Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

svchost (LocalService) downloading files continuously to C: drive


  • Please log in to reply

#31
biggy c

biggy c

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Alright, here's the first OTL log:

========== OTL ==========
C:\Windows\System32\東方SASA.udd moved successfully.
File C:\Windows\System32\東方SASA.udd not found.
========== FILES ==========
File\Folder C:\Windows\tasks\At*.job not found.
C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\L folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4 folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-18 folder moved successfully.
C:\Windows\assembly\GAC\VsWebSite.Interop90\9.0.0.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\VsWebSite.Interop90 folder moved successfully.
C:\Windows\assembly\GAC\VsWebSite.Interop100\10.0.0.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\VsWebSite.Interop100 folder moved successfully.
C:\Windows\assembly\GAC\VsWebSite.Interop\8.0.0.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\VsWebSite.Interop folder moved successfully.
C:\Windows\assembly\GAC\VslangProj90\9.0.0.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\VslangProj90 folder moved successfully.
C:\Windows\assembly\GAC\VSLangProj80\8.0.0.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\VSLangProj80 folder moved successfully.
C:\Windows\assembly\GAC\VSLangProj2\7.0.5000.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\VSLangProj2 folder moved successfully.
C:\Windows\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\VSLangProj folder moved successfully.
C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\stdole folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.office folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access folder moved successfully.
C:\Windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\office folder moved successfully.
C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\MSDATASRC folder moved successfully.
C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\mscomctl folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.VSHelp80\8.0.0.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.VSHelp80 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.VSHelp folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.VCProjectEngine\10.0.0.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.VCProjectEngine folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.VCProject\10.0.0.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.VCProject folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.VCCodeModel\10.0.0.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.VCCodeModel folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.9.0 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.8.0 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop\7.1.40304.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.9.0 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.8.0 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop\7.1.40304.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.Designer.Interfaces\1.0.5000.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.Designer.Interfaces folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.Debugger.InteropA\9.0.0.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.Debugger.InteropA folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.Debugger.Interop\8.0.1.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.Debugger.Interop folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.CommandBars\8.0.0.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.VisualStudio.CommandBars folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Vbe.Interop.Forms folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Vbe.Interop folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.StdFormat folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.Word folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.SmartTag folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.Publisher folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.Outlook folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.OneNote folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.Graph folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.Excel folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.Interop.Access folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Office.InfoPath.Permission folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.mshtml folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.Ink folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\Microsoft.DirectX folder moved successfully.
C:\Windows\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c folder moved successfully.
C:\Windows\assembly\GAC\ipdmctrl folder moved successfully.
C:\Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\IALoader folder moved successfully.
C:\Windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\IACore folder moved successfully.
C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\Extensibility folder moved successfully.
C:\Windows\assembly\GAC\EnvDTE90a\9.0.0.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\EnvDTE90a folder moved successfully.
C:\Windows\assembly\GAC\EnvDTE90\9.0.0.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\EnvDTE90 folder moved successfully.
C:\Windows\assembly\GAC\EnvDTE80\8.0.0.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\EnvDTE80 folder moved successfully.
C:\Windows\assembly\GAC\EnvDTE\8.0.0.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\EnvDTE folder moved successfully.
C:\Windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35 folder moved successfully.
C:\Windows\assembly\GAC\dao folder moved successfully.
C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a folder moved successfully.
C:\Windows\assembly\GAC\ADODB folder moved successfully.
Folder move failed. C:\Windows\assembly\GAC scheduled to be moved on reboot.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32\\ deleted successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: %username%
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYJAVA]
 
User: %username%
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: UpdatusUser
 
Total Java Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04222013_213730

Files\Folders moved on Reboot...
Folder move failed. C:\Windows\assembly\GAC scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




aswMBR log:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-22 21:44:49
-----------------------------
21:44:49.546    OS Version: Windows 6.1.7600 
21:44:49.546    Number of processors: 2 586 0x1706
21:44:49.546    ComputerName: HEAVENH-B8RJ5SH  UserName: Administrator
21:44:51.730    Initialize success
21:44:51.793    AVAST engine defs: 13020200
21:45:06.660    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
21:45:06.660    Disk 0 Vendor: WDC_WD5000AAKS-55A7B0 01.03B01 Size: 476940MB BusType: 3
21:45:06.660    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-6
21:45:06.675    Disk 1 Vendor: ST2000DL003-9VT166 CC32 Size: 1907729MB BusType: 3
21:45:06.816    Disk 0 MBR read successfully
21:45:06.816    Disk 0 MBR scan
21:45:07.315    Disk 0 Windows 7 default MBR code
21:45:07.346    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        81920 MB offset 2048
21:45:07.689    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       395018 MB offset 167774208
21:45:07.767    Disk 0 scanning sectors +976771072
21:45:08.485    Disk 0 scanning C:\Windows\system32\drivers
21:45:26.097    Service scanning
21:45:47.298    Modules scanning
21:46:22.070    AVAST engine scan C:\Windows
21:46:26.438    AVAST engine scan C:\Windows\system32
21:48:07.604    File: C:\Windows\assembly\GAC\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
21:48:54.841    AVAST engine scan C:\Windows\system32\drivers
21:49:15.496    AVAST engine scan C:\Users\Administrator
22:09:52.235    AVAST engine scan C:\ProgramData
22:36:51.705    Scan finished successfully
06:34:21.240    Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
06:34:21.256    The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"




Combofix log:

ComboFix 13-04-23.02 - Administrator 2013/04/23   8:30.7.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.3327.1943 [GMT -3:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC\Desktop.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-23 to 2013-04-23  )))))))))))))))))))))))))))))))
.
.
2013-04-23 11:43 . 2013-04-23 11:50	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2013-04-23 11:43 . 2013-04-23 11:43	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-04-23 11:43 . 2013-04-23 11:43	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-04-23 11:43 . 2013-04-23 11:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-19 00:23 . 2013-04-19 00:23	--------	d-----w-	c:\programdata\Steam
2013-04-18 01:42 . 2013-04-18 01:42	--------	d-----w-	c:\users\Administrator\AppData\Roaming\QuickScan
2013-04-17 13:51 . 2013-04-17 13:51	--------	d-----w-	c:\users\Administrator\AppData\Local\Ares
2013-04-17 13:00 . 2013-04-17 13:00	--------	d-----w-	c:\program files\ESET
2013-04-10 16:23 . 2013-04-04 17:50	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-04-10 16:23 . 2013-04-10 16:23	--------	d-----w-	c:\users\Administrator\AppData\Local\Programs
2013-03-30 17:08 . 2013-03-30 17:08	--------	d-----w-	C:\_OTL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-19 23:37 . 2012-02-22 15:22	866720	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-04-19 23:37 . 2010-12-23 15:15	788896	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-26 23:01 . 2011-05-19 00:51	602112	----a-w-	C:\OTL.exe
2009-11-20 00:08 . 2009-11-20 00:08	3749224	----a-w-	c:\program files\Common Files\adlmint_libFNP.dll
2009-11-20 00:08 . 2009-11-20 00:08	2941288	----a-w-	c:\program files\Common Files\adlmint.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50	121528	----a-w-	d:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
@="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
[HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
2012-06-06 16:32	1899144	----a-w-	g:\udk\Perforce\p4exp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
@="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
[HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
2012-06-06 16:32	1899144	----a-w-	g:\udk\Perforce\p4exp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
@="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
[HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
2012-06-06 16:32	1899144	----a-w-	g:\udk\Perforce\p4exp.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files\Steam\steam.exe" [2013-03-29 1631144]
"NVIDIA nTune"="g:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-08-18 106496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]
"LogMeIn GUI"="d:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-06-08 63048]
"V0510Mon.exe"="c:\windows\V0510Mon.exe" [2007-12-07 32768]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"avast"="d:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-12-13 11487848]
"TortoiseHgOverlayIconServer"="g:\program files\TortoiseHg\TortoiseHgOverlayServer.exe" [2012-07-03 47880]
"LogMeIn Hamachi Ui"="d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{73526E5A-FD53-4BE7-B5E2-D3C89D7413DC}"= "c:\windows\System32\Branding\folderbg\VistaFolderBackground.dll" [2008-04-05 90112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi8"=mapledxp.dll
.
[HKLM\~\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
2011-10-23 20:07	1044992	----a-w-	g:\program files\FileZilla Server\FileZilla Server Interface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-07-01 17:44	3077528	----a-w-	c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2010-02-03 10:40	394984	----a-w-	d:\program files\Sandboxie\SbieCtrl.exe
.
R2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
R2 gupdate1c9e9c75b191954;Google Update Service (gupdate1c9e9c75b191954);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 BEService;BattlEye Service;c:\program files\Common Files\BattlEye\BEService.exe [x]
R3 CFcatchme;CFcatchme;c:\users\ADMINI~1\AppData\Local\Temp\CFcatchme.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 ioatdma;Intel(R) QuickData Technology device;c:\windows\System32\Drivers\qd26032.sys [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd16032.sys [x]
R3 iSSetup;iSSetup;c:\windows\system32\DRIVERS\iSSetup.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [x]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [x]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [x]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [x]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TunngleService;TunngleService;g:\program files\Tunngle\TnglCtrl.exe [x]
R3 V0510Dev;Rocketfish Webcam VF0510 Driver;c:\windows\system32\DRIVERS\V0510Vid.sys [x]
R3 V0510Vfx;Rocketfish Webcam VF0510 Video VFX Driver;c:\windows\system32\DRIVERS\V0510Vfx.sys [x]
R3 vm3dmp;vm3dmp;c:\windows\system32\DRIVERS\vm3dmp.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\DRIVERS\vmmouse.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva380;XDva380;c:\windows\system32\XDva380.sys [x]
R4 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mapledxp;mapledxp;c:\windows\System32\drivers\mapledxp.SYS [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;d:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files\LogMeIn\x86\RaInfo.sys [x]
S2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 12:31]
.
2013-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cbc.ca/news
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 24.222.0.94 24.222.0.95
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyb1rxtj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cbc.ca/news
FF - ExtSQL: 2013-03-10 14:04; {30E08C68-889E-11E0-95EF-DA7E4824019B}; c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyb1rxtj.default\extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Akamai NetSession Interface - c:\users\Administrator\AppData\Local\Akamai\netsession_win.exe
HKCU-Run-ares - d:\program files\Ares\Ares.exe
.
.
"ImagePath"="System32\DRIVERS\fvevol.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\G:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\G:/UDK/Perforce/P4VResources/p4ob.exe]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1*]
"value"="?\08\05\05\03 $W"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3192)
d:\program files\Xfire\xfire_toucan_45547.dll
g:\program files\TortoiseHg\ThgShellx86.dll
c:\windows\System32\Branding\folderbg\VistaFolderBackground.dll
d:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
d:\program files\AVAST Software\Avast\AvastSvc.exe
d:\program files\LogMeIn\x86\RaMaint.exe
d:\program files\LogMeIn\x86\LogMeIn.exe
g:\program files\Alias\Maya7.0\docs\wrapper.exe
g:\program files\NVIDIA Corporation\nTune\nTuneService.exe
g:\program files\Alias\Maya7.0\docs\jre\bin\java.exe
c:\windows\system32\conhost.exe
d:\program files\Sandboxie\SbieSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
d:\program files\MagicDisc\MagicDisc.exe
d:\program files\Xfire\Xfire.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2013-04-23  08:56:44 - machine was rebooted
ComboFix-quarantined-files.txt  2013-04-23 11:56
ComboFix2.txt  2013-04-13 22:24
ComboFix3.txt  2013-04-09 22:02
.
Pre-Run: 16,073,625,600 bytes free
Post-Run: 17,511,030,784 bytes free
.
- - End Of File - - CDFE282D2208F758EB36256F156542AF




TDSSKiller log:

19:08:23.0189 4644  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:08:23.0625 4644  ============================================================
19:08:23.0625 4644  Current date / time: 2013/04/23 19:08:23.0625
19:08:23.0625 4644  SystemInfo:
19:08:23.0625 4644  
19:08:23.0625 4644  OS Version: 6.1.7600 ServicePack: 0.0
19:08:23.0625 4644  Product type: Workstation
19:08:23.0626 4644  ComputerName: HEAVENH-B8RJ5SH
19:08:23.0626 4644  UserName: Administrator
19:08:23.0626 4644  Windows directory: C:\Windows
19:08:23.0626 4644  System windows directory: C:\Windows
19:08:23.0626 4644  Processor architecture: Intel x86
19:08:23.0626 4644  Number of processors: 2
19:08:23.0626 4644  Page size: 0x1000
19:08:23.0626 4644  Boot type: Normal boot
19:08:23.0626 4644  ============================================================
19:08:24.0024 4644  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:08:24.0049 4644  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:08:24.0054 4644  ============================================================
19:08:24.0054 4644  \Device\Harddisk0\DR0:
19:08:24.0054 4644  MBR partitions:
19:08:24.0054 4644  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xA000000
19:08:24.0054 4644  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA000800, BlocksNum 0x30385000
19:08:24.0054 4644  \Device\Harddisk1\DR1:
19:08:24.0054 4644  MBR partitions:
19:08:24.0054 4644  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
19:08:24.0054 4644  ============================================================
19:08:24.0094 4644  C: <-> \Device\Harddisk0\DR0\Partition1
19:08:24.0150 4644  D: <-> \Device\Harddisk0\DR0\Partition2
19:08:24.0197 4644  G: <-> \Device\Harddisk1\DR1\Partition1
19:08:24.0197 4644  ============================================================
19:08:24.0197 4644  Initialize success
19:08:24.0197 4644  ============================================================
19:08:59.0314 3204  ============================================================
19:08:59.0314 3204  Scan started
19:08:59.0314 3204  Mode: Manual; SigCheck; TDLFS; 
19:08:59.0314 3204  ============================================================
19:08:59.0745 3204  ================ Scan system memory ========================
19:08:59.0745 3204  System memory - ok
19:08:59.0746 3204  ================ Scan services =============================
19:08:59.0876 3204  [ BF02F806C873ABB04B197161E8E5A316 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:08:59.0987 3204  1394ohci - ok
19:09:00.0032 3204  [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:09:00.0044 3204  ACPI - ok
19:09:00.0066 3204  [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:09:00.0116 3204  AcpiPmi - ok
19:09:00.0163 3204  adfs - ok
19:09:00.0205 3204  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:09:00.0220 3204  adp94xx - ok
19:09:00.0228 3204  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:09:00.0242 3204  adpahci - ok
19:09:00.0276 3204  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:09:00.0287 3204  adpu320 - ok
19:09:00.0335 3204  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:09:00.0425 3204  AeLookupSvc - ok
19:09:00.0498 3204  [ DDC040FDB01EF1712A6B13E52AFB104C ] AFD             C:\Windows\system32\drivers\afd.sys
19:09:00.0590 3204  AFD - ok
19:09:00.0595 3204  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
19:09:00.0604 3204  agp440 - ok
19:09:00.0655 3204  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
19:09:00.0664 3204  aic78xx - ok
19:09:00.0691 3204  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
19:09:00.0737 3204  ALG - ok
19:09:00.0742 3204  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:09:00.0750 3204  aliide - ok
19:09:00.0755 3204  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
19:09:00.0765 3204  amdagp - ok
19:09:00.0770 3204  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:09:00.0778 3204  amdide - ok
19:09:00.0783 3204  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:09:00.0824 3204  AmdK8 - ok
19:09:00.0829 3204  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:09:00.0859 3204  AmdPPM - ok
19:09:00.0864 3204  [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:09:00.0874 3204  amdsata - ok
19:09:00.0893 3204  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:09:00.0904 3204  amdsbs - ok
19:09:00.0918 3204  [ B81C2B5616F6420A9941EA093A92B150 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:09:00.0926 3204  amdxata - ok
19:09:00.0972 3204  [ D2BF422C2611632AFB9CE8F7B2A8C306 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
19:09:00.0993 3204  AmUStor ( UnsignedFile.Multi.Generic ) - warning
19:09:00.0993 3204  AmUStor - detected UnsignedFile.Multi.Generic (1)
19:09:01.0008 3204  [ FEB834C02CE1E84B6A38F953CA067706 ] AppID           C:\Windows\system32\drivers\appid.sys
19:09:01.0064 3204  AppID - ok
19:09:01.0104 3204  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:09:01.0150 3204  AppIDSvc - ok
19:09:01.0165 3204  [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo         C:\Windows\System32\appinfo.dll
19:09:01.0201 3204  Appinfo - ok
19:09:01.0223 3204  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:09:01.0246 3204  AppMgmt - ok
19:09:01.0251 3204  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys
19:09:01.0261 3204  arc - ok
19:09:01.0266 3204  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:09:01.0277 3204  arcsas - ok
19:09:01.0371 3204  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:09:01.0409 3204  aspnet_state - ok
19:09:01.0481 3204  [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
19:09:01.0510 3204  aswFsBlk - ok
19:09:01.0552 3204  [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
19:09:01.0559 3204  aswMonFlt - ok
19:09:01.0600 3204  [ 81F638A2DD94ABBF0B43880AB38D8DBD ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
19:09:01.0608 3204  aswRdr - ok
19:09:01.0628 3204  [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
19:09:01.0657 3204  aswSnx - ok
19:09:01.0672 3204  [ 67B558895695545FB0568B7541F3BCA7 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
19:09:01.0685 3204  aswSP - ok
19:09:01.0690 3204  [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
19:09:01.0698 3204  aswTdi - ok
19:09:01.0709 3204  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:09:01.0747 3204  AsyncMac - ok
19:09:01.0763 3204  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
19:09:01.0771 3204  atapi - ok
19:09:01.0814 3204  [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:09:01.0872 3204  AudioEndpointBuilder - ok
19:09:01.0880 3204  [ 510C873BFA135AA829F4180352772734 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:09:01.0907 3204  Audiosrv - ok
19:09:02.0008 3204  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus D:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:09:02.0016 3204  avast! Antivirus - ok
19:09:02.0045 3204  [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:09:02.0108 3204  AxInstSV - ok
19:09:02.0146 3204  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
19:09:02.0197 3204  b06bdrv - ok
19:09:02.0220 3204  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
19:09:02.0252 3204  b57nd60x - ok
19:09:02.0273 3204  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:09:02.0314 3204  BDESVC - ok
19:09:02.0322 3204  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:09:02.0346 3204  Beep - ok
19:09:02.0496 3204  [ 06C1E887BF34C0E31EB8E2C999E4842F ] BEService       C:\Program Files\Common Files\BattlEye\BEService.exe
19:09:02.0513 3204  BEService ( UnsignedFile.Multi.Generic ) - warning
19:09:02.0513 3204  BEService - detected UnsignedFile.Multi.Generic (1)
19:09:02.0550 3204  [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE             C:\Windows\System32\bfe.dll
19:09:02.0615 3204  BFE - ok
19:09:02.0703 3204  [ 53F476476F55A27F580661BDE09C4EC4 ] BITS            C:\Windows\system32\qmgr.dll
19:09:02.0773 3204  BITS - ok
19:09:02.0802 3204  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:09:02.0828 3204  blbdrive - ok
19:09:02.0896 3204  [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:09:02.0921 3204  Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
19:09:02.0921 3204  Bonjour Service - detected UnsignedFile.Multi.Generic (1)
19:09:02.0939 3204  [ FCAFAEF6798D7B51FF029F99A9898961 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:09:02.0963 3204  bowser - ok
19:09:02.0977 3204  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:09:03.0008 3204  BrFiltLo - ok
19:09:03.0012 3204  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:09:03.0030 3204  BrFiltUp - ok
19:09:03.0049 3204  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
19:09:03.0088 3204  BridgeMP - ok
19:09:03.0116 3204  [ 598E1280E7FF3744F4B8329366CC5635 ] Browser         C:\Windows\System32\browser.dll
19:09:03.0141 3204  Browser - ok
19:09:03.0166 3204  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:09:03.0198 3204  Brserid - ok
19:09:03.0203 3204  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:09:03.0229 3204  BrSerWdm - ok
19:09:03.0233 3204  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:09:03.0255 3204  BrUsbMdm - ok
19:09:03.0260 3204  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:09:03.0272 3204  BrUsbSer - ok
19:09:03.0278 3204  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:09:03.0305 3204  BTHMODEM - ok
19:09:03.0335 3204  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
19:09:03.0376 3204  bthserv - ok
19:09:03.0516 3204  catchme - ok
19:09:03.0541 3204  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:09:03.0578 3204  cdfs - ok
19:09:03.0602 3204  [ 656D1EC977E3C5316A62DBBE52CB9663 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:09:03.0644 3204  cdrom - ok
19:09:03.0683 3204  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:09:03.0722 3204  CertPropSvc - ok
19:09:03.0750 3204  CFcatchme - ok
19:09:03.0772 3204  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys
19:09:03.0785 3204  circlass - ok
19:09:03.0805 3204  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
19:09:03.0818 3204  CLFS - ok
19:09:03.0886 3204  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:09:03.0895 3204  clr_optimization_v2.0.50727_32 - ok
19:09:03.0938 3204  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:09:03.0947 3204  clr_optimization_v4.0.30319_32 - ok
19:09:03.0951 3204  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
19:09:03.0979 3204  CmBatt - ok
19:09:03.0984 3204  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:09:03.0992 3204  cmdide - ok
19:09:04.0019 3204  [ 1B675691ED940766149C93E8F4488D68 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:09:04.0047 3204  CNG - ok
19:09:04.0058 3204  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:09:04.0066 3204  Compbatt - ok
19:09:04.0085 3204  [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:09:04.0098 3204  CompositeBus - ok
19:09:04.0102 3204  COMSysApp - ok
19:09:04.0142 3204  [ C2EB4539A4F6AB6EDD01BDC191619975 ] cpuz135         C:\Windows\system32\drivers\cpuz135_x32.sys
19:09:04.0149 3204  cpuz135 - ok
19:09:04.0162 3204  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:09:04.0171 3204  crcdisk - ok
19:09:04.0220 3204  [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:09:04.0267 3204  CryptSvc - ok
19:09:04.0294 3204  [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC             C:\Windows\system32\drivers\csc.sys
19:09:04.0335 3204  CSC - ok
19:09:04.0363 3204  [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService      C:\Windows\System32\cscsvc.dll
19:09:04.0475 3204  CscService - ok
19:09:04.0519 3204  [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:09:04.0593 3204  DcomLaunch - ok
19:09:04.0635 3204  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:09:04.0675 3204  defragsvc - ok
19:09:04.0695 3204  [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:09:04.0732 3204  DfsC - ok
19:09:04.0771 3204  [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:09:04.0819 3204  Dhcp - ok
19:09:04.0834 3204  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
19:09:04.0873 3204  discache - ok
19:09:04.0906 3204  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:09:04.0915 3204  Disk - ok
19:09:04.0947 3204  [ D0722E963D3C6145446874241401B209 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:09:04.0993 3204  Dnscache - ok
19:09:05.0016 3204  [ A8E0833D994D84936FA72EE1BEF4774F ] dot3svc         C:\Windows\System32\dot3svc.dll
19:09:05.0035 3204  dot3svc - ok
19:09:05.0050 3204  [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS             C:\Windows\system32\dps.dll
19:09:05.0092 3204  DPS - ok
19:09:05.0122 3204  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:09:05.0146 3204  drmkaud - ok
19:09:05.0195 3204  [ 70A6158C26386636675584D9205313A1 ] DS1410D         C:\Windows\system32\drivers\ds1410d.sys
19:09:05.0195 3204  Suspicious file (Forged): C:\Windows\system32\drivers\ds1410d.sys. Real md5: 70A6158C26386636675584D9205313A1, Fake md5: 90925A49F08443B17E62B41D13254EE7
19:09:05.0196 3204  DS1410D ( ForgedFile.Multi.Generic ) - warning
19:09:05.0196 3204  DS1410D - detected ForgedFile.Multi.Generic (1)
19:09:05.0239 3204  [ C94B6C3CC628179CB9B9061C19888B99 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:09:05.0270 3204  DXGKrnl - ok
19:09:05.0284 3204  [ 22EF8965101685ADD128F03A2B03CE16 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
19:09:05.0308 3204  E1G60 - ok
19:09:05.0312 3204  EagleNT - ok
19:09:05.0338 3204  EagleXNt - ok
19:09:05.0373 3204  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
19:09:05.0453 3204  EapHost - ok
19:09:05.0527 3204  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
19:09:05.0620 3204  ebdrv - ok
19:09:05.0650 3204  [ F42309C4191C506B71DB5D1126D26318 ] EFS             C:\Windows\System32\lsass.exe
19:09:05.0668 3204  EFS - ok
19:09:05.0687 3204  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:09:05.0703 3204  elxstor - ok
19:09:05.0724 3204  epfwwfp - ok
19:09:05.0730 3204  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:09:05.0755 3204  ErrDev - ok
19:09:05.0781 3204  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
19:09:05.0810 3204  EventSystem - ok
19:09:05.0816 3204  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
19:09:05.0841 3204  exfat - ok
19:09:05.0855 3204  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:09:05.0892 3204  fastfat - ok
19:09:05.0935 3204  [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax             C:\Windows\system32\fxssvc.exe
19:09:05.0986 3204  Fax - ok
19:09:05.0990 3204  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:09:06.0019 3204  fdc - ok
19:09:06.0046 3204  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
19:09:06.0084 3204  fdPHost - ok
19:09:06.0098 3204  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
19:09:06.0140 3204  FDResPub - ok
19:09:06.0155 3204  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:09:06.0164 3204  FileInfo - ok
19:09:06.0177 3204  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:09:06.0211 3204  Filetrace - ok
19:09:06.0355 3204  [ C623057D3905323F760A8B3C8523C072 ] FileZilla Server G:\Program Files\FileZilla Server\FileZilla Server.exe
19:09:06.0393 3204  FileZilla Server ( UnsignedFile.Multi.Generic ) - warning
19:09:06.0393 3204  FileZilla Server - detected UnsignedFile.Multi.Generic (1)
19:09:06.0474 3204  [ D60EF46DC0E757FE5EB579DB95B88954 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:09:06.0504 3204  FLEXnet Licensing Service - ok
19:09:06.0509 3204  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:09:06.0538 3204  flpydisk - ok
19:09:06.0565 3204  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:09:06.0577 3204  FltMgr - ok
19:09:06.0623 3204  [ 151258FC2EC8C48BDF8A53350AE0A676 ] FontCache       C:\Windows\system32\FntCache.dll
19:09:06.0665 3204  FontCache - ok
19:09:06.0743 3204  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:09:06.0750 3204  FontCache3.0.0.0 - ok
19:09:06.0765 3204  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:09:06.0774 3204  FsDepends - ok
19:09:06.0778 3204  [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:09:06.0787 3204  Fs_Rec - ok
19:09:06.0849 3204  [ 8142D5D886829B9876CB93AF59475C09 ] FTDIBUS         C:\Windows\system32\drivers\ftdibus.sys
19:09:06.0855 3204  FTDIBUS - ok
19:09:06.0889 3204  [ 63D72A4CF9F163B59DB0CEED940A7D76 ] FTSER2K         C:\Windows\system32\drivers\ftser2k.sys
19:09:06.0895 3204  FTSER2K - ok
19:09:06.0918 3204  [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:09:06.0930 3204  fvevol - ok
19:09:06.0996 3204  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:09:07.0005 3204  gagp30kx - ok
19:09:07.0057 3204  [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc           C:\Windows\System32\gpsvc.dll
19:09:07.0120 3204  gpsvc - ok
19:09:07.0239 3204  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9e9c75b191954 C:\Program Files\Google\Update\GoogleUpdate.exe
19:09:07.0246 3204  gupdate1c9e9c75b191954 - ok
19:09:07.0264 3204  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
19:09:07.0270 3204  gupdatem - ok
19:09:07.0306 3204  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
19:09:07.0313 3204  hamachi - ok
19:09:07.0462 3204  [ 616399E27A55C97AE859230EB13984D8 ] Hamachi2Svc     D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
19:09:07.0513 3204  Hamachi2Svc - ok
19:09:07.0578 3204  [ D95554949082FD29A04D351B58396718 ] hardlock        C:\Windows\system32\drivers\hardlock.sys
19:09:07.0621 3204  hardlock - ok
19:09:07.0665 3204  [ 2DD25F060DC9F79B5CDF33D90ED93669 ] Haspnt          C:\Windows\system32\drivers\Haspnt.sys
19:09:07.0670 3204  Haspnt ( UnsignedFile.Multi.Generic ) - warning
19:09:07.0670 3204  Haspnt - detected UnsignedFile.Multi.Generic (1)
19:09:07.0704 3204  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:09:07.0725 3204  hcw85cir - ok
19:09:07.0749 3204  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:09:07.0781 3204  HdAudAddService - ok
19:09:07.0808 3204  [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:09:07.0833 3204  HDAudBus - ok
19:09:07.0837 3204  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:09:07.0856 3204  HidBatt - ok
19:09:07.0861 3204  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:09:07.0925 3204  HidBth - ok
19:09:07.0942 3204  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:09:07.0966 3204  HidIr - ok
19:09:07.0986 3204  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
19:09:08.0024 3204  hidserv - ok
19:09:08.0044 3204  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:09:08.0090 3204  HidUsb - ok
19:09:08.0125 3204  [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:09:08.0165 3204  hkmsvc - ok
19:09:08.0182 3204  [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:09:08.0225 3204  HomeGroupListener - ok
19:09:08.0265 3204  [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:09:08.0282 3204  HomeGroupProvider - ok
19:09:08.0292 3204  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:09:08.0302 3204  HpSAMD - ok
19:09:08.0323 3204  [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:09:08.0374 3204  HTTP - ok
19:09:08.0416 3204  [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:09:08.0425 3204  hwpolicy - ok
19:09:08.0450 3204  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:09:08.0474 3204  i8042prt - ok
19:09:08.0496 3204  [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:09:08.0510 3204  iaStorV - ok
19:09:08.0589 3204  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:09:08.0596 3204  IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:09:08.0596 3204  IDriverT - detected UnsignedFile.Multi.Generic (1)
19:09:08.0668 3204  [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:09:08.0697 3204  idsvc - ok
19:09:08.0702 3204  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:09:08.0711 3204  iirsp - ok
19:09:08.0753 3204  [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:09:08.0796 3204  IKEEXT - ok
19:09:08.0899 3204  [ 0DBEF9CD5A2CD71240DD5AFCEE56D073 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:09:09.0004 3204  IntcAzAudAddService - ok
19:09:09.0017 3204  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:09:09.0026 3204  intelide - ok
19:09:09.0040 3204  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:09:09.0064 3204  intelppm - ok
19:09:09.0094 3204  [ E2C2CE489356943C1922B8353DCDAD05 ] ioatdma         C:\Windows\System32\Drivers\qd26032.sys
19:09:09.0101 3204  ioatdma - ok
19:09:09.0139 3204  [ C4317DA9066EF0678DB2B68492523B38 ] ioatdma1        C:\Windows\System32\Drivers\qd16032.sys
19:09:09.0145 3204  ioatdma1 - ok
19:09:09.0163 3204  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:09:09.0205 3204  IPBusEnum - ok
19:09:09.0220 3204  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:09:09.0244 3204  IpFilterDriver - ok
19:09:09.0277 3204  [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:09:09.0332 3204  iphlpsvc - ok
19:09:09.0337 3204  [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:09:09.0354 3204  IPMIDRV - ok
19:09:09.0360 3204  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:09:09.0420 3204  IPNAT - ok
19:09:09.0452 3204  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:09:09.0481 3204  IRENUM - ok
19:09:09.0485 3204  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:09:09.0494 3204  isapnp - ok
19:09:09.0522 3204  [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:09:09.0534 3204  iScsiPrt - ok
19:09:09.0573 3204  [ 2247354A4D999C9CBB4D61B2A27576B9 ] iSSetup         C:\Windows\system32\DRIVERS\iSSetup.sys
19:09:09.0615 3204  iSSetup - ok
19:09:09.0642 3204  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:09:09.0651 3204  kbdclass - ok
19:09:09.0676 3204  [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:09:09.0702 3204  kbdhid - ok
19:09:09.0725 3204  [ F42309C4191C506B71DB5D1126D26318 ] KeyIso          C:\Windows\system32\lsass.exe
19:09:09.0738 3204  KeyIso - ok
19:09:09.0746 3204  [ E36A061EC11B373826905B21BE10948F ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:09:09.0755 3204  KSecDD - ok
19:09:09.0787 3204  [ C1F278A8151CACEB89BADAF336E37740 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:09:09.0797 3204  KSecPkg - ok
19:09:09.0830 3204  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:09:09.0879 3204  KtmRm - ok
19:09:09.0907 3204  [ 8C804B1FFAD1EFA952B747E8285C3B76 ] L1E             C:\Windows\system32\DRIVERS\L1E62x86.sys
19:09:09.0933 3204  L1E - ok
19:09:09.0981 3204  [ BCA92CB047A4326925ECEF759DBAA233 ] LanmanServer    C:\Windows\System32\srvsvc.dll
19:09:10.0028 3204  LanmanServer - ok
19:09:10.0049 3204  [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:09:10.0079 3204  LanmanWorkstation - ok
19:09:10.0093 3204  LBTServ - ok
19:09:10.0127 3204  [ 170E7093A77AD586F3A012A3DB651D94 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
19:09:10.0134 3204  LGBusEnum - ok
19:09:10.0167 3204  [ D2DD04D1C8DF65EECD1F2C7FB947D43E ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
19:09:10.0173 3204  LGVirHid - ok
19:09:10.0210 3204  [ B68309F25C5787385DA842EB5B496958 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:09:10.0217 3204  LHidFilt - ok
19:09:10.0228 3204  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:09:10.0269 3204  lltdio - ok
19:09:10.0306 3204  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:09:10.0349 3204  lltdsvc - ok
19:09:10.0370 3204  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:09:10.0493 3204  lmhosts - ok
19:09:10.0630 3204  [ 3D67740573A70C6C9B1614982CFAC4C5 ] LMIGuardianSvc  D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
19:09:10.0640 3204  LMIGuardianSvc - ok
19:09:10.0706 3204  [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo         D:\Program Files\LogMeIn\x86\RaInfo.sys
19:09:10.0711 3204  LMIInfo - ok
19:09:10.0755 3204  [ D95F3217C9DFA24ECA582ED8E435E221 ] LMIMaint        D:\Program Files\LogMeIn\x86\RaMaint.exe
19:09:10.0762 3204  LMIMaint - ok
19:09:10.0800 3204  [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
19:09:10.0806 3204  lmimirr - ok
19:09:10.0834 3204  LMIRfsClientNP - ok
19:09:10.0877 3204  [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
19:09:10.0882 3204  LMIRfsDriver - ok
19:09:10.0895 3204  [ 63D3B1D3CD267FCC186A0146B80D453B ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:09:10.0901 3204  LMouFilt - ok
19:09:10.0965 3204  [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn         D:\Program Files\LogMeIn\x86\LogMeIn.exe
19:09:10.0977 3204  LogMeIn - ok
19:09:11.0057 3204  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:09:11.0067 3204  LSI_FC - ok
19:09:11.0093 3204  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:09:11.0103 3204  LSI_SAS - ok
19:09:11.0109 3204  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:09:11.0118 3204  LSI_SAS2 - ok
19:09:11.0123 3204  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:09:11.0134 3204  LSI_SCSI - ok
19:09:11.0167 3204  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
19:09:11.0206 3204  luafv - ok
19:09:11.0237 3204  [ 0C62957912D4DF1E4BA9795E6BE3ED38 ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
19:09:11.0243 3204  LUsbFilt - ok
19:09:11.0275 3204  [ 71FB2C9D23E62D42F7A8AF56E5DD8414 ] mapledxp        C:\Windows\System32\drivers\mapledxp.SYS
19:09:11.0295 3204  mapledxp ( UnsignedFile.Multi.Generic ) - warning
19:09:11.0295 3204  mapledxp - detected UnsignedFile.Multi.Generic (1)
19:09:11.0416 3204  [ C049EF30ACE3E2BEEBC41E37FE4BB2A1 ] maya70docserver G:\Program Files\Alias\Maya7.0\docs\wrapper.exe
19:09:11.0438 3204  maya70docserver ( UnsignedFile.Multi.Generic ) - warning
19:09:11.0438 3204  maya70docserver - detected UnsignedFile.Multi.Generic (1)
19:09:11.0469 3204  [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus          C:\Windows\system32\DRIVERS\mcdbus.sys
19:09:11.0488 3204  mcdbus ( UnsignedFile.Multi.Generic ) - warning
19:09:11.0488 3204  mcdbus - detected UnsignedFile.Multi.Generic (1)
19:09:11.0493 3204  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:09:11.0502 3204  megasas - ok
19:09:11.0521 3204  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:09:11.0533 3204  MegaSR - ok
19:09:11.0642 3204  [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2010_32 C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
19:09:11.0657 3204  mi-raysat_3dsmax2010_32 ( UnsignedFile.Multi.Generic ) - warning
19:09:11.0657 3204  mi-raysat_3dsmax2010_32 - detected UnsignedFile.Multi.Generic (1)
19:09:11.0741 3204  [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
19:09:11.0750 3204  Microsoft Office Groove Audit Service - ok
19:09:11.0776 3204  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
19:09:11.0816 3204  MMCSS - ok
19:09:11.0821 3204  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
19:09:11.0845 3204  Modem - ok
19:09:11.0875 3204  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:09:11.0899 3204  monitor - ok
19:09:11.0922 3204  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:09:11.0931 3204  mouclass - ok
19:09:11.0943 3204  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:09:11.0967 3204  mouhid - ok
19:09:11.0985 3204  [ 921C18727C5920D6C0300736646931C2 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:09:11.0994 3204  mountmgr - ok
19:09:12.0066 3204  [ 6380FF81DD4D78B23398752D2F46EA43 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:09:12.0075 3204  MozillaMaintenance - ok
19:09:12.0088 3204  [ 2AF5997438C55FB79D33D015C30E1974 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:09:12.0099 3204  mpio - ok
19:09:12.0110 3204  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:09:12.0144 3204  mpsdrv - ok
19:09:12.0184 3204  [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:09:12.0227 3204  MpsSvc - ok
19:09:12.0236 3204  [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:09:12.0251 3204  MRxDAV - ok
19:09:12.0281 3204  [ 9E5DD4EF01AED723ABF5342EF23FF012 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:09:12.0324 3204  mrxsmb - ok
19:09:12.0343 3204  [ 6532ACBF612A8D340EF9E25E4FEF21EE ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:09:12.0373 3204  mrxsmb10 - ok
19:09:12.0410 3204  [ 24D76ABE5DCAD22F19D105F76FDF0CE1 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:09:12.0464 3204  mrxsmb20 - ok
19:09:12.0469 3204  [ BB14A640E7F234F260D1AA19A60CF960 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:09:12.0478 3204  msahci - ok
19:09:12.0483 3204  [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:09:12.0494 3204  msdsm - ok
19:09:12.0510 3204  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
19:09:12.0542 3204  MSDTC - ok
19:09:12.0575 3204  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:09:12.0600 3204  Msfs - ok
19:09:12.0607 3204  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:09:12.0645 3204  mshidkmdf - ok
19:09:12.0668 3204  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:09:12.0677 3204  msisadrv - ok
19:09:12.0704 3204  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:09:12.0733 3204  MSiSCSI - ok
19:09:12.0738 3204  msiserver - ok
19:09:12.0766 3204  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:09:12.0869 3204  MSKSSRV - ok
19:09:12.0890 3204  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:09:12.0931 3204  MSPCLOCK - ok
19:09:12.0952 3204  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:09:12.0994 3204  MSPQM - ok
19:09:13.0009 3204  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:09:13.0021 3204  MsRPC - ok
19:09:13.0041 3204  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:09:13.0050 3204  mssmbios - ok
19:09:13.0142 3204  MSSQL$SQLEXPRESS - ok
19:09:13.0265 3204  [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
19:09:13.0272 3204  MSSQLServerADHelper100 - ok
19:09:13.0277 3204  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:09:13.0301 3204  MSTEE - ok
19:09:13.0320 3204  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:09:13.0350 3204  MTConfig - ok
19:09:13.0435 3204  [ DCDAAB8697A47894A554050CE18D0B56 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
19:09:13.0486 3204  MTsensor - ok
19:09:13.0498 3204  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:09:13.0507 3204  Mup - ok
19:09:13.0558 3204  [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent        C:\Windows\system32\qagentRT.dll
19:09:13.0628 3204  napagent - ok
19:09:13.0663 3204  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:09:13.0698 3204  NativeWifiP - ok
19:09:13.0744 3204  [ 779E9149D3662ED6BEB58A67E3C775F4 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:09:13.0774 3204  NDIS - ok
19:09:13.0821 3204  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:09:13.0859 3204  NdisCap - ok
19:09:13.0889 3204  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:09:13.0913 3204  NdisTapi - ok
19:09:13.0954 3204  [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:09:13.0979 3204  Ndisuio - ok
19:09:14.0009 3204  [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:09:14.0052 3204  NdisWan - ok
19:09:14.0076 3204  [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:09:14.0099 3204  NDProxy - ok
19:09:14.0113 3204  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:09:14.0137 3204  NetBIOS - ok
19:09:14.0147 3204  [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:09:14.0189 3204  NetBT - ok
19:09:14.0208 3204  [ F42309C4191C506B71DB5D1126D26318 ] Netlogon        C:\Windows\system32\lsass.exe
19:09:14.0221 3204  Netlogon - ok
19:09:14.0263 3204  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
19:09:14.0320 3204  Netman - ok
19:09:14.0371 3204  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:09:14.0409 3204  NetMsmqActivator - ok
19:09:14.0433 3204  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:09:14.0441 3204  NetPipeActivator - ok
19:09:14.0465 3204  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
19:09:14.0519 3204  netprofm - ok
19:09:14.0524 3204  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:09:14.0532 3204  NetTcpActivator - ok
19:09:14.0536 3204  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:09:14.0544 3204  NetTcpPortSharing - ok
19:09:14.0560 3204  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:09:14.0569 3204  nfrd960 - ok
19:09:14.0581 3204  [ 2226496E34BD40734946A054B1CD657F ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:09:14.0611 3204  NlaSvc - ok
19:09:14.0642 3204  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:09:14.0676 3204  Npfs - ok
19:09:14.0680 3204  npggsvc - ok
19:09:14.0726 3204  [ BBC47A2E02BE7DEAA8ED514AAB4F1FAF ] NPPTNT2         C:\Windows\system32\npptNT2.sys
19:09:14.0749 3204  NPPTNT2 ( UnsignedFile.Multi.Generic ) - warning
19:09:14.0749 3204  NPPTNT2 - detected UnsignedFile.Multi.Generic (1)
19:09:14.0770 3204  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
19:09:14.0796 3204  nsi - ok
19:09:14.0801 3204  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:09:14.0840 3204  nsiproxy - ok
19:09:14.0880 3204  [ 3795DCD21F740EE799FB7223234215AF ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:09:14.0923 3204  Ntfs - ok
19:09:14.0963 3204  nTuneService - ok
19:09:14.0975 3204  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
19:09:14.0999 3204  Null - ok
19:09:15.0196 3204  [ AFB33A823AABC112FC7BD62AFBCDB0CD ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:09:15.0482 3204  nvlddmkm - ok
19:09:15.0525 3204  [ 9CE1B0E5CFA8223CEC3BE1C7616E9F63 ] NVR0Dev         C:\Windows\nvoclock.sys
19:09:15.0546 3204  NVR0Dev ( UnsignedFile.Multi.Generic ) - warning
19:09:15.0547 3204  NVR0Dev - detected UnsignedFile.Multi.Generic (1)
19:09:15.0588 3204  [ A73F918EC995DDDBFB0D0CF1F546089A ] NVR0FLASHDev    C:\Windows\nvflash.sys
19:09:15.0596 3204  NVR0FLASHDev - ok
19:09:15.0622 3204  [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:09:15.0633 3204  nvraid - ok
19:09:15.0643 3204  [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:09:15.0654 3204  nvstor - ok
19:09:15.0693 3204  [ 782945716AD010AC3D41758E8E52C735 ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:09:15.0721 3204  nvsvc - ok
19:09:15.0792 3204  [ A974E5C310B9B00894070CEB055D467F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:09:15.0836 3204  nvUpdatusService - ok
19:09:15.0853 3204  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:09:15.0864 3204  nv_agp - ok
19:09:15.0875 3204  [ 908593EAC1FFE529FE760B0A378B3600 ] O2MDRDR         C:\Windows\system32\DRIVERS\o2media.sys
19:09:15.0903 3204  O2MDRDR - ok
19:09:15.0920 3204  [ E5E4F48A17CDD4683936B06563BA1C51 ] O2SDRDR         C:\Windows\system32\DRIVERS\o2sd.sys
19:09:15.0928 3204  O2SDRDR - ok
19:09:16.0018 3204  [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:09:16.0032 3204  odserv - ok
19:09:16.0087 3204  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:09:16.0134 3204  ohci1394 - ok
19:09:16.0159 3204  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:09:16.0172 3204  ose - ok
19:09:16.0222 3204  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:09:16.0270 3204  p2pimsvc - ok
19:09:16.0320 3204  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:09:16.0349 3204  p2psvc - ok
19:09:16.0501 3204  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\drivers\parport.sys
19:09:16.0541 3204  Parport - ok
19:09:16.0568 3204  [ FF4218952B51DE44FE910953A3E686B9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:09:16.0620 3204  partmgr - ok
19:09:16.0643 3204  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
19:09:16.0693 3204  Parvdm - ok
19:09:16.0723 3204  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:09:16.0742 3204  PcaSvc - ok
19:09:16.0764 3204  [ 80A4748A0304715C29093311795AC448 ] pci             C:\Windows\system32\drivers\pci.sys
19:09:16.0774 3204  pci - ok
19:09:16.0805 3204  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
19:09:16.0813 3204  pciide - ok
19:09:16.0850 3204  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:09:16.0861 3204  pcmcia - ok
19:09:16.0889 3204  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
19:09:16.0898 3204  pcw - ok
19:09:16.0941 3204  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:09:17.0010 3204  PEAUTH - ok
19:09:17.0056 3204  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:09:17.0101 3204  PeerDistSvc - ok
19:09:17.0142 3204  [ 9C1BFF7910C89A1D12E57343475840CB ] pla             C:\Windows\system32\pla.dll
19:09:17.0206 3204  pla - ok
19:09:17.0241 3204  [ 2CC2008F1296968FBA162ED9F9AFE328 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:09:17.0292 3204  PlugPlay - ok
19:09:17.0344 3204  [ 19E83B09AB8EE1D837665DA941E2AC44 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
19:09:17.0354 3204  PnkBstrA - ok
19:09:17.0368 3204  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:09:17.0448 3204  PNRPAutoReg - ok
19:09:17.0472 3204  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:09:17.0488 3204  PNRPsvc - ok
19:09:17.0525 3204  [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:09:17.0571 3204  PolicyAgent - ok
19:09:17.0595 3204  [ DBFF83F709A91049621C1D35DD45C92C ] Power           C:\Windows\system32\umpo.dll
19:09:17.0624 3204  Power - ok
19:09:17.0644 3204  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:09:17.0684 3204  PptpMiniport - ok
19:09:17.0706 3204  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys
19:09:17.0718 3204  Processor - ok
19:09:17.0774 3204  [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc         C:\Windows\system32\profsvc.dll
19:09:17.0820 3204  ProfSvc - ok
19:09:17.0841 3204  [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:09:17.0859 3204  ProtectedStorage - ok
19:09:17.0883 3204  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:09:17.0910 3204  Psched - ok
19:09:17.0964 3204  [ BCF8D075FAD718FEA8EF6E281331A56E ] PStrip          C:\Windows\system32\drivers\pstrip.sys
19:09:17.0971 3204  PStrip - ok
19:09:18.0014 3204  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:09:18.0060 3204  ql2300 - ok
19:09:18.0080 3204  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:09:18.0090 3204  ql40xx - ok
19:09:18.0108 3204  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
19:09:18.0195 3204  QWAVE - ok
19:09:18.0212 3204  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:09:18.0226 3204  QWAVEdrv - ok
19:09:18.0241 3204  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:09:18.0277 3204  RasAcd - ok
19:09:18.0310 3204  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:09:18.0334 3204  RasAgileVpn - ok
19:09:18.0344 3204  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
19:09:18.0372 3204  RasAuto - ok
19:09:18.0439 3204  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:09:18.0473 3204  Rasl2tp - ok
19:09:18.0521 3204  [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan          C:\Windows\System32\rasmans.dll
19:09:18.0576 3204  RasMan - ok
19:09:18.0591 3204  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:09:18.0632 3204  RasPppoe - ok
19:09:18.0652 3204  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:09:18.0697 3204  RasSstp - ok
19:09:18.0723 3204  [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:09:18.0771 3204  rdbss - ok
19:09:18.0798 3204  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:09:18.0813 3204  rdpbus - ok
19:09:18.0829 3204  [ 1E016846895B15A99F9A176A05029075 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:09:18.0854 3204  RDPCDD - ok
19:09:18.0877 3204  [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:09:18.0911 3204  RDPDR - ok
19:09:18.0932 3204  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:09:18.0955 3204  RDPENCDD - ok
19:09:18.0967 3204  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:09:18.0990 3204  RDPREFMP - ok
19:09:19.0010 3204  [ 801371BA9782282892D00AADB08EE367 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:09:19.0049 3204  RDPWD - ok
19:09:19.0068 3204  [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:09:19.0079 3204  rdyboost - ok
19:09:19.0115 3204  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:09:19.0158 3204  RemoteAccess - ok
19:09:19.0190 3204  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:09:19.0219 3204  RemoteRegistry - ok
19:09:19.0248 3204  [ DF672613FBBCD58C38BB0BC2694BCFB0 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
19:09:19.0271 3204  rimmptsk - ok
19:09:19.0287 3204  [ AF213955C4D952C914620E8DB0CD0CF7 ] rimspci         C:\Windows\system32\DRIVERS\rimspe86.sys
19:09:19.0329 3204  rimspci - ok
19:09:19.0344 3204  [ 9BFB54D3559F2FF7301271D29D383564 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
19:09:19.0411 3204  rimsptsk - ok
19:09:19.0448 3204  [ 6978DECC2C38C5CE10A8B0F2B12F4451 ] risdpcie        C:\Windows\system32\DRIVERS\risdpe86.sys
19:09:19.0487 3204  risdpcie - ok
19:09:19.0512 3204  [ DCB87DA83CC1010CBC9FC4DC9E395BBC ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
19:09:19.0532 3204  rismxdp - ok
19:09:19.0546 3204  [ 764C1F3453E779724BA647327DE7DDD4 ] rixdpcie        C:\Windows\system32\DRIVERS\rixdpe86.sys
19:09:19.0566 3204  rixdpcie - ok
19:09:19.0591 3204  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:09:19.0638 3204  RpcEptMapper - ok
19:09:19.0672 3204  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
19:09:19.0692 3204  RpcLocator - ok
19:09:19.0711 3204  [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs           C:\Windows\System32\rpcss.dll
19:09:19.0745 3204  RpcSs - ok
19:09:19.0799 3204  [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103        C:\Windows\system32\DRIVERS\RsFx0103.sys
19:09:19.0810 3204  RsFx0103 - ok
19:09:19.0851 3204  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:09:19.0876 3204  rspndr - ok
19:09:19.0904 3204  [ 83F7A29B659771E60CD71999EF57AA0C ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
19:09:19.0925 3204  RSUSBSTOR - ok
19:09:19.0976 3204  [ 25C91EE1BE0C0CFA79696A2D0B47AA43 ] RTL8187         C:\Windows\system32\DRIVERS\RTL8187.sys
19:09:20.0019 3204  RTL8187 - ok
19:09:20.0035 3204  [ 702A60ACC6C067CC3F688C801A1F76E1 ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
19:09:20.0074 3204  RTSTOR - ok
19:09:20.0103 3204  [ 5423D8437051E89DD34749F242C98648 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
19:09:20.0126 3204  s3cap - ok
19:09:20.0133 3204  [ F42309C4191C506B71DB5D1126D26318 ] SamSs           C:\Windows\system32\lsass.exe
19:09:20.0153 3204  SamSs - ok
19:09:20.0213 3204  [ 0E5A3D6B8362D7B44DBF56ACD2C090CE ] SbieDrv         D:\Program Files\Sandboxie\SbieDrv.sys
19:09:20.0223 3204  SbieDrv - ok
19:09:20.0227 3204  [ DE28C8DE65E2E166D1983BDDCE87FBCE ] SbieSvc         D:\Program Files\Sandboxie\SbieSvc.exe
19:09:20.0235 3204  SbieSvc - ok
19:09:20.0268 3204  [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:09:20.0279 3204  sbp2port - ok
19:09:20.0313 3204  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:09:20.0344 3204  SCardSvr - ok
19:09:20.0357 3204  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:09:20.0461 3204  scfilter - ok
19:09:20.0538 3204  [ 3E8B0C453E25613A1F59762A5C42AA75 ] Schedule        C:\Windows\system32\schedsvc.dll
19:09:20.0599 3204  Schedule - ok
19:09:20.0632 3204  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:09:20.0656 3204  SCPolicySvc - ok
19:09:20.0686 3204  [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:09:20.0745 3204  SDRSVC - ok
19:09:20.0831 3204  [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
19:09:20.0841 3204  SeaPort - ok
19:09:20.0873 3204  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
19:09:20.0911 3204  seclogon - ok
19:09:20.0957 3204  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
19:09:20.0989 3204  SENS - ok
19:09:21.0014 3204  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:09:21.0061 3204  SensrSvc - ok
19:09:21.0121 3204  [ 8627C992B8A80504FC477B2E8FF8EC4F ] Sentinel        C:\Windows\System32\Drivers\SENTINEL.SYS
19:09:21.0127 3204  Sentinel ( UnsignedFile.Multi.Generic ) - warning
19:09:21.0127 3204  Sentinel - detected UnsignedFile.Multi.Generic (1)
19:09:21.0172 3204  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:09:21.0191 3204  Serenum - ok
19:09:21.0228 3204  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:09:21.0243 3204  Serial - ok
19:09:21.0300 3204  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:09:21.0330 3204  sermouse - ok
19:09:21.0380 3204  [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv      C:\Windows\system32\sessenv.dll
19:09:21.0461 3204  SessionEnv - ok
19:09:21.0480 3204  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:09:21.0523 3204  sffdisk - ok
19:09:21.0546 3204  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:09:21.0561 3204  sffp_mmc - ok
19:09:21.0581 3204  [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:09:21.0594 3204  sffp_sd - ok
19:09:21.0615 3204  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:09:21.0641 3204  sfloppy - ok
19:09:21.0697 3204  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:09:21.0755 3204  SharedAccess - ok
19:09:21.0788 3204  [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:09:21.0836 3204  ShellHWDetection - ok
19:09:21.0855 3204  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
19:09:21.0868 3204  sisagp - ok
19:09:21.0898 3204  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:09:21.0908 3204  SiSRaid2 - ok
19:09:21.0928 3204  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:09:21.0940 3204  SiSRaid4 - ok
19:09:21.0964 3204  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:09:22.0003 3204  Smb - ok
19:09:22.0048 3204  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:09:22.0084 3204  SNMPTRAP - ok
19:09:22.0103 3204  [ 87F799C486302ACEFF098E067D481D9C ] Sntnlusb        C:\Windows\system32\DRIVERS\SNTNLUSB.SYS
19:09:22.0111 3204  Sntnlusb ( UnsignedFile.Multi.Generic ) - warning
19:09:22.0111 3204  Sntnlusb - detected UnsignedFile.Multi.Generic (1)
19:09:22.0131 3204  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:09:22.0139 3204  spldr - ok
19:09:22.0168 3204  [ 49B6DD6AB3715B7A67965F17194E98A9 ] Spooler         C:\Windows\System32\spoolsv.exe
19:09:22.0197 3204  Spooler - ok
19:09:22.0255 3204  [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc          C:\Windows\system32\sppsvc.exe
19:09:22.0339 3204  sppsvc - ok
19:09:22.0353 3204  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:09:22.0442 3204  sppuinotify - ok
19:09:22.0489 3204  [ CDDDEC541BC3C96F91ECB48759673505 ] sptd            C:\Windows\System32\Drivers\sptd.sys
19:09:22.0517 3204  sptd - ok
19:09:22.0553 3204  [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
19:09:22.0578 3204  SQLAgent$SQLEXPRESS - ok
19:09:22.0638 3204  [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:09:22.0648 3204  SQLBrowser - ok
19:09:22.0683 3204  [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:09:22.0691 3204  SQLWriter - ok
19:09:22.0725 3204  [ 50A83CA406C808BD35AC9141A0C7618F ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:09:22.0766 3204  srv - ok
19:09:22.0782 3204  [ DCE7E10FEAABD4CAE95948B3DE5340BB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:09:22.0826 3204  srv2 - ok
19:09:22.0854 3204  [ BD1433A32792FD0DC450479094FC435A ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:09:22.0878 3204  srvnet - ok
19:09:22.0910 3204  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:09:22.0940 3204  SSDPSRV - ok
19:09:22.0956 3204  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:09:23.0001 3204  SstpSvc - ok
19:09:23.0017 3204  StarOpen - ok
19:09:23.0039 3204  Steam Client Service - ok
19:09:23.0077 3204  [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:09:23.0091 3204  Stereo Service - ok
19:09:23.0111 3204  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:09:23.0122 3204  stexstor - ok
19:09:23.0193 3204  [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc          C:\Windows\System32\wiaservc.dll
19:09:23.0236 3204  StiSvc - ok
19:09:23.0278 3204  [ 957E346CA948668F2496A6CCF6FF82CC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
19:09:23.0289 3204  storflt - ok
19:09:23.0334 3204  [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:09:23.0344 3204  storvsc - ok
19:09:23.0370 3204  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:09:23.0409 3204  swenum - ok
19:09:23.0537 3204  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:09:23.0563 3204  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
19:09:23.0563 3204  SwitchBoard - detected UnsignedFile.Multi.Generic (1)
19:09:23.0576 3204  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
19:09:23.0633 3204  swprv - ok
19:09:23.0684 3204  [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain         C:\Windows\system32\sysmain.dll
19:09:23.0728 3204  SysMain - ok
19:09:23.0741 3204  [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:09:23.0775 3204  TabletInputService - ok
19:09:23.0824 3204  [ B7AEE68D2E867CBF69B649B18FCEDBBB ] tap0901t        C:\Windows\system32\DRIVERS\tap0901t.sys
19:09:23.0841 3204  tap0901t ( UnsignedFile.Multi.Generic ) - warning
19:09:23.0841 3204  tap0901t - detected UnsignedFile.Multi.Generic (1)
19:09:23.0856 3204  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:09:23.0910 3204  TapiSrv - ok
19:09:23.0933 3204  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
19:09:23.0972 3204  TBS - ok
19:09:24.0015 3204  [ A1EDFAE89BC8956C925B99950E3558AD ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:09:24.0059 3204  Tcpip - ok
19:09:24.0095 3204  [ A1EDFAE89BC8956C925B99950E3558AD ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:09:24.0121 3204  TCPIP6 - ok
19:09:24.0161 3204  [ E64444523ADD154F86567C469BC0B17F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:09:24.0185 3204  tcpipreg - ok
19:09:24.0199 3204  [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:09:24.0241 3204  TDPIPE - ok
19:09:24.0256 3204  [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:09:24.0280 3204  TDTCP - ok
19:09:24.0298 3204  [ CB39E896A2A83702D1737BFD402B3542 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:09:24.0338 3204  tdx - ok
19:09:24.0359 3204  [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:09:24.0368 3204  TermDD - ok
19:09:24.0436 3204  [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService     C:\Windows\System32\termsrv.dll
19:09:24.0480 3204  TermService - ok
19:09:24.0513 3204  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
19:09:24.0543 3204  Themes - ok
19:09:24.0559 3204  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
19:09:24.0585 3204  THREADORDER - ok
19:09:24.0600 3204  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
19:09:24.0645 3204  TrkWks - ok
19:09:24.0695 3204  [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:09:24.0715 3204  TrustedInstaller - ok
19:09:24.0731 3204  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:09:24.0758 3204  tssecsrv - ok
19:09:24.0775 3204  [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:09:24.0800 3204  tunnel - ok
19:09:24.0888 3204  [ F8302E3E534AF5E3F2588A974BEA80DF ] TunngleService  G:\Program Files\Tunngle\TnglCtrl.exe
19:09:24.0925 3204  TunngleService ( UnsignedFile.Multi.Generic ) - warning
19:09:24.0925 3204  TunngleService - detected UnsignedFile.Multi.Generic (1)
19:09:24.0948 3204  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:09:24.0958 3204  uagp35 - ok
19:09:24.0974 3204  [ EB0A7BD4D471AC3CE55564A4C55B9D8E ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:09:24.0993 3204  udfs - ok
19:09:25.0005 3204  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:09:25.0038 3204  UI0Detect - ok
19:09:25.0053 3204  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:09:25.0063 3204  uliagpkx - ok
19:09:25.0074 3204  [ 71BBF3E8078D585ABF27411A8986EB95 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:09:25.0103 3204  umbus - ok
19:09:25.0120 3204  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:09:25.0144 3204  UmPass - ok
19:09:25.0175 3204  [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService    C:\Windows\System32\umrdp.dll
19:09:25.0194 3204  UmRdpService - ok
19:09:25.0236 3204  UpdateCenterService - ok
19:09:25.0248 3204  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
19:09:25.0298 3204  upnphost - ok
19:09:25.0359 3204  [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:09:25.0415 3204  usbaudio - ok
19:09:25.0449 3204  [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:09:25.0473 3204  usbccgp - ok
19:09:25.0490 3204  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:09:25.0507 3204  usbcir - ok
19:09:25.0521 3204  [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:09:25.0557 3204  usbehci - ok
19:09:25.0587 3204  [ 0DB84EDA895894BA222E27ACF597C806 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:09:25.0605 3204  usbhub - ok
19:09:25.0620 3204  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:09:25.0633 3204  usbohci - ok
19:09:25.0647 3204  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
19:09:25.0675 3204  usbprint - ok
19:09:25.0692 3204  [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:09:25.0716 3204  USBSTOR - ok
19:09:25.0732 3204  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:09:25.0744 3204  usbuhci - ok
19:09:25.0777 3204  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
19:09:25.0804 3204  UxSms - ok
19:09:25.0841 3204  [ 004415A34B5DC881EAEFB860C4B22C24 ] V0510Dev        C:\Windows\system32\DRIVERS\V0510Vid.sys
19:09:25.0882 3204  V0510Dev - ok
19:09:25.0915 3204  [ 86326062A90494BDD79CE383511D7D69 ] V0510Vfx        C:\Windows\system32\DRIVERS\V0510Vfx.sys
19:09:25.0940 3204  V0510Vfx - ok
19:09:25.0944 3204  [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc        C:\Windows\system32\lsass.exe
19:09:25.0957 3204  VaultSvc - ok
19:09:25.0979 3204  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:09:25.0988 3204  vdrvroot - ok
19:09:26.0007 3204  [ 03E73018549D1A2906E6356FE3BD31D4 ] vds             C:\Windows\System32\vds.exe
19:09:26.0089 3204  vds - ok
19:09:26.0108 3204  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:09:26.0139 3204  vga - ok
19:09:26.0165 3204  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:09:26.0188 3204  VgaSave - ok
19:09:26.0227 3204  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:09:26.0238 3204  vhdmp - ok
19:09:26.0259 3204  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
19:09:26.0269 3204  viaagp - ok
19:09:26.0276 3204  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
19:09:26.0305 3204  ViaC7 - ok
19:09:26.0325 3204  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
19:09:26.0334 3204  viaide - ok
19:09:26.0369 3204  [ E2D93ECD5A0F3BFBA99D023074C73F6A ] vm3dmp          C:\Windows\system32\DRIVERS\vm3dmp.sys
19:09:26.0406 3204  vm3dmp - ok
19:09:26.0435 3204  VMAUDIO - ok
19:09:26.0449 3204  [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:09:26.0461 3204  vmbus - ok
19:09:26.0476 3204  [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
19:09:26.0487 3204  VMBusHID - ok
19:09:26.0491 3204  vmci - ok
19:09:26.0524 3204  [ E41FEF9E3056FE88C71E411F705BE41E ] vmm             C:\Windows\system32\Drivers\vmm.sys
19:09:26.0534 3204  vmm - ok
19:09:26.0562 3204  [ 17CD671136032E3A202B4A9C6C4C9DBA ] vmmouse         C:\Windows\system32\DRIVERS\vmmouse.sys
19:09:26.0569 3204  vmmouse - ok
19:09:26.0583 3204  [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:09:26.0592 3204  volmgr - ok
19:09:26.0607 3204  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:09:26.0620 3204  volmgrx - ok
19:09:26.0638 3204  [ 70F41D1EBDD9EE6ED2FD0FC05AA1FC13 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:09:26.0650 3204  volsnap - ok
19:09:26.0663 3204  [ 33E74DF34753FCAAB06F6F2BDC8CABF5 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
19:09:26.0701 3204  vpcbus - ok
19:09:26.0728 3204  [ 5F04362CEB5FB5901037E9D9EADD3760 ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
19:09:26.0739 3204  vpcnfltr - ok
19:09:26.0748 3204  [ 625088D6EE9EDE977FD03CF18D1CD5C5 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
19:09:26.0760 3204  vpcusb - ok
19:09:26.0770 3204  [ 5ED378D91E32134F3C0B3810860FFD71 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
19:09:26.0784 3204  vpcvmm - ok
19:09:26.0805 3204  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:09:26.0816 3204  vsmraid - ok
19:09:26.0861 3204  [ F1BF254DC9EDA07E3A83BD111E39A350 ] VSS             C:\Windows\system32\vssvc.exe
19:09:26.0928 3204  VSS - ok
19:09:26.0938 3204  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:09:26.0965 3204  vwifibus - ok
19:09:26.0993 3204  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
19:09:27.0050 3204  W32Time - ok
19:09:27.0069 3204  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:09:27.0081 3204  WacomPen - ok
19:09:27.0106 3204  [ 692A712062146E96D28BA0B7D75DE31B ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:09:27.0130 3204  WANARP - ok
19:09:27.0133 3204  [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:09:27.0157 3204  Wanarpv6 - ok
19:09:27.0220 3204  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:09:27.0265 3204  WatAdminSvc - ok
19:09:27.0300 3204  [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine        C:\Windows\system32\wbengine.exe
19:09:27.0352 3204  wbengine - ok
19:09:27.0392 3204  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:09:27.0437 3204  WbioSrvc - ok
19:09:27.0454 3204  [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:09:27.0502 3204  wcncsvc - ok
19:09:27.0523 3204  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:09:27.0546 3204  WcsPlugInService - ok
19:09:27.0563 3204  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
19:09:27.0572 3204  Wd - ok
19:09:27.0590 3204  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:09:27.0606 3204  Wdf01000 - ok
19:09:27.0618 3204  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:09:27.0649 3204  WdiServiceHost - ok
19:09:27.0653 3204  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:09:27.0671 3204  WdiSystemHost - ok
19:09:27.0694 3204  [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient       C:\Windows\System32\webclnt.dll
19:09:27.0724 3204  WebClient - ok
19:09:27.0736 3204  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:09:27.0766 3204  Wecsvc - ok
19:09:27.0780 3204  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:09:27.0808 3204  wercplsupport - ok
19:09:27.0831 3204  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:09:27.0863 3204  WerSvc - ok
19:09:27.0869 3204  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:09:27.0892 3204  WfpLwf - ok
19:09:27.0903 3204  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:09:27.0913 3204  WIMMount - ok
19:09:27.0986 3204  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
19:09:28.0036 3204  WinDefend - ok
19:09:28.0090 3204  [ 9AE9E94531E5EF4BDDB8FEBCE3C244B7 ] WinDriver6      C:\Windows\system32\drivers\windrvr6.sys
19:09:28.0115 3204  WinDriver6 - ok
19:09:28.0118 3204  WinHttpAutoProxySvc - ok
19:09:28.0185 3204  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:09:28.0210 3204  Winmgmt - ok
19:09:28.0260 3204  [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:09:28.0326 3204  WinRM - ok
19:09:28.0431 3204  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:09:28.0461 3204  Wlansvc - ok
19:09:28.0483 3204  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:09:28.0510 3204  WmiAcpi - ok
19:09:28.0558 3204  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:09:28.0578 3204  wmiApSrv - ok
19:09:28.0611 3204  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:09:28.0638 3204  WPCSvc - ok
19:09:28.0652 3204  [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:09:28.0677 3204  WPDBusEnum - ok
19:09:28.0684 3204  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:09:28.0707 3204  ws2ifsl - ok
19:09:28.0739 3204  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
19:09:28.0773 3204  wscsvc - ok
19:09:28.0777 3204  WSearch - ok
19:09:28.0828 3204  [ 6298277B73C77FA99106B271A7525163 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:09:28.0893 3204  wuauserv - ok
19:09:28.0902 3204  [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:09:28.0940 3204  WudfPf - ok
19:09:28.0965 3204  [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:09:29.0001 3204  WUDFRd - ok
19:09:29.0027 3204  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:09:29.0068 3204  wudfsvc - ok
19:09:29.0091 3204  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:09:29.0136 3204  WwanSvc - ok
19:09:29.0168 3204  XDva380 - ok
19:09:29.0186 3204  ================ Scan global ===============================
19:09:29.0222 3204  [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
19:09:29.0252 3204  [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
19:09:29.0269 3204  [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
19:09:29.0285 3204  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:09:29.0322 3204  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:09:29.0337 3204  [Global] - ok
19:09:29.0338 3204  ================ Scan MBR ==================================
19:09:29.0348 3204  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:09:29.0672 3204  \Device\Harddisk0\DR0 - ok
19:09:29.0675 3204  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:09:29.0742 3204  \Device\Harddisk1\DR1 - ok
19:09:29.0743 3204  ================ Scan VBR ==================================
19:09:29.0745 3204  [ 624ACAE55B5544EF43749DA25A00F133 ] \Device\Harddisk0\DR0\Partition1
19:09:29.0747 3204  \Device\Harddisk0\DR0\Partition1 - ok
19:09:29.0774 3204  [ D4106565A29F57682750CAD50BD2010F ] \Device\Harddisk0\DR0\Partition2
19:09:29.0776 3204  \Device\Harddisk0\DR0\Partition2 - ok
19:09:29.0806 3204  [ 64E31DC7767CA6010520FA952C46320C ] \Device\Harddisk1\DR1\Partition1
19:09:29.0808 3204  \Device\Harddisk1\DR1\Partition1 - ok
19:09:29.0809 3204  ============================================================
19:09:29.0809 3204  Scan finished
19:09:29.0809 3204  ============================================================
19:09:29.0832 3008  Detected object count: 18
19:09:29.0832 3008  Actual detected object count: 18
19:10:02.0096 3008  AmUStor ( UnsignedFile.Multi.Generic ) - skipped by user
19:10:02.0096 3008  AmUStor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:10:02.0098 3008  BEService ( UnsignedFile.Multi.Generic ) - skipped by user
19:10:02.0098 3008  BEService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:10:02.0099 3008  Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:10:02.0099 3008  Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:10:02.0101 3008  DS1410D ( ForgedFile.Multi.Generic ) - skipped by user
19:10:02.0101 3008  DS1410D ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:10:02.0103 3008  FileZilla Server ( UnsignedFile.Multi.Generic ) - skipped by user
19:10:02.0103 3008  FileZilla Server ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:10:02.0105 3008  Haspnt ( UnsignedFile.Multi.Generic ) - skipped by user
19:10:02.0106 3008  Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:10:02.0107 3008  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:10:02.0107 3008  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:10:02.0108 3008  mapledxp ( UnsignedFile.Multi.Generic ) - skipped by user
19:10:02.0109 3008  mapledxp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:10:02.0110 3008  maya70docserver ( UnsignedFile.Multi.Generic ) - skipped by user
19:10:02.0110 3008  maya70docserver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:10:02.0111 3008  mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
19:10:02.0111 3008  mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:10:02.0113 3008  mi-raysat_3dsmax2010_32 ( UnsignedFile.Multi.Generic ) - skipped by user
19:10:02.0113 3008  mi-raysat_3dsmax2010_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:10:02.0114 3008  NPPTNT2 ( UnsignedFile.Multi.Generic ) - skipped by user
19:10:02.0114 3008  NPPTNT2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:10:02.0116 3008  NVR0Dev ( UnsignedFile.Multi.Generic ) - skipped by user
19:10:02.0116 3008  NVR0Dev ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:10:02.0117 3008  Sentinel ( UnsignedFile.Multi.Generic ) - skipped by user
19:10:02.0118 3008  Sentinel ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:10:02.0119 3008  Sntnlusb ( UnsignedFile.Multi.Generic ) - skipped by user
19:10:02.0119 3008  Sntnlusb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:10:02.0121 3008  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
19:10:02.0121 3008  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:10:02.0123 3008  tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user
19:10:02.0123 3008  tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:10:02.0124 3008  TunngleService ( UnsignedFile.Multi.Generic ) - skipped by user
19:10:02.0124 3008  TunngleService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:10:23.0645 4188  Deinitialize success




Malwarebytes log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.23.07

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: HEAVENH-B8RJ5SH [administrator]

2013/04/23 7:52:39 PM
mbam-log-2013-04-23 (19-52-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM
Scan options disabled: Heuristics/Shuriken | P2P
Objects scanned: 284407
Time elapsed: 8 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




adwCleaner log:

# AdwCleaner v2.202 - Logfile created 04/23/2013 at 20:40:50
# Updated 23/04/2013 by Xplode
# Operating system : Windows 7 Ultimate  (32 bits)
# User : Administrator - HEAVENH-B8RJ5SH
# Boot Mode : Normal
# Running from : C:\Users\Administrator\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0 (en-US)

File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyb1rxtj.default\prefs.js

C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyb1rxtj.default\user.js ... Deleted !

[OK] File is clean.

-\\ Opera v [Unable to get version]

File : C:\Users\Administrator\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5935 octets] - [10/04/2013 14:00:48]
AdwCleaner[S2].txt - [984 octets] - [23/04/2013 20:40:50]

########## EOF - C:\AdwCleaner[S2].txt - [1043 octets] ##########




Service Repair log:

Log Opened: 2013-04-23 @ 21:41:48
21:41:48 - -----------------
21:41:48 - | Begin Logging |
21:41:48 - -----------------
21:41:48 - Fix started on a WIN_7 X86 computer
21:41:48 - Prep in progress.  Please Wait.
21:41:48 - Prep complete
21:41:48 - Repairing Services Now.  Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
21:41:50 - Services Repair Complete.
21:41:53 - Reboot Initiated




VEW System log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 23/04/2013 9:49:35 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/04/2013 12:45:29 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.

Log: 'System' Date/Time: 24/04/2013 12:45:29 AM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired.  To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 24/04/2013 12:43:58 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error:  %%-2140993535

Log: 'System' Date/Time: 24/04/2013 12:43:58 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  %%-2140993535

Log: 'System' Date/Time: 24/04/2013 12:43:58 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error:  %%-2140993535

Log: 'System' Date/Time: 24/04/2013 12:43:58 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  %%-2140993535

Log: 'System' Date/Time: 24/04/2013 12:43:58 AM
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 24/04/2013 12:43:58 AM
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 24/04/2013 12:43:48 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error:  %%-2140993535

Log: 'System' Date/Time: 24/04/2013 12:43:48 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  %%-2140993535

Log: 'System' Date/Time: 24/04/2013 12:43:48 AM
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 24/04/2013 12:43:40 AM
Type: Error Category: 0
Event: 10001 Source: Microsoft-Windows-DistributedCOM
Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding

Log: 'System' Date/Time: 24/04/2013 12:43:36 AM
Type: Error Category: 0
Event: 10001 Source: Microsoft-Windows-DistributedCOM
Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding

Log: 'System' Date/Time: 24/04/2013 12:43:14 AM
Type: Error Category: 0
Event: 3 Source: Haspnt
The event description cannot be found.

Log: 'System' Date/Time: 24/04/2013 12:43:13 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The epfwwfp service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 24/04/2013 12:43:13 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The DS1410D service failed to start due to the following error:  DS1410D is not a valid Win32 application.

Log: 'System' Date/Time: 24/04/2013 12:43:13 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The adfs service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 24/04/2013 12:42:05 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error:  %%-2140993535

Log: 'System' Date/Time: 24/04/2013 12:42:05 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  %%-2140993535

Log: 'System' Date/Time: 24/04/2013 12:42:05 AM
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/04/2013 12:42:59 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device Root\SIDESHOW\0001.

Log: 'System' Date/Time: 24/04/2013 12:42:59 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device Root\SIDESHOW\0000.

Log: 'System' Date/Time: 24/04/2013 12:42:12 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 




VEW Application log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 23/04/2013 9:50:38 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 24/04/2013 12:43:16 AM
Type: Error Category: 0
Event: 4103 Source: Microsoft-Windows-Winlogon
Windows license activation failed. Error 0x80070005.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 24/04/2013 12:43:16 AM
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.




OTL log:

OTL logfile created on: 2013/04/23 9:52:02 PM - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = C:\
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy/MM/dd
 
3.25 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 43.38% Memory free
13.75 Gb Paging File | 11.56 Gb Available in Paging File | 84.10% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sy [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 15.73 Gb Free Space | 19.67% Space Free | Partition Type: NTFS
Drive D: | 385.76 Gb Total Space | 10.67 Gb Free Space | 2.77% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 418.95 Gb Free Space | 22.49% Space Free | Partition Type: NTFS
 
Computer Name: HEAVENH-B8RJ5SH | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013/04/19 18:10:48 | 001,631,144 | ---- | M] (Valve Corporation) -- D:\Program Files\Steam\Steam.exe
PRC - [2013/03/26 20:01:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2012/12/10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/12/10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012/11/08 22:09:41 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/11/08 22:09:27 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/10/30 20:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 20:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/02 23:24:14 | 000,047,880 | ---- | M] () -- G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
PRC - [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/06/08 12:06:24 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2012/05/15 06:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 06:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/08/03 10:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2010/08/03 10:03:46 | 003,649,096 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2010/08/03 09:43:18 | 001,809,992 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2010/02/03 07:40:16 | 000,073,960 | ---- | M] (tzuk) -- D:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2009/11/02 15:19:13 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 22:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- D:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/08/18 08:58:08 | 000,155,648 | ---- | M] (NVIDIA) -- G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2008/08/01 11:11:10 | 000,114,688 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2007/12/06 22:00:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0510Mon.exe
PRC - [2004/07/16 22:26:44 | 000,126,976 | ---- | M] () -- G:\Program Files\Alias\Maya7.0\docs\wrapper.exe
PRC - [2004/05/07 09:20:52 | 000,024,681 | ---- | M] () -- G:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2013/04/19 18:10:50 | 001,114,024 | ---- | M] () -- D:\Program Files\Steam\bin\chromehtml.dll
MOD - [2013/03/26 21:16:40 | 020,341,672 | ---- | M] () -- D:\Program Files\Steam\bin\libcef.dll
MOD - [2013/03/25 19:23:34 | 000,651,776 | ---- | M] () -- D:\Program Files\Steam\SDL2.dll
MOD - [2012/12/11 14:51:10 | 001,100,800 | ---- | M] () -- D:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 14:51:10 | 000,192,000 | ---- | M] () -- D:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/12/11 14:51:10 | 000,124,416 | ---- | M] () -- D:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012/07/02 23:24:14 | 000,047,880 | ---- | M] () -- G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
MOD - [2012/07/02 23:23:06 | 000,010,240 | ---- | M] () -- G:\Program Files\TortoiseHg\mercurial.osutil.pyd
MOD - [2012/06/08 21:58:17 | 002,042,848 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012/04/10 23:31:56 | 000,074,240 | ---- | M] () -- G:\Program Files\TortoiseHg\_ctypes.pyd
MOD - [2012/02/13 12:15:42 | 000,228,864 | ---- | M] () -- G:\Program Files\TortoiseHg\win32com.shell.shell.pyd
MOD - [2012/02/13 12:14:40 | 000,330,240 | ---- | M] () -- G:\Program Files\TortoiseHg\pythoncom27.dll
MOD - [2012/02/13 12:14:08 | 000,164,864 | ---- | M] () -- G:\Program Files\TortoiseHg\win32gui.pyd
MOD - [2012/02/13 12:14:06 | 000,096,256 | ---- | M] () -- G:\Program Files\TortoiseHg\win32api.pyd
MOD - [2012/02/13 12:14:00 | 000,107,520 | ---- | M] () -- G:\Program Files\TortoiseHg\win32security.pyd
MOD - [2012/02/13 12:13:58 | 000,035,328 | ---- | M] () -- G:\Program Files\TortoiseHg\win32process.pyd
MOD - [2012/02/13 12:13:56 | 000,023,040 | ---- | M] () -- G:\Program Files\TortoiseHg\win32pipe.pyd
MOD - [2012/02/13 12:13:52 | 000,017,920 | ---- | M] () -- G:\Program Files\TortoiseHg\win32event.pyd
MOD - [2012/02/13 12:13:50 | 000,110,080 | ---- | M] () -- G:\Program Files\TortoiseHg\win32file.pyd
MOD - [2012/02/13 12:13:44 | 000,104,960 | ---- | M] () -- G:\Program Files\TortoiseHg\pywintypes27.dll
MOD - [2011/07/18 18:04:08 | 000,296,448 | ---- | M] () -- G:\Program Files\Notepad++\NppShell_04.dll
MOD - [2011/07/12 17:10:00 | 000,107,008 | ---- | M] () -- G:\Program Files\IDM Computer Solutions\UltraEdit\ue32ctmn.dll
MOD - [2010/07/04 18:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/05/15 14:58:55 | 000,410,432 | ---- | M] () -- D:\Program Files\Perfect Uninstaller\Contextmenu.dll
MOD - [2010/03/15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV - [2013/03/26 02:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/05 17:05:56 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2012/12/10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/08 22:09:41 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/11/08 22:09:27 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/10/30 20:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/06/08 21:58:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2012/06/01 13:18:16 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- G:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/05/15 07:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/23 17:07:34 | 000,630,784 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- G:\Program Files\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2011/04/20 20:10:10 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/25 08:32:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/02 14:12:00 | 003,623,304 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/03 07:40:16 | 000,073,960 | ---- | M] (tzuk) [Auto | Running] -- D:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/12 17:36:24 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2008/08/18 08:58:08 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008/08/01 11:11:10 | 000,114,688 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2004/07/16 22:26:44 | 000,126,976 | ---- | M] () [Auto | Running] -- G:\Program Files\Alias\Maya7.0\docs\wrapper.exe -- (maya70docserver)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva380.sys -- (XDva380)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmci.sys -- (vmci)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\vmaudio.sys -- (VMAUDIO)
DRV - File not found [File_System | On_Demand | Stopped] --  -- (StarOpen)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\epfwwfp.sys -- (epfwwfp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\CFcatchme.sys -- (CFcatchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] --  -- (adfs)
DRV - [2012/11/08 22:09:28 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/10/30 20:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 20:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 20:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 20:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 20:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/15 13:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/06/08 12:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/06/08 12:06:24 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- D:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2012/05/15 07:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/05/04 12:41:54 | 000,073,032 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2012/05/04 12:41:53 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2012/03/06 12:41:42 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
DRV - [2011/06/14 14:26:23 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/03/18 06:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/03/18 06:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 06:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/02/18 20:21:32 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2010/02/03 07:40:08 | 000,115,432 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- D:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/01/25 17:20:48 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/01/17 18:43:00 | 000,196,064 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2009/11/23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009/11/23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009/11/02 15:12:29 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/11/02 15:12:29 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009/11/02 15:12:29 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009/11/02 15:12:29 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009/10/21 17:47:48 | 000,011,440 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmmouse.sys -- (vmmouse)
DRV - [2009/10/21 17:46:54 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vm3dmp.sys -- (vm3dmp)
DRV - [2009/09/22 12:40:48 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/09/16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t)
DRV - [2009/08/21 09:48:12 | 000,027,136 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV - [2009/08/04 07:49:08 | 000,106,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iSSetup.sys -- (iSSetup)
DRV - [2009/07/26 19:00:00 | 000,047,448 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2009/07/26 19:00:00 | 000,044,064 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2009/07/13 22:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 22:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 22:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 20:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009/07/04 13:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/07/02 03:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/06/30 14:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/06/25 11:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 11:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 11:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/18 09:00:00 | 000,029,952 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev)
DRV - [2008/08/01 11:08:28 | 000,036,640 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflash.sys -- (NVR0FLASHDev)
DRV - [2008/06/27 01:10:18 | 000,335,872 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2008/04/07 22:00:00 | 000,254,080 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0510Vid.sys -- (V0510Dev)
DRV - [2008/01/18 01:14:20 | 000,037,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd26032.sys -- (ioatdma)
DRV - [2008/01/18 01:14:14 | 000,036,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd16032.sys -- (ioatdma1)
DRV - [2007/07/14 22:37:04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pstrip.sys -- (PStrip)
DRV - [2007/03/05 07:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0510Vfx.sys -- (V0510Vfx)
DRV - [2006/11/22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2006/10/18 02:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/04/05 11:44:42 | 000,024,720 | ---- | M] (Jeff Hurchalla and Marble Sound) [Kernel | System | Running] -- C:\Windows\System32\drivers\mapledxp.sys -- (mapledxp)
DRV - [2001/06/21 21:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/06/21 21:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [1998/07/10 04:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ds1410d.sys -- (DS1410D)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/news
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{06DD5559-5502-41C4-A464-F72A860EE5A2}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{16CC4F96-01D5-4A58-9AF7-BAEB60E44E84}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{72433522-8F91-4F01-9072-80790C26725F}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=vmn&type=vdio2&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/02 09:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012/06/08 21:58:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2013/04/22 21:16:46 | 000,000,000 | ---D | M]
 
[2010/11/24 15:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/02 22:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2013/04/23 08:49:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] D:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TortoiseHgOverlayIconServer] G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe ()
O4 - HKLM..\Run: [V0510Mon.exe] C:\Windows\V0510Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [NVIDIA nTune] G:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.222.0.94 24.222.0.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{248AB61D-41EC-4A39-A95A-36A580EC82FA}: DhcpNameServer = 24.222.0.94 24.222.0.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CC13486-832A-4E58-B78E-307737CF10E0}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - Ave's FolderBg - C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll (Andreas Verhoeven)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/07/05 00:30:24 | 000,000,000 | ---- | M] () - D:\AutoHotkey.ahk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: [b]FileZilla Server Interface[/b] - hkey= - key= - G:\Program Files\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
MsConfig - StartUpReg: [b]Pando Media Booster[/b] - hkey= - key= - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
MsConfig - StartUpReg: [b]SandboxieControl[/b] - hkey= - key= - D:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
MsConfig - State: "bootini" - 0
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - D:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {206FE56F-802F-E477-7BE6-43EDD6665692} - Microsoft Windows Media Player 12.0
ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework
ActiveX: {2B4897AB-F88A-B6FF-6A21-29F463CDB965} - DirectX
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {63E633DE-F62D-EDE0-82BA-77E6979ABFB8} - .NET Framework
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {82D7B414-5DA9-00AF-40A5-0A0B3BDEA283} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B2448CC6-7788-E36B-B8E7-8D3A7246DEB5} - Microsoft Windows Media Player 12.0
ActiveX: {C542E6FD-678C-243C-E30C-2FC49800426C} - Internet Explorer
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CAC9C37A-3DF6-765A-42B5-D377D78EEE15} - DirectX
ActiveX: {CAFBC0BB-A929-4667-53B0-86C67415B79D} - Themes Setup
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash Object
ActiveX: {D3E7CF57-3115-AD58-2FD2-8A345A527DE4} - Microsoft Windows Media Player 12.0
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{0472f9bf-d68f-45e7-b372-621a4d5b1258} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
 
Drivers32: midi8 - C:\Windows\System32\mapledxp.dll (Jeff Hurchalla and Marble Sound)
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.at3 - C:\Windows\System32\atrac3.acm ()
Drivers32: msacm.bdmpeg - C:\Windows\System32\bdmpega.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: SENTINEL - C:\Windows\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - D:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.HFYU - C:\Windows\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\Windows\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.LAGS - C:\Windows\System32\lagarith.dll ( )
Drivers32: vidc.mpeg - C:\Windows\System32\bdmpegv.dll ()
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\Windows\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\Windows\System32\x264vfw.dll ()
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013/04/23 21:41:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2013/04/23 19:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/23 19:52:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/23 19:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/23 08:55:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/23 08:55:28 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2013/04/18 21:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2013/04/17 10:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/04/09 15:53:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/09 15:53:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/09 15:53:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/09 15:50:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/09 15:50:47 | 000,000,000 | ---D | C] -- \Qoobox
[2013/03/30 14:08:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/30 14:08:52 | 000,000,000 | ---D | C] -- \_OTL
[2013/03/28 18:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2009/11/19 21:08:02 | 003,749,224 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/11/19 21:08:02 | 002,941,288 | ---- | C] (Autodesk, Inc.) -- C:\Program Files\Common Files\adlmint.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013/04/23 21:43:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/23 21:43:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/23 21:13:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/23 20:41:32 | 000,017,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/23 20:41:32 | 000,017,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/23 19:52:02 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/23 08:49:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/22 21:44:39 | 000,740,312 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/22 21:44:39 | 000,491,444 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2013/04/22 21:44:39 | 000,151,558 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2013/04/22 21:44:39 | 000,151,558 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/20 00:34:36 | 000,000,020 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2013/04/19 20:37:04 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/04/19 20:37:04 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/04/10 15:46:18 | 003,773,816 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/03/28 18:15:01 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/03/26 20:01:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013/04/23 19:52:02 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/20 00:34:20 | 000,000,020 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2013/04/09 15:53:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/09 15:53:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/09 15:53:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/09 15:53:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/09 15:53:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/17 11:47:39 | 002,474,608 | ---- | C] () -- \Procmon.exe
[2013/03/17 11:47:39 | 000,063,582 | ---- | C] () -- \procmon.chm
[2013/03/06 07:49:42 | 000,002,100 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
[2012/10/12 15:09:27 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2012/07/25 21:16:17 | 000,290,904 | ---- | C] () -- C:\Windows\System32\vc6-re200l.dll
[2012/07/22 20:14:33 | 000,002,182 | ---- | C] () -- C:\Users\Administrator\.kdiff3rc
[2012/07/21 12:18:04 | 000,000,162 | ---- | C] () -- C:\Users\Administrator\mercurial.ini
[2012/06/25 19:36:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2012/05/27 17:14:39 | 000,002,932 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2012/05/27 17:14:36 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2012/05/27 17:14:36 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2012/05/27 17:14:36 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2012/05/27 17:14:36 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2012/05/27 17:14:36 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2012/05/27 17:14:36 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2012/05/27 17:14:36 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2012/05/27 17:14:36 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2012/05/27 17:14:36 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2012/05/27 17:14:36 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2012/05/27 17:14:35 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2012/05/27 17:14:35 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2012/05/27 17:14:35 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2012/05/27 17:14:35 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2012/05/27 17:14:35 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2012/05/27 17:14:35 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/05/08 22:51:36 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2012/05/02 23:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2012/04/09 15:57:59 | 000,000,024 | ---- | C] () -- C:\Windows\entpack.ini
[2012/03/08 23:54:27 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011/07/30 15:26:18 | 000,324,096 | ---- | C] () -- C:\Windows\System32\SDL.dll
[2011/07/21 10:30:35 | 000,000,190 | ---- | C] () -- C:\Windows\_delis43.ini
[2011/06/14 14:26:23 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2011/06/14 14:26:12 | 000,007,328 | ---- | C] () -- C:\Windows\System32\drivers\ds1410d.sys
[2011/06/02 19:26:39 | 000,714,526 | ---- | C] () -- C:\Windows\unins001.exe
[2011/06/02 19:26:39 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011/06/02 19:26:39 | 000,001,799 | ---- | C] () -- C:\Windows\unins001.dat
[2011/05/20 00:07:56 | 000,274,706 | ---- | C] () -- \gohei.jpg
[2011/05/18 21:51:29 | 000,602,112 | ---- | C] () -- \OTL.exe
[2011/05/02 21:38:04 | 000,525,419 | ---- | C] () -- \remii.png
[2011/05/02 16:26:22 | 003,289,689 | ---- | C] () -- \goheilol.png
[2011/04/29 23:52:57 | 001,614,444 | ---- | C] () -- \flashlight.png
[2011/04/28 20:20:15 | 000,739,966 | ---- | C] () -- \gohei.png
[2011/04/23 19:07:52 | 007,618,784 | ---- | C] () -- \gohei.FBX
[2011/04/08 21:36:15 | 001,057,198 | ---- | C] () -- \lawl2.png
[2011/04/07 19:03:18 | 001,942,616 | ---- | C] () -- \lawl.png
[2011/04/01 16:41:42 | 000,407,023 | ---- | C] () -- \Amnesia.png
[2011/03/11 20:46:20 | 000,000,263 | ---- | C] () -- C:\Users\Administrator\server.properties
[2011/03/07 08:15:58 | 000,038,578 | ---- | C] () -- \Threshold1.png
[2011/02/27 17:43:42 | 000,086,827 | ---- | C] () -- \Threshold.png
[2011/01/16 22:21:30 | 000,264,748 | ---- | C] () -- \lot.png
[2011/01/10 10:12:32 | 000,231,555 | ---- | C] () -- \ctca.png
[2011/01/09 17:10:47 | 000,369,097 | ---- | C] () -- \ctcc.png
[2011/01/09 17:09:15 | 000,316,054 | ---- | C] () -- \ctcmenu.png
[2011/01/09 00:21:36 | 000,601,401 | ---- | C] () -- \CtC.png
[2010/12/24 16:41:35 | 000,698,352 | ---- | C] () -- \FL Studio Error.png
[2010/12/10 23:10:23 | 000,000,622 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2010/07/25 23:46:44 | 000,000,038 | ---- | C] () -- C:\Users\Administrator\wxLuaIDE.ini
[2010/06/06 22:47:19 | 000,777,747 | ---- | C] () -- \LOL.jpg
[2010/06/06 01:07:12 | 031,056,033 | ---- | C] () -- \unpacked_ehsvc_18.05.idb
[2010/06/03 16:54:06 | 000,001,973 | ---- | C] () -- C:\Users\Administrator\photorec.cfg
[2010/06/01 14:59:38 | 000,004,243 | ---- | C] () -- \lala.3ds
[2010/05/20 01:24:00 | 006,430,386 | ---- | C] () -- \AirRivals.atm
[2010/05/18 23:41:11 | 000,149,142 | ---- | C] () -- C:\Users\Administrator\unstoppable.gif
[2010/05/08 11:13:37 | 000,000,232 | ---- | C] () -- C:\Users\Administrator\SciTE.session
[2010/05/08 01:27:39 | 000,072,268 | ---- | C] () -- \procexp.chm
[2010/05/08 00:32:25 | 003,879,288 | ---- | C] () -- \procexp.exe
[2010/05/07 23:10:17 | 000,046,017 | ---- | C] () -- C:\Users\Administrator\airrivals_recipies1.pdf
[2010/05/07 23:09:46 | 000,054,707 | ---- | C] () -- C:\Users\Administrator\airrivals_recipies.pdf
[2010/05/07 23:08:40 | 000,000,111 | ---- | C] () -- C:\Users\Administrator\tracegf4d.cmd
[2010/05/07 23:08:27 | 000,014,162 | ---- | C] () -- C:\Users\Administrator\mouseclicks.gif
[2010/05/07 22:58:39 | 040,009,077 | ---- | C] () -- C:\Users\Administrator\e10howto.mov
[2010/05/07 22:58:30 | 000,041,360 | ---- | C] () -- C:\Users\Administrator\Bosses.pdf
[2010/05/07 22:58:08 | 000,012,782 | ---- | C] () -- C:\Users\Administrator\AR enchanting.pdf
[2010/05/07 19:03:28 | 000,560,034 | ---- | C] () -- \meohgawd.jpg
[2010/04/28 01:27:00 | 000,263,768 | ---- | C] () -- \THE LAZER COLLECTION 2.mp3.sfk
[2010/04/28 01:26:38 | 003,061,583 | ---- | C] () -- \THE LAZER COLLECTION 2.mp3
[2010/04/28 01:16:28 | 000,706,652 | ---- | C] () -- \East New Sound ~ U.N. Owen was her ~.wav
[2010/04/28 01:11:56 | 000,013,848 | ---- | C] () -- \Vlan.sfk
[2010/04/28 01:08:51 | 001,764,044 | ---- | C] () -- \Vlan.wav
[2010/04/28 01:07:12 | 000,008,128 | ---- | C] () -- \Vlanlol.mp3.sfk
[2010/04/28 01:06:41 | 000,093,648 | ---- | C] () -- \Vlanlol.mp3
[2010/04/28 00:43:31 | 000,131,683 | ---- | C] () -- \Vlan.mp3
[2010/04/28 00:16:01 | 006,502,641 | ---- | C] () -- \East New Sound ~ U.N. Owen was her ~.mp3
[2010/04/19 23:31:57 | 000,029,696 | ---- | C] () -- \SpaceCowboy.exe
[2010/04/12 20:31:13 | 003,360,841 | ---- | C] () -- \Akon ft. Eminem- Smack That Instrumental.mp3
[2010/04/08 01:54:04 | 000,413,439 | RHS- | C] () -- \TLZYV
[2010/03/10 12:07:14 | 004,981,269 | ---- | C] () -- \Tsukasa - K Lobelia.mp3
[2010/03/04 15:51:11 | 000,000,095 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/02/25 10:36:48 | 000,181,408 | ---- | C] () -- \grldr.bak
[2010/02/24 19:59:04 | 000,171,136 | RHS- | C] () -- \w7ldr
[2010/02/06 15:15:25 | 001,863,094 | ---- | C] () -- \vidtomp3.com-12654804966508.mp3
[2010/01/31 19:44:06 | 000,003,532 | ---- | C] () -- \drmHeader.bin
[2010/01/25 23:28:12 | 002,356,278 | ---- | C] () -- \Dune_Desktop_Wallpaper_Emma_Alvarez.bmp
[2010/01/25 23:28:12 | 001,006,660 | ---- | C] () -- \Jumping Onto White Base.mp3
[2010/01/25 23:28:12 | 000,001,096 | -H-- | C] () -- \IPH.PH
[2010/01/25 23:28:00 | 000,000,000 | R--- | C] () -- \logwmemory.bin
[2010/01/25 23:27:59 | 009,881,451 | ---- | C] () -- \Lostep - Burma.mp3
[2010/01/25 23:27:59 | 005,897,430 | ---- | C] () -- \musicc.mp3
[2010/01/25 23:27:58 | 006,926,535 | ---- | C] () -- \Oliver Smith - Nimbus.mp3
[2010/01/25 23:27:58 | 000,136,272 | ---- | C] () -- \N604217500_1213762_5186.jpg
[2010/01/25 23:27:58 | 000,059,302 | ---- | C] () -- \northern-lights-back.jpg
[2010/01/25 23:27:56 | 000,011,772 | ---- | C] () -- \rawrme.JPG
[2010/01/25 23:27:52 | 014,979,377 | ---- | C] () -- \Yes_-_Awaken.mp3
[2010/01/25 23:27:52 | 008,259,216 | ---- | C] () -- \Wings_of_tomorow.exe
[2010/01/25 23:27:52 | 002,518,622 | ---- | C] () -- \The Tale You Were In (Full Version).mp3
[2010/01/25 23:27:52 | 002,178,968 | ---- | C] () -- \vidtomp3.com-12641138434152.mp3
[2010/01/25 23:27:52 | 000,325,072 | ---- | C] () -- \Untitled5.jpg
[2010/01/25 23:27:52 | 000,182,379 | ---- | C] () -- \Untitled.jpg
[2010/01/25 23:27:52 | 000,105,343 | ---- | C] () -- \Transcript.jpg
[2010/01/25 23:27:52 | 000,095,479 | ---- | C] () -- \SSD531352.jpg
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata04.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata03.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata02.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata01.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata00.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt04.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt03.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt02.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt01.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt00.sqm
[2010/01/25 23:27:49 | 006,089,919 | ---- | C] () -- \Calm_Waters__Dire_Dire_Docks_remix_.mp3
[2010/01/25 23:27:49 | 004,943,319 | ---- | C] () -- \BT - Remember (Phrakture's Unofficial Remix).mp3
[2010/01/25 17:20:12 | 000,000,020 | RHS- | C] () -- \win7.ld
[2010/01/25 15:21:33 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2009/07/13 23:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/13 23:04:04 | 000,000,010 | ---- | C] () -- \config.sys
[2009/03/28 09:35:00 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2009/03/28 09:35:00 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2008/09/26 15:05:15 | 000,383,582 | RHS- | C] () -- \bootmgr.bak
[2008/09/26 15:05:15 | 000,383,562 | RHS- | C] () -- \bootmgr
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 22:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"ThreadingModel" = Free
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 22:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#E56717]========== Drive Information ==========[/color]
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD5000AAKS-55A7B0 ATA Device
Partitions: 2
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST2000DL003-9VT166 ATA Device
Partitions: 1
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 80.00GB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 386.00GB
Starting Offset: 85900394496
Hidden sectors: 0
 
 
DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 1048576
Hidden sectors: 0
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2013/03/26 20:01:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2010/04/15 08:01:04 | 003,879,288 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\procexp.exe
[2012/07/11 17:45:04 | 002,474,608 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Procmon.exe
[2010/04/19 16:56:14 | 000,029,696 | ---- | M] (Microsoft) -- C:\SpaceCowboy.exe
[2002/01/02 15:51:58 | 008,259,216 | ---- | M] () -- C:\Wings_of_tomorow.exe
 
[color=#A23BEC]< %systemroot%\assembly\GAC_32\*.ini >[/color]
 
[color=#A23BEC]< %systemroot%\assembly\GAC_64\*.ini >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2013/03/26 20:01:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2010/04/15 08:01:04 | 003,879,288 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\procexp.exe
[2012/07/11 17:45:04 | 002,474,608 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Procmon.exe
[2010/04/19 16:56:14 | 000,029,696 | ---- | M] (Microsoft) -- C:\SpaceCowboy.exe
[2002/01/02 15:51:58 | 008,259,216 | ---- | M] () -- C:\Wings_of_tomorow.exe
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2013/03/30 22:25:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.minecraft
[2010/01/25 17:04:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\acccore
[2010/06/22 11:41:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ACD Systems
[2012/03/27 12:55:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2011/03/16 00:21:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AMozilla
[2012/04/06 10:47:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AnnkakeSpa
[2010/01/25 17:04:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\App Launcher Gadget
[2012/08/23 19:40:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ARA
[2010/01/25 17:04:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Audacity
[2011/04/20 20:30:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Autodesk
[2013/04/22 21:32:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Azureus
[2012/07/19 23:36:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canneverbe Limited
[2010/01/25 17:04:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Creative
[2010/03/20 12:37:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CUBETYPE
[2010/03/20 01:00:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\D.N.A. Softwares
[2010/01/25 17:04:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Pro
[2011/09/30 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dev-Cpp
[2011/01/02 21:13:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DivX
[2011/08/09 17:14:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DMDirc
[2010/04/24 07:30:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\dvdcss
[2012/04/27 18:55:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dynamic Effects
[2010/01/25 17:24:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESET
[2011/01/13 21:45:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESTsoft
[2012/05/07 23:36:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FileZilla
[2011/01/06 16:09:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FlashFXP
[2010/01/31 10:19:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Foxit Software
[2010/03/19 17:56:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Fujitsu
[2011/10/25 16:49:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Gensokyo.org
[2012/12/19 17:53:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
[2012/10/18 16:06:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Hamachi
[2010/05/20 00:10:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Help
[2010/05/11 21:42:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Hex-Rays
[2010/11/02 06:34:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Homoym
[2012/05/24 21:26:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\hte
[2012/12/25 00:34:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\I2P
[2010/01/25 17:04:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Identities
[2011/08/31 14:56:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IDMComp
[2010/05/06 15:17:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InstallShield
[2010/01/25 17:04:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LimeWire
[2011/07/01 15:54:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LolClient
[2010/01/25 17:04:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2011/09/01 14:50:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mael
[2010/01/25 17:04:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011/08/19 21:09:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MayaWebBrowser
[2009/07/14 04:48:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2010/01/25 17:04:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Player Classic
[2010/12/26 17:43:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MessengerDiscovery 2
[2012/06/05 21:24:20 | 000,000,000 | --SD | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2010/05/08 10:36:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft Corporation
[2011/06/23 20:29:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft Games
[2010/05/03 18:32:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MilkShape 3D 1.x.x
[2010/12/24 02:51:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mIRC
[2011/01/06 21:47:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Move Networks
[2011/01/07 09:48:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2012/01/24 20:28:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mumble
[2010/03/20 01:07:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\net.mesopota.tohoShowtime.A5B365107A30E46004755A9A0862E792DF4441ED.1
[2012/05/06 13:59:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\NVIDIA
[2010/01/25 17:04:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2010/05/20 01:09:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PE Explorer
[2009/07/31 14:37:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PeerNetworking
[2010/01/25 17:04:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Publish Providers
[2013/04/17 22:42:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\QuickScan
[2010/04/17 14:21:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Real
[2011/01/07 22:54:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ScummVM
[2011/08/14 21:51:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ShanghaiAlice
[2012/06/26 21:28:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\six-updater
[2012/06/26 21:26:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\six-zsync
[2013/04/23 19:44:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Skype
[2010/01/25 17:04:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\skypePM
[2011/01/04 12:39:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sony
[2010/01/25 17:04:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sony Creative Software
[2010/04/06 13:45:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spiral Graphics
[2010/07/22 03:15:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sun
[2011/06/24 11:12:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
[2010/01/25 17:04:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\teamspeak2
[2010/04/07 19:01:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Texture Maker
[2013/04/23 21:43:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TortoiseHg
[2011/08/09 03:34:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Trillian
[2012/06/25 19:51:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tunngle
[2010/03/23 19:08:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\U3
[2012/09/06 01:18:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
[2010/03/17 23:45:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ventrilo
[2013/04/23 06:52:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\vlc
[2011/06/07 23:10:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Winamp
[2010/01/28 15:16:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2010/12/08 18:09:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Wuala
[2013/04/23 21:45:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Xfire
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\maxdrive\atapi.sys
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f5054b97743c05b3\atapi.sys
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20545_none_ddc35c9e9bda913a\atapi.sys
 
[color=#A23BEC]< MD5 for: CSRSS.EXE  >[/color]
[2009/07/13 22:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009/07/13 22:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2009/11/02 15:19:00 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2009/09/23 09:34:51 | 002,579,456 | ---- | M] (Microsoft Corporation) MD5=0C81EA51AEB0E47BBC749257EAC179C4 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe
[2009/07/13 22:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/11/02 15:15:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/11/02 15:15:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 03:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
[color=#A23BEC]< MD5 for: MSWSOCK.DLL  >[/color]
[2009/07/13 22:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\ERDNT\cache\mswsock.dll
[2009/07/13 22:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\System32\mswsock.dll
[2009/07/13 22:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
 
[color=#A23BEC]< MD5 for: NAPINSP.DLL  >[/color]
[2009/07/13 22:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\System32\NapiNSP.dll
[2009/07/13 22:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
 
[color=#A23BEC]< MD5 for: NLAAPI.DLL  >[/color]
[2009/07/13 22:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\System32\nlaapi.dll
[2009/07/13 22:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_675c4bea6c3ddad6\nlaapi.dll
 
[color=#A23BEC]< MD5 for: PNRPNSP.DLL  >[/color]
[2009/07/13 22:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\System32\pnrpnsp.dll
[2009/07/13 22:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_71556bd683c82a7a\pnrpnsp.dll
 
[color=#A23BEC]< MD5 for: PRINTISOLATIONHOST.EXE  >[/color]
[2009/07/13 22:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\System32\PrintIsolationHost.exe
[2009/07/13 22:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\winsxs\x86_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_9c856911bff5c373\PrintIsolationHost.exe
 
[color=#A23BEC]< MD5 for: SERVICES.EXE  >[/color]
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
 
[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2009/07/13 22:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009/07/13 22:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 22:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2009/10/28 03:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/10/28 03:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 03:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 02:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/13 22:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009/11/02 15:22:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=AB59486E41610AB13B1555D7D585AE8F -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20548_none_705136794f3f8a98\winlogon.exe
[2009/11/02 15:22:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B151128D1FEBF745BC7EFDE9FACB165A -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16440_none_6fbf975e36292016\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
[color=#A23BEC]< MD5 for: WINRNR.DLL  >[/color]
[2009/07/13 22:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\System32\winrnr.dll
[2009/07/13 22:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll
 
[color=#A23BEC]< MD5 for: WSHELPER.DLL  >[/color]
[2009/07/13 22:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009/07/13 22:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/08 21:58:16 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/08 21:58:16 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/08 21:58:16 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\Program Files\Mozilla Firefox\firefox.exe [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/20 16:17:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/20 16:17:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/20 16:17:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/20 16:17:09 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/20 16:17:09 | 000,748,336 | ---- | M] (Microsoft Corporation)
 
[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/08 21:58:16 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/08 21:58:16 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/08 21:58:16 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\Program Files\Mozilla Firefox\firefox.exe [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/20 16:17:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/20 16:17:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/20 16:17:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/20 16:17:09 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/20 16:17:09 | 000,748,336 | ---- | M] (Microsoft Corporation)
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=#A23BEC]< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >[/color]
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2010/10/30 19:36:33 | 000,221,216 | ---- | M] ()(C:\?????.mp3.sfk) -- C:\東方幻奏箱.mp3.sfk
[2010/10/30 19:36:07 | 000,221,216 | ---- | C] ()(C:\?????.mp3.sfk) -- C:\東方幻奏箱.mp3.sfk
[2010/10/30 19:36:07 | 000,221,216 | ---- | C] ()(\?????.mp3.sfk) -- \東方幻奏箱.mp3.sfk
[2010/10/30 15:13:59 | 002,567,549 | ---- | M] ()(C:\?????.mp3) -- C:\東方幻奏箱.mp3
[2010/10/30 15:13:40 | 002,567,549 | ---- | C] ()(C:\?????.mp3) -- C:\東方幻奏箱.mp3
[2010/10/30 15:13:40 | 002,567,549 | ---- | C] ()(\?????.mp3) -- \東方幻奏箱.mp3
[2010/02/06 15:14:18 | 005,570,592 | ---- | M] ()(C:\EastNewSound ??????(x?y).mp3) -- C:\EastNewSound 悖徳数列組曲(x≒y).mp3
[2010/02/06 15:14:18 | 005,570,592 | ---- | C] ()(C:\EastNewSound ??????(x?y).mp3) -- C:\EastNewSound 悖徳数列組曲(x≒y).mp3
[2010/02/06 15:14:18 | 005,570,592 | ---- | C] ()(\EastNewSound ??????(x?y).mp3) -- \EastNewSound 悖徳数列組曲(x≒y).mp3
[2010/02/06 15:09:19 | 004,729,658 | ---- | M] ()(C:\?? (EastNewSound) - One Day s Memory [??????1969].mp3) -- C:\黒鳥 (EastNewSound) - One Day s Memory [ヴォヤージュ1969].mp3
[2010/02/06 15:09:15 | 004,729,658 | ---- | C] ()(C:\?? (EastNewSound) - One Day s Memory [??????1969].mp3) -- C:\黒鳥 (EastNewSound) - One Day s Memory [ヴォヤージュ1969].mp3
[2010/02/06 15:09:15 | 004,729,658 | ---- | C] ()(\?? (EastNewSound) - One Day s Memory [??????1969].mp3) -- \黒鳥 (EastNewSound) - One Day s Memory [ヴォヤージュ1969].mp3

< End of report >




OTL Extras log:

OTL Extras logfile created on: 2013/04/23 9:52:02 PM - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = C:\
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy/MM/dd
 
3.25 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 43.38% Memory free
13.75 Gb Paging File | 11.56 Gb Available in Paging File | 84.10% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sy [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 15.73 Gb Free Space | 19.67% Space Free | Partition Type: NTFS
Drive D: | 385.76 Gb Total Space | 10.67 Gb Free Space | 2.77% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 418.95 Gb Free Space | 22.49% Space Free | Partition Type: NTFS
 
Computer Name: HEAVENH-B8RJ5SH | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (All) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [Bridge] -- G:\Program Files\Adobe Photoshop CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "D:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Force Uninstall] -- D:\Program Files\Perfect Uninstaller\PU.exe "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{22419DB9-CBC4-4B6F-AB9F-56D5E5369A9C}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{794609A1-DE50-4EC0-AA49-EEFB21791AD9}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DA5B977A-B29E-4387-B295-37162032AA52}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05B1529B-C423-42AA-B981-4ECA247E9FC0}" = DayZ Commander
"{06056D9E-849E-4274-A5DE-6589C019F486}" = USBProg
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C439E7E-DE2B-4AC0-8BEB-DAD70FAE2918}" = AvrTools
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{10A1D1C4-F0B0-4341-B49A-A9ED8FBDBF9D}" = Livestream Procaster
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1296CAF3-F007-4813-A95F-AD153F978DF1}" = AVRStudio4
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{191C9AC7-B78C-4CF4-A6C4-54A27E0AD798}" = S4 League_EU
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{1CB72E04-D2F0-4A4B-AF92-711BF8AADDA3}" = Unreal Script IDE (UDKDevKit) VS 2010 Isolated Shell
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2087381D-01B1-4111-9078-EF68A5AEB0AB}" = PHP 5.3.2
"{211BB680-1ADD-4762-AF5D-B76DEAB3397B}" = COSMIC CORTEX-M C Compiler 64K
"{22461A1C-BD68-4D90-9897-1DB146D55ECB}" = LogMeIn
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{238CE6BA-42DA-473A-9A72-15CE23F4584A}" = Visual3D Game Engine
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{24190661-2122-40D1-9F7C-8FDEA5AE4197}" = Microsoft Windows Performance Toolkit
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
"{2775C25A-DF39-44AA-8E59-E0447DC164C2}" = Call of Duty - World at War
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B78608F-D09A-11DF-A54E-0013D3D69929}" = Vegas Pro 10.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3EB010F9-BF17-42F1-BFCC-528F3586E42D}_is1" = 東方紅舞闘
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{400E4B6F-1BB3-464D-AE91-54D888B7DDC4}" = TortoiseHg 2.4.2 (x86)
"{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{423B39E8-0A8E-4522-BB0A-FCCF86479977}_is1" = VVVVVV (Window v1.0)
"{42B34B8E-3CE3-4D5F-B52B-F9E8A9FBCB65}" = Perforce Visual Components
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4B7IL77L-LKS1-75B1-SKYRIM-18CD6E6334R1}_is1" = The Elder Scrolls V - Skyrim version 1.0
"{4C2DEE4E-D144-555D-66B6-546DF5280756}" = 東方咲待夢
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{58206080-3E1F-4418-8117-D190FC71BF58}" = RealStrat 1.0
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60A08432-00DD-0409-AC2C-143C75460878}" = Autodesk 3ds Max 2010 32-bit Components
"{6151cf20-0bd8-4023-a4a0-6a86dcfe58e5}" = Python 2.6.6
"{61CC5CBA-F483-4489-BD66-12FAAC5D35AB}" = Unreal X-Editor
"{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6406E3EA-9777-45B7-A0C0-89741E629352}" = Composite 2011
"{6555AFAC-CE27-4539-A377-95E63040C3C3}" = 雪山乱闘チルノクライマーズ
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{702EC1FF-A081-48AE-8363-8D78A0919F86}" = Autodesk DirectConnect 2010 R1
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1" = ConTEXT v0.98.6
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8A864555-554E-4DE2-BB36-BC4810355525}" = Autodesk MatchMover 2011 32-bit
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8EFF2EC4-F6F0-4A9B-91A5-92E2EEE93F35}" = g–‚é“`à ”êF‚̀Œđ‹¿‹È
"{8FB91814-FE42-4B62-9B54-4B677A420715}_is1" = CLEO v3.0.950
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" = 
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{975E691C-D9EF-4CFB-A9C7-AB44F4201B0C}_is1" = Warblade 1.33
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9820281B-A9AC-4B17-9CF5-97A4B35714CC}" = Genetica 3.5
"{99B41A19-7FD5-4B0C-A2AB-1A065669F8A3}" = Maya 7.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A25947EB-D9C2-4D6E-8051-810C913211B5}_is1" = ApiViewer 2004
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6CB6078-18CF-401D-8D3D-4EA0C971EE0B}_is1" = 東方鎖宝録 1.00
"{A74F33CB-8C7D-404F-93F5-A63317379BD2}" = Windows 7 Manager
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A84EF2EA-FA7E-495C-9581-933496C9B9E9}}_is1" = ACE Online EP3-5 3.7.2.2 Full
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A933C7DE-E96A-4A27-BE68-57297196E274}" = MGTEK MiniIDE 1.19
"{AC075837-7071-4c07-B9A1-CF5586060FE1}" = Autodesk Maya 2011 English Documentation 32-bit
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BAF9E4D0-F3D1-4355-B973-1384CDF1941C}" = Hex Workshop v6.6
"{BEF22C6C-C603-44D1-AE86-F300A40249A6}_is1" = ダイナマリサ3D Ver1.02アップデート
"{BF1BDC10-4366-4221-0103-000001000000}" = COLLADAMax (1.3.0)
"{BF1BDC10-4366-4231-0103-000001000000}" = COLLADAMaya (1.3.0)
"{C033BF6E-9D82-4E0B-A46E-ABC746D6F431}" = Autodesk DirectConnect 2.0
"{C1717CAF-F589-4493-B9CC-7A49218233EF}" = Okino Plug-ins Installer
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1" = ISO to USB
"{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}" = POV-Ray for Windows v3.62
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{d40af016-506c-43fb-a738-bd54fa8c1e85}" = Python 3.1.2
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files 
"{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVRStudio4
"{D64B6984-242F-32BC-B008-752806E5FC44}" = Microsoft Visual Studio 2010 Shell (Isolated) - ENU
"{D86BD140-E0A5-470D-BEE9-42C9D2CC1012}" = PolyTrans
"{D8D06241-617C-42AB-B9C7-D9BA5A377D10}" = NVIDIA Texture Tools 2
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E4386119-2C33-4023-9836-783F43A90E3C}" = Autodesk Maya 2011 32-bit
"{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E85397AD-D60E-4141-82E6-FAA312A09271}" = Digital Camera
"{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}" = AVR Jungo USB
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
"{F037A396-7FA3-4FB4-ACB8-3C6FE57B02BD}" = Microsoft XNA Framework Redistributable 3.1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5122FCA-FCE1-4E8B-9F09-B5500DE10666}" = 四聖龍神録Plus
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.25)
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FDD6ED8B-DB77-43BC-B0B2-608A1F27AABC}}_is1" = UnCodeX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"3D Model Viewer 0.3.5.4" = 3D Model Viewer 0.3.5.4
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"7-Zip" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"AC3Filter_is1" = AC3Filter 1.63b
"Addictive Drums" = Addictive Drums
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"AIM_7" = AIM 7
"AirRivals_EN_is1" = AirRivals_EN 1.0.0.39
"AirRivals_is1" = AirRivals
"ALUpdate_is1" = ALTools Update
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"ArmA 2" = ArmA 2 Uninstall
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"Autodesk FBX Plug-in 2013.1 - Maya 2013" = Autodesk FBX Plug-in 2013.1 - Maya 2013
"AutoHotkey" = AutoHotkey 1.0.91.05
"AutoItv3" = AutoIt v3.3.6.1
"avast" = avast! Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BattlEye for OA" = BattlEye for OA Uninstall
"Belarc Advisor" = Belarc Advisor 8.1
"Blender" = Blender (remove only)
"Bochs 2.4.5" = Bochs 2.4.5 (remove only)
"BOMB MEIRIN_is1" = BOMB MEIRIN
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"Crazybump" = Crazybump (remove only)
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Diablo" = Diablo
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"D-i-v-X - AVI Codec Pack Pro" = D-i-v-X AVI Codec Pack Pro 2.2.0
"DMDirc" = DMDirc
"DOOM Collector's Edition" = DOOM Collector's Edition
"EasyBCD" = EasyBCD 2.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EximiousSoft GIF Creator_is1" = EximiousSoft GIF Creator V5.70
"ExtractNow_is1" = ExtractNow
"FDHAGBGDGFENGBHCGJHDGBHC" = SpaceMarisar
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"Fiend" = Fiend
"File And MP3 Tag Renamer_is1" = File And MP3 Tag Renamer 2.2
"FileZilla Server" = FileZilla Server
"FL Studio 9" = FL Studio 9
"Foxit Reader" = Foxit Reader
"gensoC77" = 幻想風淫録~淫行は儚き人間の為に~
"GLOBEtrotter FLEXid Drivers" = GLOBEtrotter FLEXid Drivers
"GLVIEW3" = OpenGL Extensions Viewer 4.0
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"HaaliMkx" = Haali Media Splitter
"Hardcore" = Hardcore
"IDA Pro Advanced v5.5 with Hex-Rays Decompiler v1.1_is1" = IDA Pro Advanced v5.5 with Hex-Rays Decompiler v1.1
"Inno Setup 5_is1" = Inno Setup version 5.4.2
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"InstallShield_{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"JFDuke3D" = JFDuke3D 20051009
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LinkChecker_is1" = LinkChecker 7.9
"LogMeIn Hamachi" = LogMeIn Hamachi
"MadTracker 2" = MadTracker 2
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Maple Virtual Midi Cable_is1" = Hurchalla Maple VMidi Cable v3.56
"Maristice English" = NSIS Maristice English
"MatlabR2011a" = MATLAB R2011a
"Matroska Pack" = Matroska Pack
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Second Editon Redistributable
"MilkShape 3D 1.8.4" = MilkShape 3D 1.8.4
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MTI ModelSim PE Student Edition 10.1b Deinstall Key" = ModelSim PE Student Edition 10.1b
"net.mesopota.tohoShowtime.A5B365107A30E46004755A9A0862E792DF4441ED.1" = 東方咲待夢
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OEMInformation" = OEM Logo and Information
"Orcad Family Release 9.2 Lite Edition" = Orcad Family Release 9.2 Lite Edition
"Panda3D 1.6.2" = Panda3D 1.6.2
"PE Explorer_is1" = PE Explorer 1.99
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.8
"PoiZone" = PoiZone
"Postal 2_is1" = Portal 2
"PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)
"Rainbow Sentinel Driver" = Sentinel System Driver
"RiseOfNationsExpansion 1.0" = Rise of Nations
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"Rocketfish Live! Cam Center" = Rocketfish Live! Cam Center
"Rocketfish VF0510" = Rocketfish 2MP AF Webcam Driver (1.00.06.00)
"Rocketfish Webcam User's Guide" = Rocketfish Webcam User's Guide
"SadMan Software: Search_is1" = SadMan Software: Search V3.7
"Sandboxie" = Sandboxie 3.44
"Sanny Builder 3_is1" = Sanny Builder 3.04
"Sawer" = Sawer
"Serious Samurize" = Serious Samurize
"Soldat patch 1.4.2-1.5.0_is1" = Soldat 1.5.0
"Soldat_is1" = Soldat 1.5.0
"StarCraft II" = StarCraft II
"Steam App 212800" = Super Crate Box
"Steam App 730" = Counter-Strike: Global Offensive
"Stranger's Requiem" = 紅魔城伝説II 妖幻の鎮魂歌
"SystemRequirementsLab" = System Requirements Lab
"The Elder Scrolls V Skyrim Dragonborn Addon DLC-=AviaRa=- 0.13" = The Elder Scrolls V Skyrim Dragonborn Addon DLC-=AviaRa=- 0.13
"The Elder Scrolls V Skyrim Update-=AviaRa=- v1.8.151.0" = The Elder Scrolls V Skyrim Update-=AviaRa=- v1.8.151.0
"The Project 2" = The Project 2
"Totalcmd" = Total Commander (Remove or Repair)
"Toxic Biohazard" = Toxic Biohazard
"Tunngle beta_is1" = Tunngle beta
"UDK-bcf57679-2bd6-4d3c-a423-1b8b584fd9f5" = Unreal Development Kit: 2012-10
"Unlocker" = Unlocker 1.9.0
"Unreal X-Editor 2.1" = Unreal X-Editor
"UT2004" = Unreal Tournament 2004
"Valve Hammer Editor" = Valve Hammer Editor
"VentriloMIX" = VentriloMIX
"Vindictus" = Vindictus
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"WinAVR-20100110" = WinAVR 20100110 (remove only)
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Zombie Shooter 2_is1" = Zombie Shooter 2 v 1.0
"Zombie Shooter_is1" = Zombie Shooter v 1.0
"ェF、隍fウUセヤェァEVO" = ェF、隍fウUセヤェァEVO
"お嬢様のドキドキ大作戦" = お嬢様のドキドキ大作戦 ~呪われた紅の館~
"さなえの超特急_is1" = さなえの超特急
"もっと!?不思議の幻想郷_is1" = もっと!?不思議の幻想郷
"るみゃんランド" = るみゃんランド
"不思議の幻想郷_is1" = 不思議の幻想郷 ver 1.00
"宵闇伝説_is1" = 宵闇伝説 ver1.00
"東方スカイアリーナ・幻想郷空戦姫" = 東方スカイアリーナ・幻想郷空戦姫
"東方大運動会" = 東方大運動会
"東方幻想麻雀_is1" = 東方幻想麻雀
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BLP FILES" = BLP FILES
"Diablo" = Diablo
"Hawken" = Hawken
"Seal Hunter" = Seal Hunter
"UnityWebPlayer" = Unity Web Player
"WinDirStat" = WinDirStat 1.1.2
"Yume Nikki 0.10 English" = Yume Nikki 0.10 English
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2013/04/23 8:43:16 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
[ System Events ]
Error - 2013/04/23 8:43:48 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 2013/04/23 8:43:48 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 2013/04/23 8:43:58 PM | Computer Name = HEAVENH-B8RJ5SH | Source = PNRPSvc | ID = 102
Description = 
 
Error - 2013/04/23 8:43:58 PM | Computer Name = HEAVENH-B8RJ5SH | Source = PNRPSvc | ID = 102
Description = 
 
Error - 2013/04/23 8:43:58 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 2013/04/23 8:43:58 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 2013/04/23 8:43:58 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 2013/04/23 8:43:58 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 2013/04/23 8:45:29 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).
 
Error - 2013/04/23 8:45:29 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
 
< End of report >




FSS log:

Farbar Service Scanner Version: 14-04-2013
Ran by Administrator (administrator) on 24-04-2013 at 06:47:12
Running from "C:\Users\Administrator\Desktop"
Windows 7 Ultimate  (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2009-11-02 15:10] - [2009-11-02 15:10] - 1285208 ____A (Microsoft Corporation) A1EDFAE89BC8956C925B99950E3558AD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2009-11-02 15:20] - [2009-11-02 15:20] - 1025536 ____A (Microsoft Corporation) F1BF254DC9EDA07E3A83BD111E39A350

C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

  • 0

Advertisements


#32
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.

Then run ESET and Bitdefender:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).
  • 0

#33
biggy c

biggy c

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
ESET log:

C:\_OTL\MovedFiles\04222013_213730\C_$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\n	Win32/Sirefef.EV trojan	cleaned by deleting - quarantined
C:\_OTL\MovedFiles\04222013_213730\C_$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U\00000004.@	Win32/Conedex.D trojan	cleaned by deleting - quarantined
C:\_OTL\MovedFiles\04222013_213730\C_$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U\000000cb.@	Win32/Conedex.E trojan	cleaned by deleting - quarantined
C:\_OTL\MovedFiles\04222013_213730\C_$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U\80000000.@	Win32/Sirefef.FA trojan	cleaned by deleting - quarantined
C:\_OTL\MovedFiles\04222013_213730\C_$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U\80000032.@	a variant of Win32/Sirefef.FV trojan	cleaned by deleting - quarantined
G:\Callum G\The.Elder.Scrolls.V.Skyrim.Update.13-RELOADED\rld-tesvsu13.rar	a variant of Win32/Packed.VMProtect.AAH trojan	deleted - quarantined
G:\Program Files\The Elder Scrolls V - Skyrim\steam_api.dll	a variant of Win32/Packed.VMProtect.AAH trojan	cleaned by deleting - quarantined




Bitdefender log:


QuickScan 32-bit v0.9.9.118
---------------------------
Scan date:  Thu Apr 25 07:21:51 2013
Machine ID: C20058C9



No infection found.
-------------------



Processes
---------
            Steam Client Bootstrapper                3260    D:\Program Files\Steam\Steam.exe
            Windows® Internet Explorer               1444    C:\Program Files\Internet Explorer\iexplore.exe
            Windows® Internet Explorer               4656    C:\Program Files\Internet Explorer\iexplore.exe
(verified)  avast! Antivirus                         1672    D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(verified)  avast! Antivirus                         3136    D:\Program Files\AVAST Software\Avast\AvastUI.exe
(verified)  Firefox                                  2932    D:\Program Files\Mozilla Firefox\firefox.exe
(verified)  Hamachi Client                           3680    D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(verified)  Hamachi Client                           1960    D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(verified)  java.exe                                 2300    G:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
(verified)  Live! Cam Console Auto Launcher          2704    C:\Windows\V0510Mon.exe
(verified)  LMIGuardianSvc                           1368    D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(verified)  Logitech GamePanel Software              2440    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(verified)  Logitech GamePanel Software              2384    C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(verified)  Logitech GamePanel Software              2260    C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(verified)  LogMeIn                                  2164    D:\Program Files\LogMeIn\x86\LogMeIn.exe
(verified)  LogMeIn                                  2700    D:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(verified)  LogMeIn                                  2120    D:\Program Files\LogMeIn\x86\ramaint.exe
(verified)  MagicDisc                                3524    D:\Program Files\MagicDisc\MagicDisc.exe
(verified)  Microsoft Search Enhancement Pack        2712    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(verified)  Microsoft® Windows® Operating System     3776    C:\Windows\explorer.exe
(verified)  Microsoft® Windows® Operating System     2312    C:\Windows\System32\conhost.exe
(verified)  Microsoft® Windows® Operating System      460    C:\Windows\System32\csrss.exe
(verified)  Microsoft® Windows® Operating System      532    C:\Windows\System32\csrss.exe
(verified)  Microsoft® Windows® Operating System     3748    C:\Windows\System32\dwm.exe
(verified)  Microsoft® Windows® Operating System      592    C:\Windows\System32\lsass.exe
(verified)  Microsoft® Windows® Operating System      600    C:\Windows\System32\lsm.exe
(verified)  Microsoft® Windows® Operating System      568    C:\Windows\System32\services.exe
(verified)  Microsoft® Windows® Operating System      324    C:\Windows\System32\smss.exe
(verified)  Microsoft® Windows® Operating System     2012    C:\Windows\System32\spoolsv.exe
(verified)  Microsoft® Windows® Operating System     1576    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     2040    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     1080    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     2492    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     2760    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     2816    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System      756    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System      900    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     3664    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System      988    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     1856    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     1048    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     1248    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     2648    C:\Windows\System32\taskhost.exe
(verified)  Microsoft® Windows® Operating System     3984    C:\Windows\System32\taskhost.exe
(verified)  Microsoft® Windows® Operating System     5728    C:\Windows\System32\taskhost.exe
(verified)  Microsoft® Windows® Operating System      520    C:\Windows\System32\wininit.exe
(verified)  Microsoft® Windows® Operating System      656    C:\Windows\System32\winlogon.exe
(verified)  Microsoft® Windows® Operating System     1516    C:\Windows\System32\WUDFHost.exe
(verified)  Microsoft® Windows® Operating System     1376    C:\Windows\System32\WUDFHost.exe
(verified)  NVIDIA Driver Helper Service, Version 3   836    C:\Windows\System32\nvvsvc.exe
(verified)  NVIDIA Driver Helper Service, Version 3  1416    C:\Windows\System32\nvvsvc.exe
(verified)  NVIDIA nTune                             2792    C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
(verified)  NVIDIA nTune                             2284    G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
(verified)  NVIDIA Settings                          3304    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(verified)  NVIDIA User Experience Driver Component  1404    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(verified)  Realtek HD Audio Manager                 2516    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(verified)  Sandboxie                                2564    D:\Program Files\Sandboxie\SbieSvc.exe
(verified)  Skype                                    5872    C:\Program Files\Skype\Phone\Skype.exe
(verified)  Skype Extras Manager                     4892    C:\Program Files\Skype\Plugin Manager\skypePM.exe
(verified)  Stereo Vision Control Panel API Server    860    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(verified)  TortoiseHg                               4076    G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
(verified)  wrapper.exe                              2232    G:\Program Files\Alias\Maya7.0\docs\wrapper.exe


Network activity
----------------
Process iexplore.exe (1444) connected on port 80 (HTTP) --> 184.84.79.139
Process iexplore.exe (1444) connected on port 80 (HTTP) --> 184.84.79.139
Process iexplore.exe (1444) connected on port 80 (HTTP) --> 74.125.226.7
Process iexplore.exe (1444) connected on port 80 (HTTP) --> 74.125.226.7
Process iexplore.exe (1444) connected on port 80 (HTTP) --> 24.222.202.241
Process iexplore.exe (1444) connected on port 80 (HTTP) --> 24.222.202.241
Process svchost.exe (1576) connected on port 80 (HTTP) --> 24.222.202.241
Process svchost.exe (1576) connected on port 80 (HTTP) --> 24.222.202.231
Process LogMeIn.exe (2164) connected on port 80 (HTTP) --> 64.74.103.183
Process firefox.exe (2932) connected on port 443 (HTTP over SSL) --> 31.13.71.23
Process firefox.exe (2932) connected on port 80 (HTTP) --> 88.85.89.6
Process Skype.exe (5872) connected on port 40031 --> 64.4.23.165

Process wininit.exe (520) listens on ports: 49152 (RPC)
Process services.exe (568) listens on ports: 49161 (RPC)
Process lsass.exe (592) listens on ports: 49156 (RPC)
Process svchost.exe (900) listens on ports: 135 (RPC)
Process svchost.exe (988) listens on ports: 49153 (RPC)
Process svchost.exe (1080) listens on ports: 49154 (RPC)
Process LogMeIn.exe (2164) listens on ports: 2002 (Cisco ACS)
Process java.exe (2300) listens on ports: 4449
Process Skype.exe (5872) listens on ports: 80 (HTTP), 443 (HTTP over SSL), 47493


Autoruns and critical files
---------------------------
            Steam Client Bootstrapper                D:\Program Files\Steam\Steam.exe
(unsigned)  Windows Live Messenger                   C:\Program Files\Windows Live\Messenger\msnmsgr.exe

(verified)  Adobe Acrobat                            C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
(verified)  Adobe CS5 Service Manager                C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
(verified)  Adobe Reader and Acrobat Manager         C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(verified)  Adobe Updater Startup Utility            C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
(verified)  avast! Antivirus                         D:\Program Files\AVAST Software\Avast\AvastUI.exe
(verified)  Ave's Vista Folder Background            C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll
(verified)  Google Update                            C:\Program Files\Google\Update\GoogleUpdate.exe
(verified)  GrooveShellExtensions Module             C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
(verified)  Hamachi Client                           D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(verified)  Live! Cam Console Auto Launcher          C:\Windows\V0510Mon.exe
(verified)  Logitech GamePanel Software              C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(verified)  Logitech GamePanel Software              C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(verified)  Logitech GamePanel Software              C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(verified)  LogMeIn                                  D:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(verified)  MagicDisc                                D:\Program Files\MagicDisc\MagicDisc.exe
(verified)  Microsoft® Windows® Operating System     C:\Windows\System32\DreamScene.dll
(verified)  Microsoft® Windows® Operating System     c:\windows\system32\userinit.exe
(verified)  NVIDIA nTune                             G:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
(verified)  Realtek HD Audio Manager                 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(verified)  SBSV 2010/02/19-11:02:07                 C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
(verified)  TortoiseHg                               G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
(verified)  Windows® Internet Explorer               c:\windows\system32\webcheck.dll
(verified)  Xfire                                    D:\Program Files\Xfire\Xfire.exe


Browser plugins
---------------
            Bitdefender QuickScan                    C:\Windows\Downloaded Program Files\qsax.dll
            Java Deployment Toolkit 7.0.210.11       C:\Windows\system32\npDeployJava1.dll
(unsigned)  Google Earth Plugin                      C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

(verified)  AcroIEHelperShim Library                 c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified)  avast! Antivirus                         d:\program files\avast software\avast\aswwebrepie.dll
(verified)  Bonjour                                  C:\Program Files\Bonjour\mdnsNSP.dll
(verified)  Google Update                            C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
(verified)  GrooveShellExtensions Module             C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
(verified)  InstallShield Update Service             C:\Windows\Downloaded Program Files\dwusplay.dll
(verified)  InstallShield Update Service             C:\Windows\Downloaded Program Files\dwusplay.exe
(verified)  InstallShield Update Service             C:\Windows\Downloaded Program Files\isusweb.dll
(verified)  Microsoft Search Enhancement Pack        c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
(verified)  Microsoft® Windows Live Login Helper     c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\system32\mswsock.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\system32\napinsp.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\system32\pnrpnsp.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\System32\winrnr.dll
(verified)  Nexon Game Controller                    C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
(verified)  npLMI64.dll                              C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyb1rxtj.default\extensions\[email protected]\plugins\npLMI64.dll
(verified)  npRACtrl.dll                             C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyb1rxtj.default\extensions\[email protected]\plugins\npRACtrl.dll
(verified)  NVIDIA 3D Vision                         C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
(verified)  NVIDIA 3D VISION                         C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
(verified)  Pando Web Plugin                         C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
(verified)  QUAKE LIVE                               C:\ProgramData\id Software\QuakeLive\npquakezero.dll
(verified)  Shockwave for Director                   C:\Windows\system32\Adobe\Director\np32dsw.dll
(verified)  Silverlight Plug-In                      C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
(verified)  unagiuninst.exe                          C:\Windows\Downloaded Program Files\unagiuninst.exe
(verified)  Unity Player                             C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
(verified)  Windows® Internet Explorer               C:\Windows\system32\IEFRAME.dll


Scan
----
MD5: 185d50da1832a734dc9826037e82be40  C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
MD5: 06c1e887bf34c0e31eb8e2c999e4842f  C:\Program Files\Common Files\BattlEye\BEService.exe
MD5: e971e06dde68684cb3957c5d0e133cb0  C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
MD5: daab337efa9577364a245d3c6ca8d00c  C:\Program Files\Internet Explorer\IEShims.dll
MD5: 904e13ba41af2e353a32cf351ca53639  C:\Program Files\Internet Explorer\iexplore.exe
MD5: 6ba0b21f9443bf7109618a0ea975b776  C:\Program Files\Windows Live\Messenger\msnmsgr.exe
MD5: 56940b50ab0e5923822f47b0e4463885  C:\Windows\Downloaded Program Files\qsax.dll
MD5: 4312debdacbe338f0b90e7f08e7672be  C:\Windows\System32\Dxtmsft.dll
MD5: ca493a92da9880b6f1a89c3dbd54ba5b  C:\Windows\System32\Dxtrans.dll
MD5: ed6f6fbbcdec95483b7351e23f4fcdf6  C:\Windows\system32\IEADVPACK.DLL
MD5: ee9d715af1b928982f417238b9914484  C:\Windows\System32\ieapfltr.dll
MD5: 7a043553f8e15f64700a588d2bad61a0  C:\Windows\system32\IEUI.dll
MD5: 1e9ee9c84c78267583fb329232a77f8e  C:\Windows\system32\ime\imejp10\imjpapi.dll
MD5: 8d67e74a3a935d1518074abdd819bc1c  C:\Windows\system32\ime\imejp10\imjptip.dll
MD5: 6af2e7b2990845cb30bfba142488ef1b  C:\Windows\system32\ime\shared\imetip.dll
MD5: af585a9bad0f8feced00a9760037e645  C:\Windows\system32\ime\shared\imjkapi.dll
MD5: 0f082700ee3082c58cd2f2e1f96e9e81  C:\Windows\system32\imjp10k.dll
MD5: 45b6088d503046438c0dd7961b028148  C:\Windows\System32\kernelceip.dll
MD5: 6e067e803b1a2e77ac58adc787b65d3d  C:\Windows\system32\LMIRfsClientNP.dll
MD5: e3c817f7fe44cc870ecdbcbc3ea36132  C:\Windows\system32\MSVCP100.dll
MD5: adc539f67d3198679f480974ee203678  C:\Windows\system32\npDeployJava1.dll
MD5: bbc47a2e02be7deaa8ed514aab4f1faf  C:\Windows\system32\npptNT2.sys
MD5: 4b9e4ce667df26ada061aa81e9aa841d  C:\Windows\system32\SPFILEQ.dll
MD5: 16f3bb89525ee0a857923e63206409d9  C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d1cb520e4353d918\ATL80.DLL
MD5: 994b23aeffedffda471374d646b771dc  D:\Program Files\AVAST Software\Avast\defs\13020200\algo.dll
MD5: 11600e7f792bc361ef69b981f10a9e74  D:\Program Files\Steam\bin\chromehtml.DLL
MD5: 69ece6902682037ea5187c702359445f  D:\Program Files\Steam\bin\filesystem_steam.DLL
MD5: 1002e991fbfa253cd406ca1f0b15cd75  d:\program files\steam\bin\friendsui.dll
MD5: b5d62827cfd1a710b3fa2beb024661a9  d:\program files\steam\bin\serverbrowser.dll
MD5: 00d5c509a656a171fb05812df59c554e  D:\Program Files\Steam\bin\steamservice.dll
MD5: d654b89c1009437a21d42b909f129154  D:\Program Files\Steam\bin\vgui2_s.DLL
MD5: 4441bafa07b59a664ad1e58658b532de  D:\Program Files\Steam\crashhandler.dll
MD5: 8a615ba7ea2e374e4ff9ca6664ae07c4  D:\Program Files\Steam\SDL2.dll
MD5: 407fe7d64bf0257ec28d8da8ef77dda4  D:\Program Files\Steam\Steam.exe
MD5: 2f91685947c05d9fd822802a66511c1a  D:\Program Files\Steam\steamclient.dll
MD5: c85ce85a6ee327c755605501cc51b406  D:\Program Files\Steam\steamui.dll
MD5: d9298af94e6bf21665a42261a02ab0c9  D:\Program Files\Steam\tier0_s.dll
MD5: d47bd344124a01202edbdf091e60313d  D:\Program Files\Steam\vstdlib_s.dll
MD5: c623057d3905323f760a8b3c8523c072  G:\Program Files\FileZilla Server\FileZilla Server.exe
MD5: f9982f8b1176597b81ed1285d1616ce7  G:\Program Files\TortoiseHg\_ctypes.pyd
MD5: 372cd4bfc36d5391a871d69993ffc3f5  G:\Program Files\TortoiseHg\mercurial.osutil.pyd
MD5: f351940513629b58ebdb003605033d3f  G:\Program Files\TortoiseHg\PYTHON27.DLL
MD5: 3797d1a27b99b4fca9e10096663485d8  G:\Program Files\TortoiseHg\pythoncom27.dll
MD5: be9634a0b424cbc53073f9b9695d3811  G:\Program Files\TortoiseHg\pywintypes27.dll
MD5: fcd918718b5e4859ec4981df554dee35  G:\Program Files\TortoiseHg\win32api.pyd
MD5: 73fbbfe382ec587cf045f40df4b4b5e8  G:\Program Files\TortoiseHg\win32com.shell.shell.pyd
MD5: 9b6c4657261deec8fc946c6c90d31263  G:\Program Files\TortoiseHg\win32event.pyd
MD5: 216be721227564bb1b94106561865fb4  G:\Program Files\TortoiseHg\win32file.pyd
MD5: d78e0397069bd863f177e877707dfaa8  G:\Program Files\TortoiseHg\win32gui.pyd
MD5: 5bd00133905a6fe90860609a17979e49  G:\Program Files\TortoiseHg\win32pipe.pyd
MD5: 62a42dd4174ccf972630696448d6d1cc  G:\Program Files\TortoiseHg\win32process.pyd
MD5: b4da699d62559fcfb575432f727cc79b  G:\Program Files\TortoiseHg\win32security.pyd
MD5: f8302e3e534af5e3f2588a974bea80df  G:\Program Files\Tunngle\TnglCtrl.exe
MD5: 7f24976d1ce5c7c8d67b15b6ea75df35  G:\UDK\Perforce\p4exp.dll


No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.00 MB sent, 0.17 KB recvd
Scanned 1121 files and modules - 89 seconds

==============================================================================

  • 0

#34
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Do you really need Pando? It's talking to some sites that don't really have the best reputation.

Let's clean up some deadwood that is causing errors:

Copy the text in the code box by highlighting and Ctrl + c

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva380.sys -- (XDva380)
DRV - File not found [File_System | On_Demand | Stopped] --  -- (StarOpen)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\epfwwfp.sys -- (epfwwfp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\CFcatchme.sys -- (CFcatchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] --  -- (adfs)

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\04252013-some number.log so look there if you don't see it.

Then we are getting this error:

Error - 2013/04/23 8:43:16 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.


This is serious. You need to reactivate your Windows or it will stop working.

http://windows.micro...n-this-computer

You have LogMeIn installed. Did you install it? Do you use it? Does it work?

Copy the next line:

WMIC USERACCOUNT WHERE "Name='UpdatusUser'" SET PasswordExpires=FALSE

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Close the command window.


That is supposed to stop these errors:


Error - 2013/04/23 8:45:29 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 2013/04/23 8:45:29 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069


For these errors:

[ System Events ]
Error - 2013/04/23 8:43:48 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 2013/04/23 8:43:48 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 2013/04/23 8:43:58 PM | Computer Name = HEAVENH-B8RJ5SH | Source = PNRPSvc | ID = 102
Description =

Error - 2013/04/23 8:43:58 PM | Computer Name = HEAVENH-B8RJ5SH | Source = PNRPSvc | ID = 102
Description =

Error - 2013/04/23 8:43:58 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 2013/04/23 8:43:58 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 2013/04/23 8:43:58 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 2013/04/23 8:43:58 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535


See if you can follow posts #5, 6 & 7 on this page:

http://windows7forum...g-grouping.html

(To get into Services: Type: services.msc in the search programs and files box then when it finds it, right click on services.msc and run as admin.)
These are normally set to the following Startup Type:
Peer Name Resolution Protocol - Manual
Peer Networking Grouping - Manual
Peer Networking Identity Manager - Manual
PNRP Machine Name Publication Service - Manual


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#35
biggy c

biggy c

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Seems that fixed up everything:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 27/04/2013 2:27:49 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 27/04/2013 2:26:59 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I was putting off reactivating Windows until after the malware was gone, just in case. It's reactivated now.

I also uninstalled Pando. It came with League of Legends and is pretty much bloatware anyway, since it's just used for installing the game as far as I know (and possibly updating).

LogMeIn is something I did install myself and do use, so it isn't some third party trying to access my computer.

Edited by biggy c, 27 April 2013 - 11:38 AM.

  • 0

#36
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Did you reboot after clearing the logs and before running VEW?

Do we have any problems left?
  • 0

#37
biggy c

biggy c

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Yea, I did, everything seems to be good now; thank you for all your help, I really appreciate it.
  • 0

#38
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 9 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then you should install No-Script (Firefox) or Script-No add-ons (Chrome) and only use Firefox or Chrome to visit the site. You will need to tell No-Script/Script-No that the site is allowed to run Java.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works. http://support.microsoft.com/kb/294871

If you are feeling especially paranoid you can install the free firewall called Online Armor:
http://www.online-armor.com/


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0

#39
biggy c

biggy c

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Thanks a lot, I'll be sure to donate to your charity.
  • 0

#40
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Thank You!
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP