Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slow startup time after removal of lineage trojan


  • Please log in to reply

#1
AntonioY

AntonioY

    Member

  • Member
  • PipPip
  • 12 posts
Hey everyone so I recently got the frisby gamepad controller and decided to install the drivers after running scans from malewarebytes, kaspersky and spy-bot. I even uploaded the driver file to virus total and came up with 17/46 antivirus scanners confirmed viruses. I felt as if the trojan indicators on the frisby drivers were false positives because... hey a company should not be doing this. I was wrong. I will link the results below.
-----
https://www.virustot...sis/1365088270/
-----
After installing the drivers I ran scans with trendmicro's platinum, panda antivirus, malewarebytes, spy-bot and lastly kaspersky. I think I successfully removed the virus in the end (it was using a java based backdoor) and my netlimiter 4 is not showing any strange upload activity.

And of course after scanning with each program I uninstalled them shortly but not before panda antivirus decided to delete something related to gigabyte... "SCEWIN.exe."

However, after restarting my computer I realized the start up time is way longer than it should be or used to be. I just want to have a second opinion on my computer. Thanks!

OTL logfile created on: 4/4/2013 11:14:39 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Antonio\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 34.31% Memory free
7.99 Gb Paging File | 4.64 Gb Available in Paging File | 58.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 884.87 Gb Total Space | 472.45 Gb Free Space | 53.39% Space Free | Partition Type: NTFS
Drive D: | 46.54 Gb Total Space | 29.49 Gb Free Space | 63.37% Space Free | Partition Type: NTFS

Computer Name: ANTONIO-DT | User Name: Antonio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/03/21 12:53:54 | 012,250,424 | ---- | M] (Zemana Ltd.) -- C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
PRC - [2013/03/16 03:36:28 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013/03/15 15:28:12 | 004,683,768 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2013/03/12 03:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Antonio\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/03/09 01:35:21 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/01/23 02:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2013/01/14 14:55:16 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/10/05 16:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Antonio\Desktop\OTL.exe
PRC - [2012/08/30 09:20:14 | 002,550,968 | ---- | M] (Beepa P/L) -- C:\Fraps\fraps.exe
PRC - [2011/09/16 15:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/04 11:14:14 | 000,192,512 | ---- | M] () -- C:\Users\Antonio\AppData\Local\Temp\sfamcc00001.dll
MOD - [2013/04/04 11:14:13 | 000,158,720 | ---- | M] () -- C:\Users\Antonio\AppData\Local\Temp\sfareca00001.dll
MOD - [2013/03/16 03:36:27 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013/03/09 01:35:12 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/23 02:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2013/01/16 12:01:08 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2013/01/16 12:01:06 | 000,348,160 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2013/01/16 12:01:00 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2013/01/16 12:00:58 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2013/01/16 12:00:56 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2011/04/30 15:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/12/19 15:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/24 21:16:58 | 000,072,192 | ---- | M] (Palm) [Disabled | Stopped] -- C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe -- (NovacomD)
SRV:64bit: - [2011/03/21 16:19:16 | 001,845,248 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Program Files\NetLimiter 3\nlsvc.exe -- (nlsvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/30 01:17:07 | 000,049,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013/03/16 03:36:28 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/27 03:11:35 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/25 08:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/13 05:45:23 | 000,076,888 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/01/31 11:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/14 14:55:16 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/17 15:46:50 | 000,137,488 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/09/20 23:55:44 | 000,136,648 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2011/08/30 15:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/21 12:53:54 | 000,024,760 | ---- | M] (Zemana Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyCrypt64.sys -- (keycrypt)
DRV:64bit: - [2013/01/19 01:20:48 | 000,029,672 | ---- | M] (REALiX™) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV:64bit: - [2013/01/14 14:55:12 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/01/14 14:55:12 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/01/14 14:55:12 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/01/14 14:55:12 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/12/27 02:26:12 | 000,805,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/12/19 16:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 15:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/12/19 09:42:10 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t_mouse.sys -- (t_mouse.sys)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/06 07:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/10/09 05:44:58 | 000,322,920 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2012/10/09 05:44:58 | 000,028,008 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2012/09/26 00:56:43 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/09/17 16:05:10 | 000,123,704 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2012/08/28 08:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/08/27 20:39:20 | 000,226,696 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2012/08/27 20:39:16 | 000,107,912 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/04/10 21:40:58 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/04/10 21:40:58 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/03/02 17:03:00 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2012/03/02 17:03:00 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2012/03/02 17:03:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2012/03/02 17:02:00 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2012/03/02 17:02:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2012/03/02 17:02:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2012/03/02 17:02:00 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/02 06:38:08 | 000,239,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2011/04/20 03:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2011/03/21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT)
DRV:64bit: - [2011/03/21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP)
DRV:64bit: - [2011/03/21 16:44:28 | 000,088,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Program Files\NetLimiter 3\nltdi.sys -- (nltdi)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/08/02 17:19:00 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandadb.sys -- (androidusb)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 22:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/27 21:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/04/27 21:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/08/08 15:31:26 | 000,062,960 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\h648103.sys -- (h648103)
DRV:64bit: - [2008/08/08 15:31:22 | 000,065,776 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\h648101.sys -- (h648101)
DRV:64bit: - [2008/08/08 15:31:20 | 000,063,856 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\h647906.sys -- (h647906)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2005/11/11 13:55:56 | 000,099,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P0630Vid.sys -- (P0630VID)
DRV - [2013/04/04 10:55:43 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2013/04/04 10:55:35 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2013/04/04 10:51:39 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2013/01/23 02:12:38 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2012/09/20 23:53:30 | 000,057,512 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys -- (AODDriver4.2.0)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/08 15:31:18 | 000,043,192 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\hid8101.sys -- (hid8101)
DRV - [2008/08/08 15:31:18 | 000,040,856 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\hid8103.sys -- (hid8103)
DRV - [2008/08/08 15:31:16 | 000,041,272 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\hid7906.sys -- (hid7906)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C 1B 19 56 29 A1 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.4.6
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: canitbecheaper%40trafficbroker.co.uk:3.8.28
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.13
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.7
FF - prefs.js..extensions.enabledAddons: firegestures%40xuldev.org:1.6.22
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Antonio\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Antonio\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Antonio\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Antonio\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Antonio\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Antonio\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Antonio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/04 04:35:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/04 04:35:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/04 04:35:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/04 04:35:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/04 04:35:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/09 01:35:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/27 03:11:14 | 000,000,000 | ---D | M]

[2012/09/25 23:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonio\AppData\Roaming\Mozilla\Extensions
[2013/04/04 03:56:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\c392l6gp.default\extensions
[2013/03/14 21:36:18 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\c392l6gp.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013/02/24 05:46:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\c392l6gp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/10/02 23:21:59 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\c392l6gp.default\extensions\[email protected]
[2012/12/08 05:16:16 | 000,093,072 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\c392l6gp.default\extensions\[email protected]
[2013/04/03 21:46:27 | 000,140,792 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\c392l6gp.default\extensions\[email protected]
[2013/03/29 03:25:42 | 000,361,682 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\c392l6gp.default\extensions\[email protected]
[2012/09/25 23:49:24 | 000,079,135 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\c392l6gp.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
[2013/03/03 15:58:43 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\c392l6gp.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013/02/14 06:07:20 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\c392l6gp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/25 23:49:25 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\c392l6gp.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013/04/04 03:56:08 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\c392l6gp.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/02/28 10:06:32 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\c392l6gp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/02/27 03:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/27 03:11:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/09 01:35:21 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/27 03:11:17 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Antonio\AppData\Local\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Antonio\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Antonio\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Antonio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Antonio\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Antonio\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Tampermonkey = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.12.3124.133_0\
CHR - Extension: Dark Vibe = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj\1.1_0\
CHR - Extension: AdBlock = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: TabJump - Intelligent Tab Navigator = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokofmgcicpnjchllaccgedmmmbbnbmf\0.7.9.2_0\
CHR - Extension: Undo Recently Closed Tabs = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpcdannfionjoennkippohpibecglhic\1.0.0_0\
CHR - Extension: Smooth Gestures = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.17.4_0\
CHR - Extension: Skype Click to Call = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: Download = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccjoeeljedbmkidebclpoabijggpbdp\0.1.7_0\
CHR - Extension: Gmail = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/01/30 11:13:18 | 000,445,034 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15284 more lines...
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKLM..\Run: [ZALFree] C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe (Zemana Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BECA798-FA76-4D2E-9C02-CDC34A72C26C}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADBCDCC5-754F-4E7D-8A91-38A8850731DB}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KE16F2~1.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(4).dll (Zemana Ltd.)
O20 - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KE96AA~1.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(4).dll (Zemana Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{7ea56b82-52ee-11e2-8d12-6cf049e1837f}\Shell - "" = AutoRun
O33 - MountPoints2\{7ea56b82-52ee-11e2-8d12-6cf049e1837f}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/04 11:03:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Antonio\Desktop\OTL.exe
[2013/04/04 04:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013/04/04 04:36:17 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013/04/04 04:35:13 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/04/04 04:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/04/04 04:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013/04/04 04:34:39 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013/04/04 04:34:39 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/04/04 03:03:30 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Desktop\EmuCR-Pcsx2-r5413
[2013/04/04 02:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/04 02:00:24 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/04 02:00:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/04 01:46:37 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Desktop\pcsx2-5604-windows-x86
[2013/04/04 01:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/04/04 01:27:36 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/04/04 01:20:52 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Desktop\PCSX2 1.0.0
[2013/04/04 00:28:44 | 000,062,960 | ---- | C] (Your Corporation) -- C:\Windows\SysNative\drivers\h648103.sys
[2013/04/04 00:28:37 | 000,065,776 | ---- | C] (Your Corporation) -- C:\Windows\SysNative\drivers\h648101.sys
[2013/04/04 00:28:22 | 000,063,856 | ---- | C] (Your Corporation) -- C:\Windows\SysNative\drivers\h647906.sys
[2013/04/04 00:27:41 | 000,043,192 | ---- | C] (Your Corporation) -- C:\Windows\SysWow64\drivers\hid8101.sys
[2013/04/04 00:27:41 | 000,041,272 | ---- | C] (Your Corporation) -- C:\Windows\SysWow64\drivers\hid7906.sys
[2013/04/04 00:27:41 | 000,040,856 | ---- | C] (Your Corporation) -- C:\Windows\SysWow64\drivers\hid8103.sys
[2013/04/04 00:27:40 | 000,000,000 | ---D | C] -- C:\Windows\USB Vibration
[2013/04/03 23:43:10 | 000,000,000 | ---D | C] -- C:\Windows\FltMgr
[2013/04/03 21:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2013/04/03 21:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/04/03 18:07:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB Vibration
[2013/04/01 19:43:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/04/01 19:43:02 | 000,000,000 | ---D | C] -- C:\Intel
[2013/04/01 19:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
[2013/04/01 19:42:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE
[2013/03/30 11:57:54 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2013/03/30 11:57:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2013/03/30 09:33:11 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2013/03/30 04:14:52 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uRexsoft
[2013/03/30 04:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\uRexsoft
[2013/03/30 04:12:44 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\Engelmann_Media
[2013/03/30 04:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/03/30 04:09:46 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Roaming\Engelmann Media
[2013/03/30 04:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Engelmann Media
[2013/03/30 04:09:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HDX4
[2013/03/30 04:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Engelmann Media
[2013/03/30 03:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI Kombustor 2.5
[2013/03/30 03:40:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Kombustor 2.5
[2013/03/29 04:37:32 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/03/29 04:37:32 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/03/29 04:37:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2013/03/29 03:22:26 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\Futuremark
[2013/03/29 03:22:25 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\IsolatedStorage
[2013/03/29 03:22:23 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\3DMark
[2013/03/29 03:21:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2013/03/29 03:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
[2013/03/29 03:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\Futuremark
[2013/03/28 09:20:19 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\Warframe
[2013/03/28 02:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2013/03/28 02:29:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo
[2013/03/26 11:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation
[2013/03/26 11:30:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital Corporation
[2013/03/26 05:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2013/03/26 05:14:59 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/03/26 01:19:05 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\PCSX2
[2013/03/24 18:44:46 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\WarThunder
[2013/03/24 18:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder
[2013/03/24 18:44:28 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\War Thunder
[2013/03/24 18:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\War Thunder
[2013/03/23 18:28:01 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Desktop\Pectures
[2013/03/22 03:54:55 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\DolbyAxon
[2013/03/22 03:54:35 | 002,262,960 | ---- | C] (Codejock Software) -- C:\Windows\SysWow64\Codejock.CommandBars.v13.0.0.ocx
[2013/03/22 03:54:35 | 000,571,312 | ---- | C] (Codejock Software) -- C:\Windows\SysWow64\Codejock.SkinFramework.Unicode.v13.0.0.ocx
[2013/03/22 03:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby Axon
[2013/03/22 03:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DolbyAxon
[2013/03/22 03:27:24 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Roaming\ooVoo Details
[2013/03/22 03:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
[2013/03/22 03:27:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ooVoo
[2013/03/21 07:28:59 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Desktop\p95v279.win64
[2013/03/18 14:03:10 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\Locktime
[2013/03/18 14:02:36 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetLimiter 3
[2013/03/18 14:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\NetLimiter 3
[2013/03/18 14:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Locktime
[2013/03/18 04:29:22 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\qb749CF55.35
[2013/03/16 18:49:57 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\Targem
[2013/03/15 03:14:46 | 000,000,000 | ---D | C] -- C:\Android-adb
[2013/03/13 18:08:53 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2013/03/12 13:17:06 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Roaming\JasonRobitaille
[2013/03/12 13:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013/03/12 13:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\Palm, Inc
[2013/03/09 18:10:31 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\SimCity 4
[2013/03/09 18:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
[2013/03/09 18:08:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis
[2012/09/05 06:30:04 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/04 11:12:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/04 11:00:08 | 000,012,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 11:00:08 | 000,012,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 10:55:43 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2013/04/04 10:54:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/04 10:54:44 | 3219,251,200 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/04 10:53:24 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/04/04 10:27:08 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1423067775-3204029643-3060600608-1000UA.job
[2013/04/04 10:10:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1423067775-3204029643-3060600608-1000UA.job
[2013/04/04 07:27:13 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1423067775-3204029643-3060600608-1000Core.job
[2013/04/04 07:10:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1423067775-3204029643-3060600608-1000Core.job
[2013/04/04 04:36:18 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013/04/04 00:40:33 | 000,005,052 | ---- | M] () -- C:\Users\Antonio\Documents\LilyPad.lily
[2013/04/04 00:01:45 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/04 00:01:45 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/03 23:45:38 | 000,008,627 | ---- | M] () -- C:\Windows\SysWow64\PAV_FOG.OPC
[2013/04/03 23:32:37 | 000,000,370 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/04/03 22:33:25 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/03 22:33:25 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/03 22:33:25 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/03 22:23:44 | 000,234,544 | ---- | M] () -- C:\Windows\RegBootClean64.exe
[2013/04/03 21:44:16 | 000,000,036 | ---- | M] () -- C:\Users\Antonio\AppData\Local\housecall.guid.cache
[2013/04/03 18:09:29 | 000,000,082 | ---- | M] () -- C:\Users\Antonio\AppData\Roaming\mbam.context.scan
[2013/04/01 19:29:23 | 000,001,011 | ---- | M] () -- C:\Users\Antonio\Desktop\SpeedFan.lnk
[2013/04/01 19:29:21 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/03/30 11:14:46 | 507,889,765 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/30 04:09:47 | 000,001,294 | ---- | M] () -- C:\Users\Antonio\Application Data\Microsoft\Internet Explorer\Quick Launch\SimplyGoodPictures2.lnk
[2013/03/29 04:37:32 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/03/29 04:37:32 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/03/28 23:29:21 | 000,001,080 | ---- | M] () -- C:\Users\Antonio\Desktop\prime95.exe - Shortcut.lnk
[2013/03/25 08:41:30 | 001,731,813 | ---- | M] () -- C:\Users\Antonio\Desktop\Dafaq-these-white-people-doing.gif
[2013/03/24 22:13:00 | 000,001,908 | ---- | M] () -- C:\Users\Antonio\Desktop\Launch Arma2 OA Beta Patch.lnk
[2013/03/24 06:30:34 | 000,002,138 | ---- | M] () -- C:\Users\Antonio\Desktop\ArmA2OA - Shortcut.lnk
[2013/03/21 12:53:54 | 000,024,760 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\KeyCrypt64.sys
[2013/03/19 16:25:53 | 000,024,976 | ---- | M] () -- C:\Users\Antonio\Documents\Antonio Yuen Resume.pdf
[2013/03/13 16:41:42 | 004,303,828 | ---- | M] () -- C:\Users\Antonio\Desktop\I_ve_Got_The_Clap_Official_Music_Video.flv
[2013/03/12 15:09:09 | 000,024,969 | ---- | M] () -- C:\Users\Antonio\Documents\Antonio Yuen Resume 3.12.2013.pdf
[2013/03/09 18:09:03 | 000,000,531 | ---- | M] () -- C:\Windows\eReg.dat
[2013/03/05 17:21:41 | 000,024,518 | ---- | M] () -- C:\Users\Antonio\Documents\Antonio Yuen Resume 3.5.2013.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/04 04:36:31 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013/04/04 03:52:22 | 000,021,464 | ---- | C] () -- C:\Users\Antonio\Desktop\4gb_patch.zip
[2013/04/04 01:27:40 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/04/04 00:27:41 | 000,008,316 | ---- | C] () -- C:\Windows\SysWow64\drivers\hid8103.cat
[2013/04/04 00:27:41 | 000,008,316 | ---- | C] () -- C:\Windows\SysWow64\drivers\hid8101.cat
[2013/04/04 00:27:41 | 000,008,316 | ---- | C] () -- C:\Windows\SysWow64\drivers\hid7906.cat
[2013/04/04 00:01:45 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/04 00:01:45 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/03 23:45:21 | 000,008,627 | ---- | C] () -- C:\Windows\SysWow64\PAV_FOG.OPC
[2013/04/03 21:53:31 | 000,234,544 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2013/04/03 21:47:14 | 000,000,370 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/04/03 21:44:16 | 000,000,036 | ---- | C] () -- C:\Users\Antonio\AppData\Local\housecall.guid.cache
[2013/04/03 18:09:29 | 000,000,082 | ---- | C] () -- C:\Users\Antonio\AppData\Roaming\mbam.context.scan
[2013/04/03 17:54:06 | 000,005,052 | ---- | C] () -- C:\Users\Antonio\Documents\LilyPad.lily
[2013/04/01 19:55:24 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2013/04/01 19:29:23 | 000,001,011 | ---- | C] () -- C:\Users\Antonio\Desktop\SpeedFan.lnk
[2013/03/30 09:25:09 | 507,889,765 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/03/30 04:09:47 | 000,001,294 | ---- | C] () -- C:\Users\Antonio\Application Data\Microsoft\Internet Explorer\Quick Launch\SimplyGoodPictures2.lnk
[2013/03/28 23:29:21 | 000,001,080 | ---- | C] () -- C:\Users\Antonio\Desktop\prime95.exe - Shortcut.lnk
[2013/03/25 08:41:29 | 001,731,813 | ---- | C] () -- C:\Users\Antonio\Desktop\Dafaq-these-white-people-doing.gif
[2013/03/19 16:26:00 | 000,024,976 | ---- | C] () -- C:\Users\Antonio\Documents\Antonio Yuen Resume.pdf
[2013/03/14 02:13:46 | 000,001,908 | ---- | C] () -- C:\Users\Antonio\Desktop\Launch Arma2 OA Beta Patch.lnk
[2013/03/13 16:41:35 | 004,303,828 | ---- | C] () -- C:\Users\Antonio\Desktop\I_ve_Got_The_Clap_Official_Music_Video.flv
[2013/03/12 15:07:56 | 000,024,969 | ---- | C] () -- C:\Users\Antonio\Documents\Antonio Yuen Resume 3.12.2013.pdf
[2013/03/09 18:09:03 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2013/03/05 17:21:48 | 000,024,518 | ---- | C] () -- C:\Users\Antonio\Documents\Antonio Yuen Resume 3.5.2013.pdf
[2013/01/10 00:47:10 | 000,007,602 | ---- | C] () -- C:\Users\Antonio\AppData\Local\Resmon.ResmonCfg
[2012/12/26 04:08:57 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/12/26 04:08:48 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/12/10 00:16:01 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/12/08 07:11:41 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/12/08 07:11:41 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/10/29 16:44:56 | 000,315,392 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll
[2012/10/17 20:01:19 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/28 15:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012/09/25 23:37:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/07/27 21:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/27 21:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/30 23:02:12 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\.mono
[2012/09/30 06:11:48 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\.oit
[2012/09/26 00:12:25 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\acccore
[2013/02/23 07:07:14 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\Arrowhead
[2012/10/17 20:05:49 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\cYo
[2013/03/29 04:46:34 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\DAEMON Tools Pro
[2013/04/04 10:56:13 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\Dropbox
[2013/03/30 04:09:46 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\Engelmann Media
[2012/10/30 22:33:06 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\Full Control
[2013/03/12 13:17:06 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\JasonRobitaille
[2012/10/19 16:14:40 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\LolClient
[2013/01/28 07:52:46 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\Mumble
[2013/03/03 15:09:01 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\OBS
[2013/03/22 03:27:30 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\ooVoo Details
[2013/04/03 17:28:05 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\TS3Client
[2012/10/08 03:35:10 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\ts3overlay
[2012/12/07 17:44:04 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\Unity
[2013/04/04 05:35:49 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\uTorrent
[2012/10/28 06:53:38 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\Xilisoft

========== Purity Check ==========



< End of report >

If anyone finds anything suspicious please let me know. Thanks again!
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application (When you run VEW for Applications it will overwrite the Systems log so you want to post it or rename it before running VEW a second time).

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Ron
  • 0

#3
AntonioY

AntonioY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Attempt #1
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 04/04/2013 1:27:44 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/04/2013 5:25:31 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 04/04/2013 5:24:36 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.


Attempt #2
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 04/04/2013 1:28:54 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/04/2013 5:25:31 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 04/04/2013 5:24:36 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

--------------------------------------------------------
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 97.32 0 K 24 K 0
procexp64.exe 0.89 34,692 K 50,312 K 4396 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
Interrupts 0.25 0 K 0 K n/a Hardware Interrupts and DPCs
csrss.exe 0.14 3,132 K 8,988 K 696 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 0.13 37,452 K 35,688 K 2388 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
avp.exe 0.13 47,480 K 5,816 K 3836 Kaspersky Anti-Virus Kaspersky Lab ZAO (Verified) Kaspersky Lab
avp.exe 0.12 299,392 K 51,064 K 1956 Kaspersky Anti-Virus Kaspersky Lab ZAO (Verified) Kaspersky Lab
AODAssist.exe 0.10 13,344 K 14,500 K 1876 (Verified) Advanced Micro Devices
System 0.09 156 K 1,172 K 4
svchost.exe 0.09 45,148 K 46,180 K 1172 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
mbamservice.exe 0.08 119,628 K 54,672 K 1236 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
svchost.exe 0.08 25,780 K 24,668 K 1048 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SDTray.exe 0.05 16,992 K 23,696 K 3576 Spybot - Search & Destroy tray access Safer-Networking Ltd. (Verified) Safer Networking Ltd.
AntiLogger Free.exe 0.05 24,064 K 26,056 K 3408 Zemana AntiLogger Free Zemana Ltd. (Verified) Zemana Ltd.
svchost.exe 0.05 133,600 K 132,600 K 1088 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 0.05 18,124 K 30,104 K 5084 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
SDWSCSvc.exe 0.04 5,792 K 4,352 K 2860 Windows Security Center integration. Safer-Networking Ltd. (Verified) Safer Networking Ltd.
fraps.exe 0.04 27,248 K 4,304 K 3596 Fraps Beepa P/L (Verified) Beepa Pty Ltd
firefox.exe 0.03 206,564 K 219,620 K 4296 Firefox Mozilla Corporation (Verified) Mozilla Corporation
MSIAfterburner.exe 0.03 8,924 K 3,500 K 3568 MSIAfterburner (Verified) MICRO-STAR INTERNATIONAL CO.
svchost.exe 0.03 15,176 K 18,796 K 1132 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.03 37,964 K 53,364 K 2660 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 0.02 13,020 K 11,956 K 2436 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE 0.02 12,648 K 15,996 K 2676 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
svchost.exe 0.02 9,556 K 9,188 K 2108 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
NLClientApp.exe 0.02 22,156 K 36,152 K 3804 NetLimiter 3 Client Locktime Software (No signature was present in the subject) Locktime Software
nlsvc.exe 0.01 11,008 K 12,060 K 1756 NetLimiter 3 Service Locktime Software (No signature was present in the subject) Locktime Software
procexp.exe 0.01 7,164 K 7,552 K 5340 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
dllhost.exe 0.01 8,032 K 8,484 K 4968 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 9,992 K 10,856 K 908 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
services.exe 0.01 9,464 K 9,340 K 728 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 7,788 K 6,788 K 1284 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
CCC.exe 0.01 129,796 K 4,516 K 2984 Catalyst Control Center: Host application ATI Technologies Inc. (No signature was present in the subject) ATI Technologies Inc.
atiesrxx.exe 0.01 6,912 K 5,656 K 452 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
MOM.exe < 0.01 50,272 K 4,116 K 3580 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc. (No signature was present in the subject) Advanced Micro Devices Inc.
WLIDSVCM.EXE < 0.01 6,664 K 4,776 K 2796 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
nusb3mon.exe < 0.01 6,260 K 5,908 K 3924 USB 3.0 Monitor Renesas Electronics Corporation (Verified) Renesas Electronics Corporation
svchost.exe < 0.01 95,596 K 34,076 K 3712 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 9,144 K 8,748 K 1000 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 2,260 K 4,312 K 604 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe < 0.01 12,112 K 13,384 K 1696 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 12,524 K 14,648 K 4512 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
mbamgui.exe < 0.01 7,628 K 8,348 K 2628 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
fraps64.dat < 0.01 7,888 K 2,336 K 4768 Fraps Beepa P/L (Verified) Beepa Pty Ltd
svchost.exe < 0.01 29,016 K 26,092 K 1420 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
mbamscheduler.exe < 0.01 6,564 K 6,148 K 1996 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
WmiPrvSE.exe 8,160 K 8,016 K 2264 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 8,608 K 8,776 K 844 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 5,732 K 4,744 K 664 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 6,556 K 6,472 K 3372 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 91,608 K 90,136 K 1724 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 16,616 K 15,420 K 4788 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 7,304 K 6,752 K 3760 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,264 K 3,064 K 1932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
smss.exe 544 K 1,200 K 388 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
RAVCpl64.exe 19,364 K 13,164 K 3656 Realtek HD Audio Manager Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
notepad.exe 6,064 K 6,964 K 3480 Notepad Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 2,724 K 4,400 K 756 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 10,796 K 13,040 K 748 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
Fuel.Service.exe 11,420 K 14,100 K 1812 AMD Fuel Service Advanced Micro Devices, Inc. (No signature was present in the subject) Advanced Micro Devices, Inc.
audiodg.exe 15,988 K 15,708 K 1248 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
atieclxx.exe 7,984 K 8,124 K 1560 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher



Hey Ron thanks for the quick reply. Here are the things you asked for. If you see anything suspicious such as a half deleted trojan or whatnot please let me know. Thanks again!

Edited by AntonioY, 04 April 2013 - 11:34 AM.

  • 0

#4
AntonioY

AntonioY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 04/04/2013 1:34:51 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/04/2013 5:24:26 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 18 user registry handles leaked from \Registry\User\S-1-5-21-1423067775-3204029643-3060600608-1000:
Process 1932 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1423067775-3204029643-3060600608-1000
Process 1932 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1423067775-3204029643-3060600608-1000
Process 1932 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1423067775-3204029643-3060600608-1000
Process 1932 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1423067775-3204029643-3060600608-1000
Process 1932 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1423067775-3204029643-3060600608-1000
Process 1932 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1423067775-3204029643-3060600608-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1932 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1423067775-3204029643-3060600608-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1932 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1423067775-3204029643-3060600608-1000\Software\Microsoft\SystemCertificates\trust
Process 1932 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1423067775-3204029643-3060600608-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1932 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1423067775-3204029643-3060600608-1000\Software\Policies\Microsoft\SystemCertificates
Process 1932 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1423067775-3204029643-3060600608-1000\Software\Policies\Microsoft\SystemCertificates
Process 1932 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1423067775-3204029643-3060600608-1000\Software\Policies\Microsoft\SystemCertificates
Process 1932 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1423067775-3204029643-3060600608-1000\Software\Policies\Microsoft\SystemCertificates
Process 1932 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1423067775-3204029643-3060600608-1000\Software\Microsoft\SystemCertificates\My
Process 1932 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1423067775-3204029643-3060600608-1000\Software\Microsoft\SystemCertificates\CA
Process 1724 (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-1423067775-3204029643-3060600608-1000\Software\Acro Software Inc\CPW
Process 1724 (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-1423067775-3204029643-3060600608-1000\Software\Acro Software Inc\CPW
Process 1932 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1423067775-3204029643-3060600608-1000\Software\Microsoft\SystemCertificates\Root


Sorry for the double post
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found

We need to remove the above. It's part of Spybot S & D I think. I would uninstall Spybot then if it is still there in OTL Quickscan we can remove it with:


Copy the text in the code box by highlighting and Ctrl + c

:OTL
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL may reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\04042013-some number.log so look there if you don't see it.


If it's still slow starting then let's look at the boot log:

Follow the steps here to enable the boot log:

http://www.techrepub...f-msconfig/3463

But you should replace Step 1 with: Start, in the search box type: msconfig , when it finds msconfig.exe right click on it and Run As Admin.

Attach the log C:\Windows\ntbtlog.txt to your next post.
  • 0

#6
AntonioY

AntonioY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Service Pack 1 4 4 2013 16:22:05.109
Loaded driver \SystemRoot\system32\ntoskrnl.exe
Loaded driver \SystemRoot\system32\hal.dll
Loaded driver \SystemRoot\system32\kdcom.dll
Loaded driver \SystemRoot\system32\mcupdate_AuthenticAMD.dll
Loaded driver \SystemRoot\system32\PSHED.dll
Loaded driver \SystemRoot\system32\CLFS.SYS
Loaded driver \SystemRoot\system32\CI.dll
Loaded driver \SystemRoot\system32\drivers\Wdf01000.sys
Loaded driver \SystemRoot\system32\drivers\WDFLDR.SYS
Loaded driver \SystemRoot\system32\drivers\ACPI.sys
Loaded driver \SystemRoot\system32\drivers\WMILIB.SYS
Loaded driver \SystemRoot\system32\drivers\msisadrv.sys
Loaded driver \SystemRoot\system32\drivers\pci.sys
Loaded driver \SystemRoot\system32\drivers\vdrvroot.sys
Loaded driver \SystemRoot\system32\DRIVERS\kl1.sys
Loaded driver \SystemRoot\System32\drivers\partmgr.sys
Loaded driver \SystemRoot\system32\drivers\volmgr.sys
Loaded driver \SystemRoot\System32\drivers\volmgrx.sys
Loaded driver \SystemRoot\system32\drivers\pciide.sys
Loaded driver \SystemRoot\system32\drivers\PCIIDEX.SYS
Loaded driver \SystemRoot\system32\DRIVERS\jraid.sys
Loaded driver \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
Loaded driver \SystemRoot\system32\DRIVERS\mv91cons.sys
Loaded driver \SystemRoot\System32\drivers\mountmgr.sys
Loaded driver \SystemRoot\system32\drivers\vmbus.sys
Loaded driver \SystemRoot\system32\drivers\winhv.sys
Loaded driver \SystemRoot\system32\drivers\atapi.sys
Loaded driver \SystemRoot\system32\drivers\ataport.SYS
Loaded driver \SystemRoot\system32\drivers\msahci.sys
Loaded driver \SystemRoot\system32\DRIVERS\amdsata.sys
Loaded driver \SystemRoot\system32\DRIVERS\storport.sys
Loaded driver \SystemRoot\system32\DRIVERS\amdxata.sys
Loaded driver \SystemRoot\system32\DRIVERS\amd_sata.sys
Loaded driver \SystemRoot\system32\DRIVERS\amd_xata.sys
Loaded driver \SystemRoot\system32\DRIVERS\mvs91xx.sys
Loaded driver \SystemRoot\system32\DRIVERS\mvxxmm.sys
Loaded driver \SystemRoot\system32\drivers\fltmgr.sys
Loaded driver \SystemRoot\system32\drivers\fileinfo.sys
Loaded driver \SystemRoot\System32\Drivers\Ntfs.sys
Loaded driver \SystemRoot\System32\Drivers\msrpc.sys
Loaded driver \SystemRoot\System32\Drivers\ksecdd.sys
Loaded driver \SystemRoot\System32\Drivers\cng.sys
Loaded driver \SystemRoot\System32\drivers\pcw.sys
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.sys
Loaded driver \SystemRoot\system32\drivers\ndis.sys
Loaded driver \SystemRoot\system32\drivers\NETIO.SYS
Loaded driver \SystemRoot\System32\Drivers\ksecpkg.sys
Loaded driver \SystemRoot\System32\drivers\tcpip.sys
Loaded driver \SystemRoot\System32\drivers\fwpkclnt.sys
Loaded driver \SystemRoot\system32\drivers\vmstorfl.sys
Loaded driver \SystemRoot\system32\drivers\volsnap.sys
Loaded driver \SystemRoot\System32\Drivers\spldr.sys
Loaded driver \SystemRoot\SysWOW64\speedfan.sys
Loaded driver \SystemRoot\System32\drivers\rdyboost.sys
Loaded driver \SystemRoot\System32\Drivers\mup.sys
Loaded driver \SystemRoot\System32\drivers\hwpolicy.sys
Loaded driver \SystemRoot\System32\DRIVERS\fvevol.sys
Loaded driver \SystemRoot\system32\DRIVERS\disk.sys
Loaded driver \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
Loaded driver \SystemRoot\system32\DRIVERS\AtiPcie.sys
Loaded driver \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\klif.sys
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\system32\drivers\rdpencdd.sys
Loaded driver \SystemRoot\system32\drivers\rdprefmp.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\tdx.sys
Loaded driver \SystemRoot\system32\DRIVERS\kltdi.sys
Loaded driver \??\C:\Program Files\NetLimiter 3\nltdi.sys
Loaded driver \SystemRoot\system32\drivers\afd.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\system32\DRIVERS\wfplwf.sys
Loaded driver \SystemRoot\system32\DRIVERS\pacer.sys
Loaded driver \SystemRoot\system32\DRIVERS\vwififlt.sys
Loaded driver \SystemRoot\system32\DRIVERS\klim6.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\serial.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\system32\drivers\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\drivers\nsiproxy.sys
Loaded driver \SystemRoot\system32\drivers\mssmbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\kneps.sys
Loaded driver \??\C:\Windows\system32\drivers\HWiNFO64A.SYS
Loaded driver \SystemRoot\System32\drivers\discache.sys
Loaded driver \SystemRoot\system32\drivers\csc.sys
Loaded driver \SystemRoot\System32\Drivers\dfsc.sys
Loaded driver \SystemRoot\system32\DRIVERS\blbdrive.sys
Loaded driver \SystemRoot\system32\DRIVERS\tunnel.sys
Loaded driver \SystemRoot\system32\DRIVERS\amdppm.sys
Loaded driver \SystemRoot\system32\drivers\wmiacpi.sys
Loaded driver \SystemRoot\system32\DRIVERS\atikmdag.sys
Loaded driver \SystemRoot\System32\drivers\dxgkrnl.sys
Loaded driver \SystemRoot\system32\DRIVERS\atikmpag.sys
Loaded driver \SystemRoot\system32\drivers\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\nusb3xhc.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbfilter.sys
Loaded driver \SystemRoot\system32\DRIVERS\Rt64win7.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbohci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\drivers\1394ohci.sys
Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys
Loaded driver \SystemRoot\system32\drivers\CompositeBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\AgileVpn.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\rassstp.sys
Loaded driver \SystemRoot\system32\DRIVERS\nlndis.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdpbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\drivers\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\amdiox64.sys
Loaded driver \SystemRoot\system32\drivers\umbus.sys
Did not load driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\system32\DRIVERS\nusb3hub.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\AtihdW76.sys
Loaded driver \SystemRoot\system32\drivers\ksthunk.sys
Loaded driver \SystemRoot\system32\drivers\RTKVHD64.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\KeyCrypt64.sys
Loaded driver \SystemRoot\system32\DRIVERS\klkbdflt.sys
Loaded driver \SystemRoot\system32\DRIVERS\t_mouse.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\klmouflt.sys
Loaded driver \SystemRoot\system32\DRIVERS\P0630Vid.sys
Loaded driver \SystemRoot\system32\DRIVERS\monitor.sys
Loaded driver \SystemRoot\system32\drivers\luafv.sys
Loaded driver \??\C:\Windows\system32\drivers\mbam.sys
Loaded driver \SystemRoot\system32\DRIVERS\lltdio.sys
Loaded driver \SystemRoot\system32\DRIVERS\nwifi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Loaded driver \SystemRoot\system32\DRIVERS\rspndr.sys
Loaded driver \SystemRoot\system32\drivers\HTTP.sys
Loaded driver \SystemRoot\system32\DRIVERS\bowser.sys
Loaded driver \SystemRoot\System32\drivers\mpsdrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb10.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb20.sys
Loaded driver \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
Loaded driver \??\C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
Loaded driver \SystemRoot\system32\drivers\peauth.sys
Loaded driver \SystemRoot\System32\Drivers\secdrv.SYS
Loaded driver \SystemRoot\System32\DRIVERS\srvnet.sys
Loaded driver \SystemRoot\System32\drivers\tcpipreg.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv2.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Did not load driver \SystemRoot\System32\DRIVERS\srv.sys
Loaded driver \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys

Weird, I just restarted my computer and my Fraps didn't initialize because apparently Dx9 was not working correctly.
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Looks like a standard boot log with no unusual problems. Go back into msconfig and uncheck the boot log option and apply then:

Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot. If it doesn't boot faster then go back into msconfig and recheck the
things you turned off. If it helps then go back and turn on a few items each
time until you find the culprit.

There is also a possible delay from windows updates. If the time for the automatic updates (3 AM) comes around and the PC is off it will do its thing at boot which might slow it down a bit. Change the time to a time when the PC is normally on.

Kaspersky is showing some really stupid errors. I think I would uninstall it, reboot and reinstall. Remember to right click on the installer file and Run As Admin.
  • 0

#8
AntonioY

AntonioY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks for the help Rob! Yeah I should probably uninstall Kaspersky but that's for another day! For now.. Sleep
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP