
17:00:51.0572 3544 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
17:00:51.0648 3544 AcpiPmi - ok
17:00:51.0713 3544 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:00:51.0727 3544 AdobeFlashPlayerUpdateSvc - ok
17:00:51.0780 3544 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:00:51.0807 3544 adp94xx - ok
17:00:51.0818 3544 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:00:51.0851 3544 adpahci - ok
17:00:51.0865 3544 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:00:51.0886 3544 adpu320 - ok
17:00:51.0914 3544 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:00:52.0003 3544 AeLookupSvc - ok
17:00:52.0034 3544 [ DDC040FDB01EF1712A6B13E52AFB104C ] AFD C:\Windows\system32\drivers\afd.sys
17:00:52.0113 3544 AFD - ok
17:00:52.0133 3544 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
17:00:52.0150 3544 agp440 - ok
17:00:52.0184 3544 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
17:00:52.0209 3544 aic78xx - ok
17:00:52.0237 3544 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
17:00:52.0283 3544 ALG - ok
17:00:52.0316 3544 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
17:00:52.0331 3544 aliide - ok
17:00:52.0343 3544 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
17:00:52.0361 3544 amdagp - ok
17:00:52.0373 3544 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
17:00:52.0388 3544 amdide - ok
17:00:52.0405 3544 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:00:52.0464 3544 AmdK8 - ok
17:00:52.0478 3544 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:00:52.0508 3544 AmdPPM - ok
17:00:52.0537 3544 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
17:00:52.0555 3544 amdsata - ok
17:00:52.0579 3544 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:00:52.0599 3544 amdsbs - ok
17:00:52.0614 3544 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
17:00:52.0638 3544 amdxata - ok
17:00:52.0713 3544 [ 50B8638D9B335B78DFDBD6BB2A0FFCC7 ] AntiVirFirewallService C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
17:00:52.0739 3544 AntiVirFirewallService - ok
17:00:52.0754 3544 [ 64F64BD9EBB0B2CDDDC4A14B0692CC6D ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
17:00:52.0768 3544 AntiVirMailService - ok
17:00:52.0793 3544 [ C6D49917FA843852075F7E4F7029C9D7 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:00:52.0802 3544 AntiVirSchedulerService - ok
17:00:52.0848 3544 [ EFD2BB1DA2F7E34AB46AE8C356CC1753 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:00:52.0861 3544 AntiVirService - ok
17:00:52.0884 3544 [ 7E1D585A3B478B561B414E841D1742D3 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
17:00:52.0898 3544 AntiVirWebService - ok
17:00:52.0927 3544 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
17:00:52.0994 3544 AppID - ok
17:00:53.0020 3544 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:00:53.0072 3544 AppIDSvc - ok
17:00:53.0092 3544 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
17:00:53.0131 3544 Appinfo - ok
17:00:53.0151 3544 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
17:00:53.0207 3544 AppMgmt - ok
17:00:53.0243 3544 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:00:53.0262 3544 arc - ok
17:00:53.0279 3544 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:00:53.0311 3544 arcsas - ok
17:00:53.0332 3544 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:00:53.0378 3544 AsyncMac - ok
17:00:53.0396 3544 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
17:00:53.0411 3544 atapi - ok
17:00:53.0448 3544 [ 481C4BF564B2322FCDCE343A782BF0A2 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:00:53.0509 3544 AudioEndpointBuilder - ok
17:00:53.0519 3544 [ 481C4BF564B2322FCDCE343A782BF0A2 ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:00:53.0537 3544 Audiosrv - ok
17:00:53.0576 3544 [ 32F20F013AC88F9B1D3194F7BBFF6324 ] avfwim C:\Windows\system32\DRIVERS\avfwim.sys
17:00:53.0653 3544 avfwim - ok
17:00:53.0687 3544 [ 9D46038FC08B9D129AD001E2CCEBD25D ] avfwot C:\Windows\system32\DRIVERS\avfwot.sys
17:00:53.0705 3544 avfwot - ok
17:00:53.0719 3544 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:00:53.0737 3544 avgntflt - ok
17:00:53.0754 3544 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:00:53.0775 3544 avipbb - ok
17:00:53.0809 3544 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:00:53.0882 3544 AxInstSV - ok
17:00:53.0917 3544 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
17:00:53.0967 3544 b06bdrv - ok
17:00:53.0998 3544 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
17:00:54.0035 3544 b57nd60x - ok
17:00:54.0073 3544 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
17:00:54.0151 3544 BDESVC - ok
17:00:54.0166 3544 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
17:00:54.0206 3544 Beep - ok
17:00:54.0248 3544 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
17:00:54.0305 3544 BFE - ok
17:00:54.0339 3544 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\system32\qmgr.dll
17:00:54.0443 3544 BITS - ok
17:00:54.0467 3544 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:00:54.0494 3544 blbdrive - ok
17:00:54.0512 3544 [ FCAFAEF6798D7B51FF029F99A9898961 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:00:54.0558 3544 bowser - ok
17:00:54.0571 3544 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:00:54.0609 3544 BrFiltLo - ok
17:00:54.0621 3544 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:00:54.0655 3544 BrFiltUp - ok
17:00:54.0694 3544 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:00:54.0732 3544 BridgeMP - ok
17:00:54.0767 3544 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll
17:00:54.0797 3544 Browser - ok
17:00:54.0828 3544 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:00:54.0894 3544 Brserid - ok
17:00:54.0912 3544 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:00:54.0944 3544 BrSerWdm - ok
17:00:54.0958 3544 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:00:54.0976 3544 BrUsbMdm - ok
17:00:54.0993 3544 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:00:55.0028 3544 BrUsbSer - ok
17:00:55.0115 3544 [ 233F834C71F1EF95D266F86D0860D4D3 ] BstHdAndroidSvc C:\Program Files\BlueStacks\HD-Service.exe
17:00:55.0132 3544 BstHdAndroidSvc - ok
17:00:55.0158 3544 [ C029BA7C2C738E3DB33F96FB01DCAEA3 ] BstHdDrv C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys
17:00:55.0174 3544 BstHdDrv - ok
17:00:55.0233 3544 [ 6736C5C64313909CD8126B253A7AEE0F ] BstHdLogRotatorSvc C:\Program Files\BlueStacks\HD-LogRotatorService.exe
17:00:55.0247 3544 BstHdLogRotatorSvc - ok
17:00:55.0261 3544 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:00:55.0289 3544 BTHMODEM - ok
17:00:55.0327 3544 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
17:00:55.0381 3544 bthserv - ok
17:00:55.0460 3544 catchme - ok
17:00:55.0477 3544 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:00:55.0520 3544 cdfs - ok
17:00:55.0557 3544 [ 00CE90A2121B35BE27425894BAEA268E ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:00:55.0619 3544 cdrom - ok
17:00:55.0660 3544 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
17:00:55.0702 3544 CertPropSvc - ok
17:00:55.0724 3544 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:00:55.0751 3544 circlass - ok
17:00:55.0772 3544 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
17:00:55.0812 3544 CLFS - ok
17:00:55.0869 3544 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:00:55.0890 3544 clr_optimization_v2.0.50727_32 - ok
17:00:55.0921 3544 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:00:55.0936 3544 CmBatt - ok
17:00:55.0950 3544 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
17:00:55.0965 3544 cmdide - ok
17:00:55.0993 3544 [ 1B675691ED940766149C93E8F4488D68 ] CNG C:\Windows\system32\Drivers\cng.sys
17:00:56.0044 3544 CNG - ok
17:00:56.0065 3544 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:00:56.0080 3544 Compbatt - ok
17:00:56.0112 3544 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:00:56.0132 3544 CompositeBus - ok
17:00:56.0146 3544 COMSysApp - ok
17:00:56.0160 3544 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:00:56.0176 3544 crcdisk - ok
17:00:56.0212 3544 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:00:56.0266 3544 CryptSvc - ok
17:00:56.0284 3544 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
17:00:56.0355 3544 CSC - ok
17:00:56.0396 3544 [ AB09C0EFFF9D9AEDBB8747FC0DB63275 ] CscService C:\Windows\System32\cscsvc.dll
17:00:56.0452 3544 CscService - ok
17:00:56.0488 3544 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
17:00:56.0530 3544 DcomLaunch - ok
17:00:56.0556 3544 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
17:00:56.0602 3544 defragsvc - ok
17:00:56.0621 3544 [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:00:56.0665 3544 DfsC - ok
17:00:56.0693 3544 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:00:56.0746 3544 Dhcp - ok
17:00:56.0773 3544 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
17:00:56.0818 3544 discache - ok
17:00:56.0840 3544 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:00:56.0870 3544 Disk - ok
17:00:56.0895 3544 [ D0722E963D3C6145446874241401B209 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:00:56.0946 3544 Dnscache - ok
17:00:56.0963 3544 [ A8E0833D994D84936FA72EE1BEF4774F ] dot3svc C:\Windows\System32\dot3svc.dll
17:00:57.0022 3544 dot3svc - ok
17:00:57.0042 3544 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
17:00:57.0077 3544 DPS - ok
17:00:57.0098 3544 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:00:57.0115 3544 drmkaud - ok
17:00:57.0178 3544 [ 86DE3A68F965F3C2B6F1E21CC59E40AC ] DroidExplorerService C:\Program Files\Droid Explorer\DroidExplorer.Service.exe
17:00:57.0214 3544 DroidExplorerService ( UnsignedFile.Multi.Generic ) - warning
17:00:57.0214 3544 DroidExplorerService - detected UnsignedFile.Multi.Generic (1)
17:00:57.0257 3544 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:00:57.0271 3544 dtsoftbus01 - ok
17:00:57.0308 3544 [ 8B6C3464D7FAC176500061DBFFF42AD4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:00:57.0349 3544 DXGKrnl - ok
17:00:57.0373 3544 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
17:00:57.0416 3544 EapHost - ok
17:00:57.0501 3544 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
17:00:57.0595 3544 ebdrv - ok
17:00:57.0618 3544 [ F42309C4191C506B71DB5D1126D26318 ] EFS C:\Windows\System32\lsass.exe
17:00:57.0653 3544 EFS - ok
17:00:57.0701 3544 [ 4F2BBB2471556746E31F7DB5975AFD1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:00:57.0764 3544 ehRecvr - ok
17:00:57.0775 3544 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
17:00:57.0817 3544 ehSched - ok
17:00:57.0870 3544 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:00:57.0913 3544 elxstor - ok
17:00:57.0931 3544 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
17:00:57.0974 3544 ErrDev - ok
17:00:58.0012 3544 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
17:00:58.0058 3544 EventSystem - ok
17:00:58.0071 3544 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
17:00:58.0109 3544 exfat - ok
17:00:58.0129 3544 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:00:58.0188 3544 fastfat - ok
17:00:58.0212 3544 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
17:00:58.0271 3544 Fax - ok
17:00:58.0290 3544 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:00:58.0326 3544 fdc - ok
17:00:58.0352 3544 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
17:00:58.0382 3544 fdPHost - ok
17:00:58.0398 3544 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
17:00:58.0432 3544 FDResPub - ok
17:00:58.0455 3544 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:00:58.0483 3544 FileInfo - ok
17:00:58.0497 3544 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:00:58.0539 3544 Filetrace - ok
17:00:58.0555 3544 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:00:58.0579 3544 flpydisk - ok
17:00:58.0604 3544 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:00:58.0628 3544 FltMgr - ok
17:00:58.0677 3544 [ B6512A85815FDC3D560C3705F5BDB93D ] FontCache C:\Windows\system32\FntCache.dll
17:00:58.0729 3544 FontCache - ok
17:00:58.0762 3544 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:00:58.0771 3544 FontCache3.0.0.0 - ok
17:00:58.0780 3544 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:00:58.0798 3544 FsDepends - ok
17:00:58.0825 3544 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:00:58.0840 3544 Fs_Rec - ok
17:00:58.0870 3544 [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:00:58.0900 3544 fvevol - ok
17:00:58.0929 3544 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:00:58.0947 3544 gagp30kx - ok
17:00:58.0980 3544 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
17:00:59.0015 3544 gpsvc - ok
17:00:59.0079 3544 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:00:59.0089 3544 gupdate - ok
17:00:59.0094 3544 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:00:59.0103 3544 gupdatem - ok
17:00:59.0140 3544 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
17:00:59.0166 3544 hamachi - ok
17:00:59.0188 3544 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:00:59.0241 3544 hcw85cir - ok
17:00:59.0281 3544 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:00:59.0323 3544 HdAudAddService - ok
17:00:59.0352 3544 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:00:59.0376 3544 HDAudBus - ok
17:00:59.0394 3544 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:00:59.0418 3544 HidBatt - ok
17:00:59.0435 3544 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:00:59.0483 3544 HidBth - ok
17:00:59.0505 3544 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:00:59.0532 3544 HidIr - ok
17:00:59.0553 3544 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
17:00:59.0594 3544 hidserv - ok
17:00:59.0656 3544 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:00:59.0736 3544 HidUsb - ok
17:00:59.0760 3544 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:00:59.0802 3544 hkmsvc - ok
17:00:59.0823 3544 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:00:59.0869 3544 HomeGroupListener - ok
17:00:59.0892 3544 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:00:59.0923 3544 HomeGroupProvider - ok
17:00:59.0956 3544 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
17:00:59.0982 3544 HpSAMD - ok
17:01:00.0021 3544 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:01:00.0086 3544 HTTP - ok
17:01:00.0103 3544 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:01:00.0117 3544 hwpolicy - ok
17:01:00.0144 3544 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:01:00.0172 3544 i8042prt - ok
17:01:00.0199 3544 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
17:01:00.0226 3544 iaStorV - ok
17:01:00.0286 3544 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:01:00.0335 3544 idsvc - ok
17:01:00.0363 3544 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:01:00.0379 3544 iirsp - ok
17:01:00.0430 3544 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
17:01:00.0470 3544 IKEEXT - ok
17:01:00.0572 3544 [ F2C17D2C3D70C389193D9954E375E5E3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:01:00.0669 3544 IntcAzAudAddService - ok
17:01:00.0689 3544 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
17:01:00.0704 3544 intelide - ok
17:01:00.0740 3544 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:01:00.0773 3544 intelppm - ok
17:01:00.0802 3544 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:01:00.0855 3544 IPBusEnum - ok
17:01:00.0867 3544 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:01:00.0909 3544 IpFilterDriver - ok
17:01:00.0940 3544 [ 41D95A38DE261919C31263E864FC19B2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:01:00.0992 3544 iphlpsvc - ok
17:01:01.0010 3544 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:01:01.0041 3544 IPMIDRV - ok
17:01:01.0065 3544 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:01:01.0108 3544 IPNAT - ok
17:01:01.0137 3544 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:01:01.0176 3544 IRENUM - ok
17:01:01.0212 3544 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
17:01:01.0229 3544 isapnp - ok
17:01:01.0251 3544 [ D7084BACAF91E339BFCB5C777628EB57 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:01:01.0276 3544 iScsiPrt - ok
17:01:01.0298 3544 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:01:01.0315 3544 kbdclass - ok
17:01:01.0341 3544 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:01:01.0377 3544 kbdhid - ok
17:01:01.0392 3544 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso C:\Windows\system32\lsass.exe
17:01:01.0405 3544 KeyIso - ok
17:01:01.0464 3544 [ 4635935FC972C582632BF45C26BFCB0E ] KMService C:\Windows\system32\srvany.exe
17:01:01.0478 3544 KMService ( UnsignedFile.Multi.Generic ) - warning
17:01:01.0478 3544 KMService - detected UnsignedFile.Multi.Generic (1)
17:01:01.0508 3544 [ E36A061EC11B373826905B21BE10948F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:01:01.0526 3544 KSecDD - ok
17:01:01.0539 3544 [ C1F278A8151CACEB89BADAF336E37740 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:01:01.0561 3544 KSecPkg - ok
17:01:01.0596 3544 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
17:01:01.0649 3544 KtmRm - ok
17:01:01.0686 3544 [ BCA92CB047A4326925ECEF759DBAA233 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:01:01.0718 3544 LanmanServer - ok
17:01:01.0747 3544 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:01:01.0779 3544 LanmanWorkstation - ok
17:01:01.0818 3544 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:01:01.0861 3544 lltdio - ok
17:01:01.0892 3544 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:01:01.0932 3544 lltdsvc - ok
17:01:01.0949 3544 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
17:01:01.0983 3544 lmhosts - ok
17:01:02.0009 3544 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:01:02.0028 3544 LSI_FC - ok
17:01:02.0040 3544 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:01:02.0072 3544 LSI_SAS - ok
17:01:02.0089 3544 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:01:02.0107 3544 LSI_SAS2 - ok
17:01:02.0115 3544 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:01:02.0134 3544 LSI_SCSI - ok
17:01:02.0165 3544 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
17:01:02.0201 3544 luafv - ok
17:01:02.0226 3544 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:01:02.0248 3544 Mcx2Svc - ok
17:01:02.0266 3544 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:01:02.0282 3544 megasas - ok
17:01:02.0312 3544 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:01:02.0335 3544 MegaSR - ok
17:01:02.0416 3544 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:01:02.0434 3544 Microsoft Office Groove Audit Service - ok
17:01:02.0462 3544 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
17:01:02.0504 3544 MMCSS - ok
17:01:02.0532 3544 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
17:01:02.0571 3544 Modem - ok
17:01:02.0588 3544 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:01:02.0608 3544 monitor - ok
17:01:02.0625 3544 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:01:02.0653 3544 mouclass - ok
17:01:02.0673 3544 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:01:02.0716 3544 mouhid - ok
17:01:02.0740 3544 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:01:02.0759 3544 mountmgr - ok
17:01:02.0806 3544 [ 6380FF81DD4D78B23398752D2F46EA43 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:01:02.0828 3544 MozillaMaintenance - ok
17:01:02.0845 3544 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
17:01:02.0868 3544 mpio - ok
17:01:02.0883 3544 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:01:02.0946 3544 mpsdrv - ok
17:01:02.0984 3544 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
17:01:03.0022 3544 MpsSvc - ok
17:01:03.0040 3544 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:01:03.0071 3544 MRxDAV - ok
17:01:03.0089 3544 [ F4A054BE78AF7F410129C4B64B07DC9B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:01:03.0134 3544 mrxsmb - ok
17:01:03.0156 3544 [ DEFFA295BD1895C6ED8E3078412AC60B ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:01:03.0209 3544 mrxsmb10 - ok
17:01:03.0227 3544 [ 24D76ABE5DCAD22F19D105F76FDF0CE1 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:01:03.0263 3544 mrxsmb20 - ok
17:01:03.0280 3544 [ CB5D37E91135B0F15CEE64D1F1BA5DE5 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
17:01:03.0296 3544 msahci - ok
17:01:03.0314 3544 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
17:01:03.0335 3544 msdsm - ok
17:01:03.0367 3544 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
17:01:03.0394 3544 MSDTC - ok
17:01:03.0416 3544 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:01:03.0449 3544 Msfs - ok
17:01:03.0477 3544 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:01:03.0516 3544 mshidkmdf - ok
17:01:03.0535 3544 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
17:01:03.0550 3544 msisadrv - ok
17:01:03.0580 3544 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:01:03.0624 3544 MSiSCSI - ok
17:01:03.0631 3544 msiserver - ok
17:01:03.0654 3544 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:01:03.0690 3544 MSKSSRV - ok
17:01:03.0709 3544 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:01:03.0749 3544 MSPCLOCK - ok
17:01:03.0756 3544 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:01:03.0787 3544 MSPQM - ok
17:01:03.0810 3544 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:01:03.0830 3544 MsRPC - ok
17:01:03.0846 3544 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:01:03.0856 3544 mssmbios - ok
17:01:03.0870 3544 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:01:03.0901 3544 MSTEE - ok
17:01:03.0912 3544 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:01:03.0939 3544 MTConfig - ok
17:01:03.0977 3544 [ 0F24624106D8042E7F27882D9D6FF5C0 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
17:01:04.0014 3544 MTsensor - ok
17:01:04.0032 3544 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
17:01:04.0050 3544 Mup - ok
17:01:04.0082 3544 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
17:01:04.0124 3544 napagent - ok
17:01:04.0150 3544 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:01:04.0189 3544 NativeWifiP - ok
17:01:04.0226 3544 [ 779E9149D3662ED6BEB58A67E3C775F4 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:01:04.0250 3544 NDIS - ok
17:01:04.0269 3544 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:01:04.0302 3544 NdisCap - ok
17:01:04.0322 3544 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:01:04.0366 3544 NdisTapi - ok
17:01:04.0380 3544 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:01:04.0415 3544 Ndisuio - ok
17:01:04.0431 3544 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:01:04.0469 3544 NdisWan - ok
17:01:04.0482 3544 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:01:04.0515 3544 NDProxy - ok
17:01:04.0530 3544 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:01:04.0563 3544 NetBIOS - ok
17:01:04.0581 3544 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:01:04.0632 3544 NetBT - ok
17:01:04.0639 3544 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\Windows\system32\lsass.exe
17:01:04.0652 3544 Netlogon - ok
17:01:04.0683 3544 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
17:01:04.0724 3544 Netman - ok
17:01:04.0753 3544 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
17:01:04.0796 3544 netprofm - ok
17:01:04.0818 3544 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:01:04.0839 3544 NetTcpPortSharing - ok
17:01:04.0869 3544 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:01:04.0886 3544 nfrd960 - ok
17:01:04.0910 3544 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
17:01:04.0945 3544 NlaSvc - ok
17:01:04.0960 3544 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:01:04.0995 3544 Npfs - ok
17:01:05.0020 3544 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
17:01:05.0055 3544 nsi - ok
17:01:05.0064 3544 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:01:05.0105 3544 nsiproxy - ok
17:01:05.0148 3544 [ 464D40A87E3217DE8E376BA75CDF217B ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:01:05.0201 3544 Ntfs - ok
17:01:05.0217 3544 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
17:01:05.0259 3544 Null - ok
17:01:05.0291 3544 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
17:01:05.0316 3544 NVENETFD - ok
17:01:05.0546 3544 [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:01:05.0919 3544 nvlddmkm - ok
17:01:05.0951 3544 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
17:01:05.0971 3544 nvraid - ok
17:01:05.0992 3544 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
17:01:06.0003 3544 nvstor - ok
17:01:06.0084 3544 [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc C:\Windows\system32\nvvsvc.exe
17:01:06.0105 3544 nvsvc - ok
17:01:06.0182 3544 [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:01:06.0213 3544 nvUpdatusService - ok
17:01:06.0234 3544 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
17:01:06.0264 3544 nv_agp - ok
17:01:06.0352 3544 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:01:06.0388 3544 odserv - ok
17:01:06.0416 3544 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:01:06.0469 3544 ohci1394 - ok
17:01:06.0516 3544 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:01:06.0537 3544 ose - ok
17:01:06.0574 3544 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:01:06.0618 3544 p2pimsvc - ok
17:01:06.0649 3544 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
17:01:06.0674 3544 p2psvc - ok
17:01:06.0710 3544 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:01:06.0740 3544 Parport - ok
17:01:06.0758 3544 [ FF4218952B51DE44FE910953A3E686B9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:01:06.0785 3544 partmgr - ok
17:01:06.0796 3544 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
17:01:06.0812 3544 Parvdm - ok
17:01:06.0838 3544 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:01:06.0858 3544 PcaSvc - ok
17:01:06.0866 3544 [ 80A4748A0304715C29093311795AC448 ] pci C:\Windows\system32\DRIVERS\pci.sys
17:01:06.0888 3544 pci - ok
17:01:06.0916 3544 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
17:01:06.0931 3544 pciide - ok
17:01:06.0950 3544 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:01:06.0974 3544 pcmcia - ok
17:01:06.0981 3544 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
17:01:06.0998 3544 pcw - ok
17:01:07.0035 3544 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:01:07.0097 3544 PEAUTH - ok
17:01:07.0144 3544 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:01:07.0192 3544 PeerDistSvc - ok
17:01:07.0255 3544 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
17:01:07.0339 3544 pla - ok
17:01:07.0371 3544 [ 2CC2008F1296968FBA162ED9F9AFE328 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:01:07.0414 3544 PlugPlay - ok
17:01:07.0432 3544 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:01:07.0451 3544 PNRPAutoReg - ok
17:01:07.0474 3544 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:01:07.0491 3544 PNRPsvc - ok
17:01:07.0523 3544 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:01:07.0566 3544 PolicyAgent - ok
17:01:07.0595 3544 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
17:01:07.0627 3544 Power - ok
17:01:07.0657 3544 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:01:07.0705 3544 PptpMiniport - ok
17:01:07.0724 3544 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:01:07.0755 3544 Processor - ok
17:01:07.0784 3544 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll
17:01:07.0828 3544 ProfSvc - ok
17:01:07.0842 3544 [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:01:07.0855 3544 ProtectedStorage - ok
17:01:07.0883 3544 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:01:07.0934 3544 Psched - ok
17:01:07.0984 3544 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:01:08.0035 3544 ql2300 - ok
17:01:08.0053 3544 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:01:08.0074 3544 ql40xx - ok
17:01:08.0114 3544 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
17:01:08.0151 3544 QWAVE - ok
17:01:08.0165 3544 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:01:08.0204 3544 QWAVEdrv - ok
17:01:08.0225 3544 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:01:08.0266 3544 RasAcd - ok
17:01:08.0282 3544 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:01:08.0340 3544 RasAgileVpn - ok
17:01:08.0357 3544 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
17:01:08.0396 3544 RasAuto - ok
17:01:08.0410 3544 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:01:08.0448 3544 Rasl2tp - ok
17:01:08.0476 3544 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
17:01:08.0511 3544 RasMan - ok
17:01:08.0538 3544 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:01:08.0588 3544 RasPppoe - ok
17:01:08.0605 3544 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:01:08.0661 3544 RasSstp - ok
17:01:08.0679 3544 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:01:08.0727 3544 rdbss - ok
17:01:08.0744 3544 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:01:08.0762 3544 rdpbus - ok
17:01:08.0771 3544 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:01:08.0804 3544 RDPCDD - ok
17:01:08.0825 3544 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:01:08.0891 3544 RDPDR - ok
17:01:08.0914 3544 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:01:08.0946 3544 RDPENCDD - ok
17:01:08.0968 3544 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:01:09.0012 3544 RDPREFMP - ok
17:01:09.0032 3544 [ 2AC60BD1EE821C8892D46271D6474D07 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:01:09.0084 3544 RDPWD - ok
17:01:09.0110 3544 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:01:09.0133 3544 rdyboost - ok
17:01:09.0153 3544 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
17:01:09.0205 3544 RemoteAccess - ok
17:01:09.0232 3544 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:01:09.0274 3544 RemoteRegistry - ok
17:01:09.0294 3544 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:01:09.0325 3544 RpcEptMapper - ok
17:01:09.0352 3544 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
17:01:09.0378 3544 RpcLocator - ok
17:01:09.0404 3544 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\System32\rpcss.dll
17:01:09.0438 3544 RpcSs - ok
17:01:09.0463 3544 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:01:09.0512 3544 rspndr - ok
17:01:09.0530 3544 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
17:01:09.0570 3544 s3cap - ok
17:01:09.0583 3544 [ F42309C4191C506B71DB5D1126D26318 ] SamSs C:\Windows\system32\lsass.exe
17:01:09.0597 3544 SamSs - ok
17:01:09.0617 3544 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
17:01:09.0637 3544 sbp2port - ok
17:01:09.0727 3544 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
17:01:09.0753 3544 SBSDWSCService - ok
17:01:09.0782 3544 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:01:09.0836 3544 SCardSvr - ok
17:01:09.0851 3544 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:01:09.0900 3544 scfilter - ok
17:01:09.0933 3544 [ 3E8B0C453E25613A1F59762A5C42AA75 ] Schedule C:\Windows\system32\schedsvc.dll
17:01:09.0996 3544 Schedule - ok
17:01:10.0008 3544 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:01:10.0036 3544 SCPolicySvc - ok
17:01:10.0061 3544 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:01:10.0128 3544 SDRSVC - ok
17:01:10.0164 3544 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:01:10.0205 3544 secdrv - ok
17:01:10.0228 3544 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
17:01:10.0271 3544 seclogon - ok
17:01:10.0293 3544 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
17:01:10.0334 3544 SENS - ok
17:01:10.0347 3544 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:01:10.0404 3544 SensrSvc - ok
17:01:10.0426 3544 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:01:10.0443 3544 Serenum - ok
17:01:10.0462 3544 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:01:10.0483 3544 Serial - ok
17:01:10.0496 3544 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:01:10.0537 3544 sermouse - ok
17:01:10.0576 3544 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
17:01:10.0618 3544 SessionEnv - ok
17:01:10.0628 3544 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
17:01:10.0688 3544 sffdisk - ok
17:01:10.0709 3544 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:01:10.0735 3544 sffp_mmc - ok
17:01:10.0753 3544 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
17:01:10.0768 3544 sffp_sd - ok
17:01:10.0779 3544 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:01:10.0802 3544 sfloppy - ok
17:01:10.0829 3544 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:01:10.0863 3544 SharedAccess - ok
17:01:10.0890 3544 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:01:10.0921 3544 ShellHWDetection - ok
17:01:10.0947 3544 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
17:01:10.0965 3544 sisagp - ok
17:01:10.0987 3544 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:01:11.0004 3544 SiSRaid2 - ok
17:01:11.0018 3544 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:01:11.0036 3544 SiSRaid4 - ok
17:01:11.0096 3544 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:01:11.0105 3544 SkypeUpdate - ok
17:01:11.0125 3544 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:01:11.0180 3544 Smb - ok
17:01:11.0226 3544 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:01:11.0245 3544 SNMPTRAP - ok
17:01:11.0272 3544 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
17:01:11.0287 3544 spldr - ok
17:01:11.0312 3544 [ 4B63E1FBE65B231D368EFBB1070AD110 ] Spooler C:\Windows\System32\spoolsv.exe
17:01:11.0371 3544 Spooler - ok
17:01:11.0445 3544 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
17:01:11.0511 3544 sppsvc - ok
17:01:11.0527 3544 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:01:11.0573 3544 sppuinotify - ok
17:01:11.0604 3544 [ 2BA4EBC7DFBA845A1EDBE1F75913BE33 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:01:11.0669 3544 srv - ok
17:01:11.0689 3544 [ DCE7E10FEAABD4CAE95948B3DE5340BB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:01:11.0751 3544 srv2 - ok
17:01:11.0772 3544 [ B5665BAA2120B8A54E22E9CD07C05106 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:01:11.0810 3544 srvnet - ok
17:01:11.0842 3544 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:01:11.0874 3544 SSDPSRV - ok
17:01:11.0914 3544 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
17:01:11.0927 3544 ssmdrv - ok
17:01:11.0939 3544 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:01:11.0982 3544 SstpSvc - ok
17:01:12.0006 3544 Steam Client Service - ok
17:01:12.0036 3544 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:01:12.0052 3544 stexstor - ok
17:01:12.0091 3544 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
17:01:12.0116 3544 StiSvc - ok
17:01:12.0139 3544 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
17:01:12.0169 3544 storflt - ok
17:01:12.0195 3544 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
17:01:12.0212 3544 storvsc - ok
17:01:12.0226 3544 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:01:12.0241 3544 swenum - ok
17:01:12.0325 3544 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:01:12.0354 3544 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
17:01:12.0355 3544 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
17:01:12.0384 3544 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
17:01:12.0429 3544 swprv - ok
17:01:12.0463 3544 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
17:01:12.0515 3544 SysMain - ok
17:01:12.0529 3544 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:01:12.0565 3544 TabletInputService - ok
17:01:12.0592 3544 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
17:01:12.0626 3544 TapiSrv - ok
17:01:12.0637 3544 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
17:01:12.0683 3544 TBS - ok
17:01:12.0726 3544 [ CB79D3F4BE0AC26892980330E448018D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:01:12.0781 3544 Tcpip - ok
17:01:12.0820 3544 [ CB79D3F4BE0AC26892980330E448018D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:01:12.0851 3544 TCPIP6 - ok
17:01:12.0870 3544 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:01:12.0914 3544 tcpipreg - ok
17:01:12.0940 3544 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:01:12.0998 3544 TDPIPE - ok
17:01:13.0016 3544 [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:01:13.0049 3544 TDTCP - ok
17:01:13.0066 3544 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:01:13.0102 3544 tdx - ok
17:01:13.0250 3544 [ 851C5080261DFC1FCDC21DF0E5EA3BCB ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
17:01:13.0329 3544 TeamViewer8 - ok
17:01:13.0359 3544 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:01:13.0392 3544 TermDD - ok
17:01:13.0426 3544 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
17:01:13.0477 3544 TermService - ok
17:01:13.0496 3544 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
17:01:13.0514 3544 Themes - ok
17:01:13.0527 3544 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
17:01:13.0556 3544 THREADORDER - ok
17:01:13.0568 3544 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
17:01:13.0605 3544 TrkWks - ok
17:01:13.0641 3544 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:01:13.0665 3544 TrustedInstaller - ok
17:01:13.0682 3544 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:01:13.0716 3544 tssecsrv - ok
17:01:13.0736 3544 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:01:13.0774 3544 tunnel - ok
17:01:13.0798 3544 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:01:13.0815 3544 uagp35 - ok
17:01:13.0834 3544 [ 2EFEE45A340E1590E37C2F2BAC16D051 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:01:13.0888 3544 udfs - ok
17:01:13.0918 3544 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:01:13.0957 3544 UI0Detect - ok
17:01:13.0980 3544 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
17:01:13.0998 3544 uliagpkx - ok
17:01:14.0016 3544 [ 71BBF3E8078D585ABF27411A8986EB95 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:01:14.0086 3544 umbus - ok
17:01:14.0114 3544 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:01:14.0150 3544 UmPass - ok
17:01:14.0173 3544 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
17:01:14.0189 3544 UmRdpService - ok
17:01:14.0221 3544 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
17:01:14.0255 3544 upnphost - ok
17:01:14.0270 3544 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:01:14.0329 3544 usbccgp - ok
17:01:14.0359 3544 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
17:01:14.0388 3544 usbcir - ok
17:01:14.0401 3544 [ 97C8C2750090CA722C73B8C8DDC7C82B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:01:14.0443 3544 usbehci - ok
17:01:14.0464 3544 [ 8B8601B4933275EDAB38D9994E0C0DDA ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:01:14.0491 3544 usbhub - ok
17:01:14.0503 3544 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:01:14.0519 3544 usbohci - ok
17:01:14.0534 3544 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:01:14.0563 3544 usbprint - ok
17:01:14.0593 3544 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:01:14.0639 3544 USBSTOR - ok
17:01:14.0645 3544 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:01:14.0670 3544 usbuhci - ok
17:01:14.0707 3544 [ F642A7E4BF78CFA359CCA0A3557C28D7 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:01:14.0731 3544 usbvideo - ok
17:01:14.0762 3544 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
17:01:14.0804 3544 UxSms - ok
17:01:14.0824 3544 [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc C:\Windows\system32\lsass.exe
17:01:14.0837 3544 VaultSvc - ok
17:01:14.0861 3544 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
17:01:14.0877 3544 vdrvroot - ok
17:01:14.0904 3544 [ 03E73018549D1A2906E6356FE3BD31D4 ] vds C:\Windows\System32\vds.exe
17:01:14.0968 3544 vds - ok
17:01:14.0988 3544 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:01:15.0013 3544 vga - ok
17:01:15.0034 3544 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:01:15.0068 3544 VgaSave - ok
17:01:15.0076 3544 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
17:01:15.0100 3544 vhdmp - ok
17:01:15.0118 3544 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
17:01:15.0136 3544 viaagp - ok
17:01:15.0143 3544 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
17:01:15.0169 3544 ViaC7 - ok
17:01:15.0188 3544 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
17:01:15.0203 3544 viaide - ok
17:01:15.0237 3544 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
17:01:15.0261 3544 vmbus - ok
17:01:15.0268 3544 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
17:01:15.0284 3544 VMBusHID - ok
17:01:15.0299 3544 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
17:01:15.0317 3544 volmgr - ok
17:01:15.0339 3544 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:01:15.0366 3544 volmgrx - ok
17:01:15.0383 3544 [ 70F41D1EBDD9EE6ED2FD0FC05AA1FC13 ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
17:01:15.0409 3544 volsnap - ok
17:01:15.0435 3544 [ 63EF70B7BFB875436D5983E3C77F0681 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
17:01:15.0497 3544 vpcbus - ok
17:01:15.0516 3544 [ 2559494DC74877AFCE97C6F75E4B7020 ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
17:01:15.0534 3544 vpcnfltr - ok
17:01:15.0556 3544 [ AC0ADAD2AD5A166100CF59FB9A7880B7 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
17:01:15.0586 3544 vpcusb - ok
17:01:15.0611 3544 [ 7A806CC4416FE9B1B9C091E31BC638BC ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
17:01:15.0627 3544 vpcvmm - ok
17:01:15.0652 3544 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:01:15.0672 3544 vsmraid - ok
17:01:15.0715 3544 [ F1BF254DC9EDA07E3A83BD111E39A350 ] VSS C:\Windows\system32\vssvc.exe
17:01:15.0791 3544 VSS - ok
17:01:15.0810 3544 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:01:15.0839 3544 vwifibus - ok
17:01:15.0857 3544 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
17:01:15.0903 3544 W32Time - ok
17:01:15.0928 3544 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:01:15.0945 3544 WacomPen - ok
17:01:15.0965 3544 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:01:16.0001 3544 WANARP - ok
17:01:16.0005 3544 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:01:16.0034 3544 Wanarpv6 - ok
17:01:16.0081 3544 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
17:01:16.0148 3544 wbengine - ok
17:01:16.0166 3544 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:01:16.0204 3544 WbioSrvc - ok
17:01:16.0229 3544 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:01:16.0269 3544 wcncsvc - ok
17:01:16.0294 3544 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:01:16.0369 3544 WcsPlugInService - ok
17:01:16.0387 3544 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:01:16.0403 3544 Wd - ok
17:01:16.0429 3544 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:01:16.0463 3544 Wdf01000 - ok
17:01:16.0481 3544 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:01:16.0507 3544 WdiServiceHost - ok
17:01:16.0512 3544 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:01:16.0530 3544 WdiSystemHost - ok
17:01:16.0556 3544 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\Windows\System32\webclnt.dll
17:01:16.0596 3544 WebClient - ok
17:01:16.0618 3544 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:01:16.0658 3544 Wecsvc - ok
17:01:16.0673 3544 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:01:16.0704 3544 wercplsupport - ok
17:01:16.0729 3544 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
17:01:16.0760 3544 WerSvc - ok
17:01:16.0792 3544 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:01:16.0823 3544 WfpLwf - ok
17:01:16.0836 3544 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:01:16.0852 3544 WIMMount - ok
17:01:16.0911 3544 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:01:16.0950 3544 WinDefend - ok
17:01:16.0958 3544 WinHttpAutoProxySvc - ok
17:01:17.0008 3544 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:01:17.0039 3544 Winmgmt - ok
17:01:17.0082 3544 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
17:01:17.0142 3544 WinRM - ok
17:01:17.0204 3544 [ B5BA3CC19D00F2EBA92F1CFBEBB5D650 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:01:17.0246 3544 WinUsb - ok
17:01:17.0290 3544 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:01:17.0334 3544 Wlansvc - ok
17:01:17.0428 3544 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:01:17.0471 3544 wlidsvc - ok
17:01:17.0496 3544 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:01:17.0516 3544 WmiAcpi - ok
17:01:17.0550 3544 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:01:17.0619 3544 wmiApSrv - ok
17:01:17.0685 3544 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:01:17.0753 3544 WMPNetworkSvc - ok
17:01:17.0779 3544 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:01:17.0813 3544 WPCSvc - ok
17:01:17.0827 3544 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:01:17.0872 3544 WPDBusEnum - ok
17:01:17.0897 3544 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:01:17.0941 3544 ws2ifsl - ok
17:01:17.0964 3544 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
17:01:17.0991 3544 wscsvc - ok
17:01:17.0999 3544 WSearch - ok
17:01:18.0053 3544 [ A33408CC036F9C08142B11BE5E93F0A1 ] wuauserv C:\Windows\system32\wuaueng.dll
17:01:18.0125 3544 wuauserv - ok
17:01:18.0144 3544 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:01:18.0188 3544 WudfPf - ok
17:01:18.0223 3544 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:01:18.0261 3544 WUDFRd - ok
17:01:18.0295 3544 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:01:18.0345 3544 wudfsvc - ok
17:01:18.0364 3544 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:01:18.0422 3544 WwanSvc - ok
17:01:18.0442 3544 XDva401 - ok
17:01:18.0452 3544 ================ Scan global ===============================
17:01:18.0472 3544 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
17:01:18.0499 3544 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
17:01:18.0510 3544 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
17:01:18.0539 3544 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:01:18.0555 3544 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:01:18.0560 3544 [Global] - ok
17:01:18.0561 3544 ================ Scan MBR ==================================
17:01:18.0575 3544 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:01:18.0966 3544 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:01:18.0966 3544 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:01:18.0974 3544 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:01:21.0912 3544 \Device\Harddisk1\DR1 - ok
17:01:21.0913 3544 ================ Scan VBR ==================================
17:01:21.0916 3544 [ 44E68D80B55B99B993DEF5ACD573AE2D ] \Device\Harddisk0\DR0\Partition1
17:01:21.0918 3544 \Device\Harddisk0\DR0\Partition1 - ok
17:01:21.0927 3544 [ E205FC325D655FAD5F78998D8DDF5897 ] \Device\Harddisk0\DR0\Partition2
17:01:21.0929 3544 \Device\Harddisk0\DR0\Partition2 - ok
17:01:21.0950 3544 [ B71B5E267ED19D597B002D4C176803DE ] \Device\Harddisk0\DR0\Partition3
17:01:21.0951 3544 \Device\Harddisk0\DR0\Partition3 - ok
17:01:21.0967 3544 [ 1A6E26D9DD2239C4BCA79DFC68FF8472 ] \Device\Harddisk0\DR0\Partition4
17:01:21.0968 3544 \Device\Harddisk0\DR0\Partition4 - ok
17:01:21.0995 3544 [ 5EC02C473B7A383160767D95BE0756D2 ] \Device\Harddisk0\DR0\Partition5
17:01:21.0997 3544 \Device\Harddisk0\DR0\Partition5 - ok
17:01:22.0002 3544 [ 720746560ED91277E0AF16E0EC4A4B3A ] \Device\Harddisk1\DR1\Partition1
17:01:22.0003 3544 \Device\Harddisk1\DR1\Partition1 - ok
17:01:22.0004 3544 ============================================================
17:01:22.0004 3544 Scan finished
17:01:22.0004 3544 ============================================================
17:01:22.0018 4592 Detected object count: 4
17:01:22.0018 4592 Actual detected object count: 4
17:02:06.0404 4592 DroidExplorerService ( UnsignedFile.Multi.Generic ) - skipped by user
17:02:06.0404 4592 DroidExplorerService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:02:06.0407 4592 KMService ( UnsignedFile.Multi.Generic ) - skipped by user
17:02:06.0407 4592 KMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:02:06.0410 4592 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
17:02:06.0410 4592 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:02:06.0453 4592 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:02:06.0457 4592 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
17:02:06.0460 4592 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
17:02:06.0464 4592 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
17:02:06.0465 4592 \Device\Harddisk0\DR0\TDLFS - deleted
17:02:06.0466 4592 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
17:02:26.0961 4892 Deinitialize success


There wasn't any problem.

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.18.07

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
kiko :: KIKOS-PC [administrator]

Protection: Enabled

18.01.2013 17:06:44
mbam-log-2013-01-18 (17-06-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223962
Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Detected: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 1364 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Delete on reboot.

(end)


This was also good.

Now, i did everything at the Event Viewer Tool but i had a small problem.

Posted Image

OTL logfile created on: 18.01.2013 18:23:17 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kiko\Desktop\Logs and Programs\OTL log plus program
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000042f | Country: Македонија | Language: MKI | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 41,96% Memory free
4,00 Gb Paging File | 2,16 Gb Available in Paging File | 54,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,20 Gb Total Space | 7,89 Gb Free Space | 27,01% Space Free | Partition Type: NTFS
Drive D: | 86,91 Gb Total Space | 12,51 Gb Free Space | 14,40% Space Free | Partition Type: NTFS
Drive E: | 87,37 Gb Total Space | 31,19 Gb Free Space | 35,70% Space Free | Partition Type: NTFS
Drive F: | 29,29 Gb Total Space | 2,63 Gb Free Space | 8,99% Space Free | Partition Type: NTFS
Drive K: | 3,73 Gb Total Space | 3,73 Gb Free Space | 100,00% Space Free | Partition Type: FAT32

Computer Name: KIKOS-PC | User Name: kiko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.01.17 21:30:48 | 000,541,608 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2013.01.17 18:24:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kiko\Desktop\Logs and Programs\OTL log plus program\OTL.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.30 18:40:45 | 001,354,736 | ---- | M] (Valve Corporation) -- E:\Steam\Steam.exe
PRC - [2012.11.29 14:50:25 | 003,463,080 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.11.07 00:43:20 | 000,312,168 | ---- | M] (Skillbrains) -- C:\Users\kiko\AppData\Local\Skillbrains\lightshot\3.2.0.0\LightShot.exe
PRC - [2012.10.23 17:48:35 | 000,578,611 | ---- | M] () -- C:\Program Files\Droid Explorer\SDK\tools\adb.exe
PRC - [2012.10.02 23:20:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.07.23 16:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe
PRC - [2012.06.11 01:27:26 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.06.11 01:27:25 | 000,567,464 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.06.11 01:27:25 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.06.11 01:27:25 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.06.11 01:27:25 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.17 12:03:06 | 000,254,464 | ---- | M] (Ryan Conrad) -- C:\Program Files\Droid Explorer\DroidExplorer.Service.exe
PRC - [2011.01.26 15:09:48 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 20:09:40 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.22 21:23:40 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.11.22 21:03:20 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2013.01.17 21:31:00 | 000,647,168 | ---- | M] () -- E:\Steam\sdl.dll
MOD - [2013.01.17 21:30:48 | 020,320,240 | ---- | M] () -- E:\Steam\bin\libcef.dll
MOD - [2013.01.17 21:30:47 | 001,100,800 | ---- | M] () -- E:\Steam\bin\avcodec-53.dll
MOD - [2013.01.17 21:30:47 | 000,969,640 | ---- | M] () -- E:\Steam\bin\chromehtml.dll
MOD - [2013.01.17 21:30:47 | 000,192,000 | ---- | M] () -- E:\Steam\bin\avformat-53.dll
MOD - [2013.01.17 21:30:47 | 000,124,416 | ---- | M] () -- E:\Steam\bin\avutil-51.dll
MOD - [2013.01.08 01:06:22 | 000,460,392 | ---- | M] () -- C:\Users\kiko\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.08 01:06:19 | 004,012,648 | ---- | M] () -- C:\Users\kiko\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
MOD - [2013.01.08 01:05:29 | 000,598,120 | ---- | M] () -- C:\Users\kiko\AppData\Local\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
MOD - [2013.01.08 01:05:28 | 000,124,520 | ---- | M] () -- C:\Users\kiko\AppData\Local\Google\Chrome\Application\24.0.1312.52\libegl.dll
MOD - [2013.01.08 01:05:25 | 001,553,000 | ---- | M] () -- C:\Users\kiko\AppData\Local\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll
MOD - [2012.10.09 19:17:36 | 000,357,376 | ---- | M] () -- C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.5_0\plugin\screen_capture.dll
MOD - [2012.06.18 16:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013.01.17 21:30:48 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.01.09 00:43:45 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.29 14:50:25 | 003,463,080 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.05 23:15:39 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2012.10.02 23:20:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.07.23 16:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012.07.23 16:18:16 | 000,395,416 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012.06.11 01:27:26 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.06.11 01:27:25 | 000,567,464 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.06.11 01:27:25 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.06.11 01:27:25 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.06.11 01:27:25 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.06.01 16:39:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.05.17 12:03:06 | 000,254,464 | ---- | M] (Ryan Conrad) [Auto | Running] -- C:\Program Files\Droid Explorer\DroidExplorer.Service.exe -- (DroidExplorerService)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\kiko\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.11.17 13:39:30 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.10.02 23:20:00 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.07.23 16:18:34 | 000,064,664 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys -- (BstHdDrv)
DRV - [2012.06.11 01:27:26 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.06.11 01:27:26 | 000,106,904 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2012.06.11 01:27:26 | 000,082,952 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2012.06.11 01:27:26 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.06.06 23:33:21 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010.06.17 13:23:04 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.22 21:00:57 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.11.22 20:37:42 | 000,293,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009.11.22 20:37:42 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009.11.22 20:37:42 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009.11.22 20:37:42 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = mk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 15 1D F0 0E EA CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {B3834E60-12A8-11E0-A289-939FDFD72085}:2.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\kiko\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\kiko\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\kiko\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.06 20:02:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.17 18:24:09 | 000,000,000 | ---D | M]

[2012.06.07 19:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kiko\AppData\Roaming\mozilla\Extensions
[2012.12.06 21:11:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kiko\AppData\Roaming\mozilla\Firefox\Profiles\s70ipxie.default\extensions
[2012.06.22 22:30:05 | 000,000,000 | ---D | M] (Search Assistant) -- C:\Users\kiko\AppData\Roaming\mozilla\Firefox\Profiles\s70ipxie.default\extensions\{B3834E60-12A8-11E0-A289-939FDFD72085}
[2012.12.06 21:11:26 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\kiko\AppData\Roaming\mozilla\firefox\profiles\s70ipxie.default\extensions\[email protected]
[2012.06.06 20:02:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.06.01 16:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.01 16:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.01 16:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\kiko\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\kiko\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\kiko\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\kiko\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Ultimate YouTube Downloader = C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkpkealncpcbfklpgnggcgjjdkbljop\1.0.1.5_0\
CHR - Extension: Screen Capture (by Google) = C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.5_0\
CHR - Extension: The Fancy Pants Adventure: World 3 = C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkhdmbmfffghpmjjcmlcdakbffakkamm\1.5.1_0\
CHR - Extension: eRepublik Advanced = C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebeenikkcpgaekfgbnflbaaihalfifkk\4.1.0.0_1\
CHR - Extension: eRepublik Mercenary Achievement = C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpoihipbfboabnmehaembpncngekkjol\1.2_0\
CHR - Extension: RW.info Autosupport = C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobjficlddlkoldlhbakaafapjffcjll\0.1_0\
CHR - Extension: eRepublik warning link remover = C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleonoamaepndbbbbpgbiifbdbenogoo\1.0_0\
CHR - Extension: eRepublik Hide Energy Bar = C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjangafmejllondkhlnpcopkhjmkgeoi\0.0.5_0\
CHR - Extension: Troll Emoticons = C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedlgpcekbimemkepdmagemjhnnhajl\5.1_0\
CHR - Extension: Auto Refresh Plus = C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\1.8.9.19_0\
CHR - Extension: Google Reader = C:\Users\kiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\

O1 HOSTS File: ([2013.01.17 20:20:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\kiko\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [LightShot] C:\Users\kiko\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O4 - Startup: C:\Users\kiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiSkypeLauncher.lnk = C:\Program Files\MultiSkypeLauncher\MultiSkypeLauncher.exe (IM-history)
O4 - Startup: C:\Users\kiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Steam.lnk = E:\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34FCFC5F-3863-4CE2-962D-8812FAAD6469}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.05.20 00:01:59 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012.05.20 00:02:00 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012.05.20 00:02:00 | 000,000,000 | R--D | M] - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\kiko\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: LightShot - hkey= - key= - C:\Users\kiko\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.01.18 17:05:28 | 000,000,000 | ---D | C] -- C:\Users\kiko\AppData\Roaming\Malwarebytes
[2013.01.18 17:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.18 17:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.18 17:05:11 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.18 17:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.18 17:02:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.01.17 21:43:49 | 000,000,000 | ---D | C] -- C:\Users\kiko\AppData\Roaming\MultiSkypeLauncher
[2013.01.17 21:41:12 | 000,000,000 | ---D | C] -- C:\Users\kiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MultiSkypeLauncher
[2013.01.17 21:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\MultiSkypeLauncher
[2013.01.17 21:12:04 | 000,000,000 | ---D | C] -- C:\Users\kiko\Desktop\Logs and Programs
[2013.01.17 20:20:31 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.01.17 20:14:46 | 000,000,000 | ---D | C] -- C:\Users\kiko\AppData\Local\temp
[2013.01.17 20:14:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.17 20:04:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.17 20:04:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.17 20:04:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.17 20:04:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.17 20:03:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.17 18:34:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.17 18:24:01 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.01.16 16:36:13 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvci70.dll
[2013.01.16 16:29:54 | 000,000,000 | ---D | C] -- C:\Users\kiko\Documents\Bully Scholarship Edition
[2013.01.13 02:15:04 | 000,000,000 | ---D | C] -- C:\Users\kiko\AppData\Roaming\Teeworlds
[2013.01.10 02:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2013.01.09 23:14:34 | 000,000,000 | ---D | C] -- C:\Users\kiko\AppData\Roaming\.minecraft
[2013.01.09 22:34:23 | 000,000,000 | ---D | C] -- C:\Users\kiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossfire Europe
[2013.01.07 04:20:33 | 000,000,000 | ---D | C] -- C:\Users\kiko\AppData\Local\{13666C2C-6D9B-491F-BD01-5A9129E51ED9}
[2013.01.02 22:05:54 | 000,000,000 | ---D | C] -- C:\Users\kiko\Documents\SimCity 4
[2013.01.01 23:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArtMoney SE
[2013.01.01 23:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\ArtMoney
[2012.12.30 15:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe
[2012.12.26 22:43:56 | 000,000,000 | ---D | C] -- C:\Users\kiko\Documents\EA Games
[2012.12.26 22:32:27 | 007,697,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012.12.26 22:32:27 | 000,888,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll
[2012.12.26 22:32:26 | 010,837,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012.12.26 22:32:26 | 006,127,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2012.12.26 22:32:26 | 001,867,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012.12.26 22:32:25 | 019,906,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012.12.26 22:32:25 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012.12.26 22:32:25 | 002,574,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012.12.26 22:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2012.12.25 00:07:10 | 000,000,000 | ---D | C] -- C:\Users\kiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.12.25 00:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.12.25 00:07:06 | 000,000,000 | ---D | C] -- C:\Users\kiko\AppData\Roaming\Notepad++
[2012.12.25 00:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2012.12.25 00:05:12 | 000,000,000 | ---D | C] -- C:\Users\kiko\AppData\Local\{335D3F8C-60B9-4D24-9853-0A3C7E0EB050}
[2012.12.24 22:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.12.24 22:06:30 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2012.12.24 22:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012.12.24 22:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012.12.24 22:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.12.24 22:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012.12.24 22:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012.12.24 21:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.12.24 21:58:26 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012.12.23 02:03:51 | 000,071,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\PhysXLoader.dll
[2012.12.23 02:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012.12.22 17:04:48 | 000,000,000 | ---D | C] -- C:\Users\kiko\AppData\Roaming\fltk.org
[2012.12.22 17:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\fltk.org
[2012.12.22 15:13:42 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2012.12.22 15:13:42 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2012.12.22 15:13:42 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2012.12.22 15:13:41 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2012.12.22 15:13:41 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2012.12.22 15:13:40 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2012.12.22 15:13:40 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2012.12.22 15:13:40 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2012.12.22 15:13:40 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2012.12.22 15:13:39 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2012.12.22 15:13:39 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2012.12.22 15:13:39 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2012.12.22 15:13:38 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2012.12.22 15:13:38 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2012.12.22 15:13:37 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2012.12.22 15:13:37 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2012.12.22 15:13:37 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2012.12.22 15:13:36 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2012.12.22 15:13:36 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2012.12.22 15:13:35 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2012.12.22 15:13:35 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2012.12.22 15:13:35 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2012.12.22 15:13:35 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2012.12.22 15:13:34 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2012.12.22 15:13:34 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2012.12.22 15:13:33 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2012.12.22 15:13:33 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2012.12.22 15:13:33 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2012.12.22 15:13:33 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2012.12.22 15:13:32 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2012.12.22 15:13:32 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2012.12.22 15:13:32 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2012.12.22 15:13:32 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2012.12.22 15:13:31 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2012.12.22 15:13:31 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2012.12.22 15:13:30 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2012.12.22 15:13:30 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2012.12.22 15:13:30 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2012.12.22 15:13:30 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2012.12.22 15:13:30 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2012.12.22 15:13:29 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2012.12.22 15:13:29 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2012.12.22 15:13:29 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2012.12.22 15:13:28 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2012.12.22 15:13:28 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2012.12.22 15:13:28 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2012.12.22 15:13:27 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2012.12.22 15:13:27 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2012.12.22 15:13:27 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2012.12.22 15:13:26 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2012.12.22 15:13:26 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2012.12.22 15:13:26 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2012.12.22 15:13:25 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2012.12.22 15:13:25 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2012.12.22 15:13:24 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2012.12.22 15:13:24 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2012.12.22 15:13:23 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2012.12.22 15:13:23 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2012.12.22 15:13:23 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2012.12.22 15:13:22 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2012.12.22 15:13:22 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2012.12.22 15:13:22 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2012.12.22 15:13:21 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2012.12.22 15:13:20 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2012.12.22 15:13:20 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2012.12.22 15:13:20 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2012.12.22 15:13:19 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2012.12.22 15:13:19 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2012.12.22 15:13:19 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2012.12.22 15:13:18 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2012.12.22 15:13:17 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2012.12.22 15:13:17 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2012.12.22 15:13:17 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2012.12.22 15:13:16 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2012.12.22 15:13:16 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2012.12.22 15:13:16 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2012.12.22 15:13:15 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2012.12.22 15:13:15 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2012.12.22 15:13:07 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2012.12.22 15:13:06 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2012.12.22 15:13:06 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2012.12.22 15:13:06 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2012.12.22 15:13:05 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2012.12.22 15:13:05 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2012.12.22 15:13:04 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2012.12.22 15:13:02 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2012.12.22 09:40:11 | 000,000,000 | ---D | C] -- C:\Users\kiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

========== Files - Modified Within 30 Days ==========

[2013.01.18 18:18:13 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.18 17:51:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.18 17:43:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.18 17:36:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1677309522-372048533-4060804009-1001UA.job
[2013.01.18 17:28:09 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1677309522-372048533-4060804009-1001UA.job
[2013.01.18 17:26:01 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.18 17:26:01 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.18 17:18:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.18 17:17:56 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.18 16:51:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-1677309522-372048533-4060804009-1001.job
[2013.01.18 15:27:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2013.01.17 21:41:12 | 000,001,143 | ---- | M] () -- C:\Users\kiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiSkypeLauncher.lnk
[2013.01.17 20:20:28 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.01.10 14:28:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1677309522-372048533-4060804009-1001Core.job
[2013.01.09 00:43:43 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.09 00:43:43 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.01.01 23:09:37 | 000,000,970 | ---- | M] () -- C:\Users\kiko\Application Data\Microsoft\Internet Explorer\Quick Launch\ArtMoney SE.lnk
[2012.12.31 11:36:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1677309522-372048533-4060804009-1001Core.job
[2012.12.31 02:23:59 | 000,607,530 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.31 02:23:59 | 000,103,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.25 00:07:10 | 000,001,021 | ---- | M] () -- C:\Users\kiko\Desktop\Notepad++.lnk
[2012.12.24 22:11:53 | 003,766,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.23 02:04:00 | 000,071,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\PhysXLoader.dll

========== Files Created - No Company Name ==========

[2013.01.17 21:41:12 | 000,001,143 | ---- | C] () -- C:\Users\kiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiSkypeLauncher.lnk
[2013.01.17 20:04:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.17 20:04:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.17 20:04:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.17 20:04:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.17 20:04:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.01 23:09:37 | 000,000,970 | ---- | C] () -- C:\Users\kiko\Application Data\Microsoft\Internet Explorer\Quick Launch\ArtMoney SE.lnk
[2012.12.25 00:07:10 | 000,001,021 | ---- | C] () -- C:\Users\kiko\Desktop\Notepad++.lnk
[2012.11.01 19:59:13 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.11.01 19:59:13 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012.11.01 19:59:10 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.11.01 19:59:10 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.11.01 19:59:08 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.10.28 01:38:13 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.10.08 19:43:54 | 000,000,173 | ---- | C] () -- C:\Users\kiko\AppData\Local\msmathematics.qat.kiko
[2012.10.05 23:16:00 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2012.06.08 18:04:18 | 000,001,006 | ---- | C] () -- C:\Users\kiko\AppData\Local\UserProducts.xml
[2012.06.06 23:33:21 | 000,006,504 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.12.16 16:34:44 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: ExcelSto r Technology SCSI Disk Device
Partitions: 5
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: PQI Traveling Disk USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100,00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 29,00GB
Starting Offset: 105906176
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 29,00GB
Starting Offset: 31461696000
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 174,00GB
Starting Offset: 62915166720
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 4,00GB
Starting Offset: 32256
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2013.01.09 23:19:06 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\.minecraft
[2012.11.25 23:11:37 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Adobe
[2012.11.25 23:12:09 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\AdobeUM
[2012.06.10 15:50:36 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Avira
[2012.06.21 01:57:33 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\DAEMON Tools Lite
[2012.07.30 00:01:44 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\dingogames
[2012.12.22 17:04:48 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\fltk.org
[2012.09.27 14:44:33 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\gd.sos.McPixel
[2012.06.06 19:46:27 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Identities
[2012.06.07 10:43:26 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Kalypso Media
[2012.06.06 21:19:18 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Macromedia
[2013.01.18 17:05:28 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Malwarebytes
[2009.07.14 08:48:45 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Media Center Programs
[2012.11.01 20:00:03 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Media Player Classic
[2012.12.24 21:42:45 | 000,000,000 | --SD | M] -- C:\Users\kiko\AppData\Roaming\Microsoft
[2012.07.26 23:39:34 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Mozilla
[2012.07.31 18:59:56 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Mp3tag
[2013.01.17 21:43:51 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\MultiSkypeLauncher
[2012.06.09 14:55:49 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Need for Speed World
[2012.12.25 00:11:01 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Notepad++
[2012.06.07 10:38:09 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\NVIDIA
[2012.06.06 20:00:43 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Opera
[2012.08.20 01:40:19 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Publish Providers
[2012.07.29 20:32:08 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Rovio
[2013.01.18 18:27:18 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Skype
[2012.08.20 01:33:05 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Sony
[2012.11.25 20:04:08 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\SystemRequirementsLab
[2012.06.20 18:46:11 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\TeamViewer
[2013.01.13 02:24:32 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Teeworlds
[2012.06.18 23:53:01 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\TinyAndBigUpThatMountain
[2012.07.21 17:03:03 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Tropico 4
[2013.01.14 23:49:51 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\TS3Client
[2013.01.17 18:22:26 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\uTorrent
[2012.11.10 00:49:32 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\VideoCodec
[2012.07.21 19:39:31 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\Windows Live Writer
[2012.06.18 19:31:44 | 000,000,000 | ---D | M] -- C:\Users\kiko\AppData\Roaming\WinRAR

< MD5 for: ATAPI.SYS >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_6acd47459c3a74fb\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f5054b97743c05b3\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20545_none_ddc35c9e9bda913a\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_dda2ecda9bf2e50d\atapi.sys

< MD5 for: CSRSS.EXE >
[2009.07.14 02:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009.07.14 02:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe
[2012.10.12 18:14:26 | 000,057,345 | RHS- | M] () Unable to obtain MD5 -- C:\_OTL\MovedFiles\01172013_183431\C_Users\kiko\AppData\Roaming\System32\csrss.exe

< MD5 for: EXPLORER.EXE >
[2009.11.22 21:02:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.11.22 21:23:40 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\erdnt\cache\explorer.exe
[2009.11.22 21:23:40 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.11.22 21:23:40 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.11.22 20:47:32 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.11.22 20:47:32 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.11.22 21:23:40 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2009.11.22 21:02:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009.07.14 02:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\erdnt\cache\mswsock.dll
[2009.07.14 02:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\System32\mswsock.dll
[2009.07.14 02:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009.07.14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\System32\NapiNSP.dll
[2009.07.14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2009.07.14 02:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\System32\nlaapi.dll
[2009.07.14 02:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_675c4bea6c3ddad6\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009.07.14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\System32\pnrpnsp.dll
[2009.07.14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_71556bd683c82a7a\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009.07.14 02:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\System32\PrintIsolationHost.exe
[2009.07.14 02:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\winsxs\x86_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_9c856911bff5c373\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009.11.22 21:19:02 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=AB59486E41610AB13B1555D7D585AE8F -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20548_none_705136794f3f8a98\winlogon.exe
[2009.11.22 21:19:02 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B151128D1FEBF745BC7EFDE9FACB165A -- C:\Windows\erdnt\cache\winlogon.exe
[2009.11.22 21:19:02 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B151128D1FEBF745BC7EFDE9FACB165A -- C:\Windows\System32\winlogon.exe
[2009.11.22 21:19:02 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B151128D1FEBF745BC7EFDE9FACB165A -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16440_none_6fbf975e36292016\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009.07.14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\System32\winrnr.dll
[2009.07.14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009.07.14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009.07.14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.06.01 16:40:25 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.06.01 16:40:25 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.06.01 16:40:25 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012.06.01 16:39:49 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012.06.01 16:39:49 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012.06.01 16:39:49 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.U64IPPU775DLJMX6ASMI6XS2MY\InstallInfo\\ShowIconsCommand: "C:\Users\kiko\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013.01.08 01:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.U64IPPU775DLJMX6ASMI6XS2MY\InstallInfo\\HideIconsCommand: "C:\Users\kiko\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013.01.08 01:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.U64IPPU775DLJMX6ASMI6XS2MY\InstallInfo\\ReinstallCommand: "C:\Users\kiko\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013.01.08 01:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.U64IPPU775DLJMX6ASMI6XS2MY\shell\open\command\\: "C:\Users\kiko\AppData\Local\Google\Chrome\Application\chrome.exe" [2013.01.08 01:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009.07.14 02:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009.07.14 02:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009.07.14 02:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009.07.14 02:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009.07.14 02:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2012.12.05 22:16:51 | 000,878,480 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2012.12.05 22:16:51 | 000,878,480 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2012.12.05 22:16:51 | 000,878,480 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012.12.05 22:16:51 | 000,878,480 | ---- | M] (Opera Software)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.06.01 16:40:25 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.06.01 16:40:25 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.06.01 16:40:25 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012.06.01 16:39:49 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012.06.01 16:39:49 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012.06.01 16:39:49 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.U64IPPU775DLJMX6ASMI6XS2MY\InstallInfo\\ShowIconsCommand: "C:\Users\kiko\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013.01.08 01:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.U64IPPU775DLJMX6ASMI6XS2MY\InstallInfo\\HideIconsCommand: "C:\Users\kiko\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013.01.08 01:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.U64IPPU775DLJMX6ASMI6XS2MY\InstallInfo\\ReinstallCommand: "C:\Users\kiko\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013.01.08 01:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.U64IPPU775DLJMX6ASMI6XS2MY\shell\open\command\\: "C:\Users\kiko\AppData\Local\Google\Chrome\Application\chrome.exe" [2013.01.08 01:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009.07.14 02:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009.07.14 02:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009.07.14 02:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009.07.14 02:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009.07.14 02:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2012.12.05 22:16:51 | 000,878,480 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2012.12.05 22:16:51 | 000,878,480 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2012.12.05 22:16:51 | 000,878,480 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012.12.05 22:16:51 | 000,878,480 | ---- | M] (Opera Software)

< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:28 | 000,186,368 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

OTL Extras logfile created on: 18.01.2013 18:23:17 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kiko\Desktop\Logs and Programs\OTL log plus program
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000042f | Country: Македонија | Language: MKI | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 41,96% Memory free
4,00 Gb Paging File | 2,16 Gb Available in Paging File | 54,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,20 Gb Total Space | 7,89 Gb Free Space | 27,01% Space Free | Partition Type: NTFS
Drive D: | 86,91 Gb Total Space | 12,51 Gb Free Space | 14,40% Space Free | Partition Type: NTFS
Drive E: | 87,37 Gb Total Space | 31,19 Gb Free Space | 35,70% Space Free | Partition Type: NTFS
Drive F: | 29,29 Gb Total Space | 2,63 Gb Free Space | 8,99% Space Free | Partition Type: NTFS
Drive K: | 3,73 Gb Total Space | 3,73 Gb Free Space | 100,00% Space Free | Partition Type: FAT32

Computer Name: KIKOS-PC | User Name: kiko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.U64IPPU775DLJMX6ASMI6XS2MY] -- C:\Users\kiko\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- D:\ORGANIZIRANO\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E515DE-ED56-4AFC-99F7-AFBA282F9A26}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{10F18CE0-F8CC-4D37-9763-4F28DBD2A75E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A0F84CC-7D1D-48E3-AA39-2737893E9D6D}" = rport=139 | protocol=6 | dir=out | app=system |
"{2329F6F9-07F0-4273-AEE5-3E067FD146BB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{39436265-9E8F-4911-8F42-5913BB051C71}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{630A92E9-0160-47AA-9D15-1A7FA113FC16}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6491D76B-6881-42C9-A987-E0B6809CD5D5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{73975CA1-E5E4-436F-8574-E86DD55990C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{75D24830-AB92-46A4-84B9-104307559AA4}" = rport=138 | protocol=17 | dir=out | app=system |
"{7619FD64-51C1-4BB7-910D-17356CFA5AA6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D88145A-0BD2-4372-8B59-3F845D410696}" = rport=137 | protocol=17 | dir=out | app=system |
"{81C1843B-56A2-48F2-858D-E55002349CAA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{98222DED-B6F9-45D3-9012-A645A13D2616}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{98F968C5-1B6C-466D-B192-46AEB38644A5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{991CF402-CAD2-406C-8894-514354AC2F70}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9AB0AFC2-912F-41BD-B07B-2D29D295FE51}" = lport=139 | protocol=6 | dir=in | app=system |
"{A5E0918D-6942-406F-9063-93E4DA9F540A}" = lport=137 | protocol=17 | dir=in | app=system |
"{AA29CEFE-8497-47A1-98CC-97B63B462747}" = lport=138 | protocol=17 | dir=in | app=system |
"{AD16284F-05E2-446F-950F-70231F0EA447}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AD1E92F2-032E-4CC7-AA7D-8E9C316E1634}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B9D11229-F8CF-4B2A-9B27-1A2E880EF004}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E13A80E1-B5C8-4055-AA5A-C7F61794400D}" = rport=445 | protocol=6 | dir=out | app=system |
"{FA67D8BF-F972-43C5-B0AD-7E31943FD614}" = lport=445 | protocol=6 | dir=in | app=system |
"{FE57B384-3C11-400D-A640-A1A575A600BF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A350B1F-A535-4573-B6F6-A942D0F192DE}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{0FB09E3D-BB88-4367-9457-21F2B96D5B04}" = protocol=6 | dir=in | app=e:\steam\steam.exe |
"{13028083-BCF1-4B2B-AA5C-76D38F26FF43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13611764-F0DE-471B-873C-913F6923744C}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{1EE3F42E-CBC4-4214-83AD-93C15BB0BDF9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3C31D9F2-5C52-4BD0-A051-FDA072A9CC5D}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{3C5BD0D4-F87C-44DC-9DC4-1E3B41F393E7}" = protocol=58 | dir=in | [email protected],-28545 |
"{3F770BA9-E30A-4AE0-88C5-438DFBFF4DE1}" = dir=in | app=c:\users\kiko\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{4334AC82-2C2F-445F-BD5E-E1625405C74F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4CD9FEA8-2AF6-4E2D-9DBF-54C2BCEEDCC0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{524C1874-6F36-4CBC-9E25-5FEF579DCE86}" = protocol=58 | dir=out | [email protected],-28546 |
"{61B4CC7D-2D00-4D23-AAD3-B59ED591B233}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{6F698AFD-8F7A-4C20-9AA5-FEF31518140A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{765F61CB-F623-43E7-96CC-1D144A522BC0}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{7D4DB5F2-CFC8-4A5C-82E3-81109BD3D791}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{7F38C770-4BD0-475A-A92E-17F6796D3D7A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{82F2E054-EFD0-4664-A68A-09EA41A64E25}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{8980B8CE-CAC0-45C5-898A-F7CB91908FB5}" = protocol=1 | dir=out | [email protected],-28544 |
"{8BEA777E-4A83-461B-8E68-695EAE57A57E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{915D1766-5EC6-4A58-AADA-DA0D00937FCF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{91E40A7A-53B3-4CEC-836B-33CFA71CBAE2}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{92060705-9FE8-4488-B098-54E08F78A524}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C7BAD13-A9CE-42E7-85FB-D46A363D5A23}" = protocol=6 | dir=out | app=system |
"{9FD57758-488B-4BB0-96CE-544A629343E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0112EAE-E516-42B5-9E31-C1EC2E3BF329}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A05107D1-8E7D-4343-8104-7C226C65C974}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A12F0FC3-89C2-4E90-A53F-0530C8C82FCA}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{A45DC5AD-52E6-4291-8A26-569A33BA240C}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{A7CE7E40-67DE-4342-AF2A-80C9F526119B}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{AA5028BA-0315-4F83-85DF-CEE8C9176DFB}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{AFE68730-5B1D-4A90-AE28-B1D9A86A3FB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3F96C91-9ED3-4680-954E-830C5582D851}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{B570E555-97C3-4B9B-934B-37ABC13BF9DD}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B8FE64FD-E3EB-4B53-A030-68912B496E51}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C5B4228E-B2EC-4828-927A-493840F0CE6F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D7325592-4B75-4F08-BE7D-E4C23DBD4B31}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{D75C95E7-C626-4D86-9104-4A17320AA6C8}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{D9047AD4-E420-46CB-AFB4-FFB471481BB7}" = protocol=1 | dir=in | [email protected],-28543 |
"{E09CB7B1-AE37-4EE8-A8D9-3696CF18CF1F}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{E8736588-C00D-41CF-9190-6C6EEF78DC1F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E8B783AB-035B-428F-BAAD-68998433C205}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EDF4F00C-FB0E-478F-811B-8C4BD1A39608}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{EF60B7B9-036A-4424-A1AD-3914FA27992C}" = protocol=17 | dir=in | app=e:\steam\steam.exe |
"{F047166E-5ADD-499A-B427-0956A4D03E93}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2FE1257-F656-44C2-87A2-A5ADA85AC4F4}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{F6BB390C-D226-4715-ADA5-9A3ACF94DFCD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FC124634-BA54-4366-B492-2EA631D8FEE1}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"TCP Query User{33D0C9D6-E9DF-4A45-857A-6B2514E635DE}D:\u torent downloads\nfs world\data\nfsw.exe" = protocol=6 | dir=in | app=d:\u torent downloads\nfs world\data\nfsw.exe |
"UDP Query User{F19C7578-0FDC-411D-A8BD-5DD1E4F1A213}D:\u torent downloads\nfs world\data\nfsw.exe" = protocol=17 | dir=in | app=d:\u torent downloads\nfs world\data\nfsw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C976EC5-842F-4313-B2AB-EDDBCCD3A222}" = System Requirements Lab
"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = lightshot-3.2.0.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}" = Vegas Pro 11.0
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A407FC22-36BF-4C82-A516-59D94BC505A9}" = System Requirements Lab Detection
"{A724605D-B399-4304-B8C7-33B3EF7D4677}" = Bully Scholarship Edition
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D62576C2-C084-4698-974A-5BE77714FDDD}" = System Requirements Lab Test
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ECD9B590-821B-4618-99E5-01830BC8F076}" = BlueStacks
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22E395E-F463-4F0A-8946-4D91914BD46D}" = Droid Explorer 0.8.8.2 (x86)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AMCap" = AMCap
"ArtMoney SE_is1" = ArtMoney SE v7.40.2
"Avira AntiVir Desktop" = Avira Premium Security Suite
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crossfire Europe" = Crossfire Europe
"DAEMON Tools Lite" = DAEMON Tools Lite
"DX-Ball 1.09" = DX-Ball 1.09
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{A724605D-B399-4304-B8C7-33B3EF7D4677}" = Bully Scholarship Edition
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"McPixel_is1" = McPixel version 1.0.4
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"MultiSkypeLauncher" = MultiSkypeLauncher (remove only)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Notepad++" = Notepad++
"Opera 12.11.1661" = Opera 12.11
"RADVideo" = RAD Video Tools
"Scribblenauts Unlimited_is1" = Scribblenauts Unlimited
"Steam App 17410" = Mirror's Edge
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 92" = Codename Gordon
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 8" = TeamViewer 8
"Tiny and Big - Up that Mountain" = Tiny & Big - Up that Mountain (remove only)
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15.01.2013 11:01:26 | Computer Name = kikos-pc | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "e:\crossfire europe\Aegis64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 15.01.2013 11:03:52 | Computer Name = kikos-pc | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 16.01.2013 00:04:33 | Computer Name = kikos-pc | Source = Application Error | ID = 1000
Description = Faulting application name: vidalia.exe, version: 0.2.21.0, time stamp:
0x50ba3144 Faulting module name: QtCore4.dll, version: 4.8.1.0, time stamp: 0x4f6c7688
Exception
code: 0xc0000005 Fault offset: 0x00249020 Faulting process id: 0x1740 Faulting application
start time: 0x01cdf39e51d2eb20 Faulting application path: D:\ORGANIZIRANO\Tor Browser\App\vidalia.exe
Faulting
module path: D:\ORGANIZIRANO\Tor Browser\App\QtCore4.dll Report Id: d53c9c40-5f91-11e2-b7a8-00259cee4f56

Error - 16.01.2013 11:13:12 | Computer Name = kikos-pc | Source = VSS | ID = 8194
Description =

Error - 16.01.2013 11:47:03 | Computer Name = kikos-pc | Source = Application Error | ID = 1000
Description = Faulting application name: Bully.exe, version: 0.0.0.0, time stamp:
0x493fea7e Faulting module name: Bully.exe, version: 0.0.0.0, time stamp: 0x493fea7e
Exception
code: 0xc0000005 Fault offset: 0x003476b6 Faulting process id: 0x1a18 Faulting application
start time: 0x01cdf4005f7ca510 Faulting application path: E:\Rockstar Games\Bully
Scholarship Edition\Bully.exe Faulting module path: E:\Rockstar Games\Bully Scholarship
Edition\Bully.exe Report Id: f8c03570-5ff3-11e2-ac63-00259cee4f56

Error - 16.01.2013 21:00:59 | Computer Name = kikos-pc | Source = Application Error | ID = 1000
Description = Faulting application name: Bully.exe, version: 0.0.0.0, time stamp:
0x493fea7e Faulting module name: Bully.exe, version: 0.0.0.0, time stamp: 0x493fea7e
Exception
code: 0xc0000005 Fault offset: 0x00050880 Faulting process id: 0x19cc Faulting application
start time: 0x01cdf400c40c34a0 Faulting application path: E:\Rockstar Games\Bully
Scholarship Edition\Bully.exe Faulting module path: E:\Rockstar Games\Bully Scholarship
Edition\Bully.exe Report Id: 5adcc230-6041-11e2-ac63-00259cee4f56

Error - 17.01.2013 15:20:02 | Computer Name = kikos-pc | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.ApplicationException: Cannot start
service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 17.01.2013 16:29:17 | Computer Name = kikos-pc | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.ApplicationException: Cannot start
service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 18.01.2013 10:12:06 | Computer Name = kikos-pc | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.ApplicationException: Cannot start
service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 18.01.2013 12:18:33 | Computer Name = kikos-pc | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.ApplicationException: Cannot start
service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

[ Media Center Events ]
Error - 30.06.2012 14:22:32 | Computer Name = kikos-pc | Source = MCUpdate | ID = 0
Description = 20:22:32 - Failed to retrieve Directory (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 30.06.2012 15:23:30 | Computer Name = kikos-pc | Source = MCUpdate | ID = 0
Description = 21:23:30 - Error connecting to the internet. 21:23:30 - Unable
to contact server..

Error - 30.06.2012 16:23:36 | Computer Name = kikos-pc | Source = MCUpdate | ID = 0
Description = 22:23:36 - Error connecting to the internet. 22:23:36 - Unable
to contact server..

Error - 26.07.2012 07:54:40 | Computer Name = kikos-pc | Source = MCUpdate | ID = 0
Description = 13:54:35 - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)


< End of report >

It took like 15-20 minutes. Ran fine.

Farbar Service Scanner Version: 16-01-2013
Ran by kiko (administrator) on 18-01-2013 at 18:49:51
Running from "C:\Users\kiko\Desktop\Logs and Programs\Farbar Service Scanner log plus program"
Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2009-12-16 16:37] - [2009-12-16 16:37] - 1287256 ____A (Microsoft Corporation) CB79D3F4BE0AC26892980330E448018D

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll
[2009-07-14 00:53] - [2009-07-14 02:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-14 00:54] - [2009-07-14 02:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-14 00:23] - [2009-07-14 02:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-11-22 21:07] - [2009-11-22 21:07] - 1025536 ____A (Microsoft Corporation) F1BF254DC9EDA07E3A83BD111E39A350

C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-07-14 01:15] - [2009-07-14 02:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\Windows\system32\qmgr.dll
[2009-07-14 00:30] - [2009-07-14 02:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll
[2009-12-16 16:37] - [2009-12-16 16:37] - 0498688 ____A (Microsoft Corporation) 41D95A38DE261919C31263E864FC19B2

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Now this was the quickest of all i think. It took like a minute.

Another thing, why did you tell me to delete µTorrent?

Edited by briannzys, 18 January 2013 - 12:06 PM.

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
utorrent is a P2P program and we do not like P2P because the files that you get have been stored on untrusted PCs where they can get infected. Also it can cause slowness and jam up your network. You can put it back when we are done if you must but leave it off until we finish.



TDSSKiller found TDSS and claimed to remove it. I would run it again and make sure TDSS is really gone. This was one of your problems. The other one that I saw was the stuff we removed with OTL:

[2012.10.12 18:14:30 | 000,057,345 | RHS- | C] () -- C:\Users\kiko\AppData\Roaming\svchost.exe
[2012.10.12 18:14:30 | 000,057,345 | RHS- | C] () -- C:\Users\kiko\AppData\Roaming\rundll32.exe
[2012.10.12 18:14:29 | 000,000,000 | RHSD | M] -- C:\Users\kiko\AppData\Roaming\System32


MBAM took out KMService. This is a program to fake register Microsoft Office. We do not condone software piracy so it has to stay off while we are working on your system.

You can delete the mbr.dat file. It's just a copy of your mbr. Since aswMBR says it's just the default win 7 MBR there is no need for it.

Yes VEW can't speak Macedonian. Sorry about that.

The Extras log gives me some of the same info. I can see that you need to uninstall Spybot S&D. It is not working correctly on your 64 bit system.

Also E:\Rockstar Games\Bully\Scholarship Edition\Bully.exe is throwing errors so I think it's a bad game at least for a 64 bit system.

Something called BlueStacks is not happy. I would uninstall it. If it's something you need you might look for a newer version. Make sure you right click and Run As Admin when you reinstall it.


Something called e:\crossfire europe\Aegis64.exe is not designed for your pc so should not be used.

IF your high CPU comes back.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Do the above when the CPU is running close to 100% and we can see what is causing it. You may need to leave it running so you can capture the high cpu time quickly.
  • 0

#7
briannzys

briannzys

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I've got a 32 bit system.
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Right.

I just saw this:

"e:\crossfire europe\Aegis64.exe and assumed the 64 meant it was for a 64 bit system. Perhaps it's the language that is causing the problem but in any case they aren't happy.
  • 0

#9
briannzys

briannzys

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Wow, you [bleep]ed up my computer so bad that my cpu actually overheated a couple of times and broke. I had to buy a new CPU. Also that didn't really work and it still went to 100%
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Exactly what do you think I did to your CPU?

It would be pretty hard to cause a CPU to overheat from what we have done or with any software. Normally when a CPU gets pushed too hard by software it will slow down to protect itself. Sound more like your fan failed or your PC is clogged with dust. When you replaced the CPU did you put thermal paste between it and the heatsink?
  • 0

#11
briannzys

briannzys

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I didn't replace it because i bought a new one.

And i said that it was like this from the beginning, it wasn't from any program. There wasn't a need for deleting programs.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP