kkthnx
-
Posts
9 -
Joined
-
Last visited
-
Random loss of access to certain webpages and lag.
kkthnx replied to kkthnx's topic in Resolved Malware Removal Logs
ComboFix 12-06-16.02 - Kkthnx 17/06/2012 16:08:16.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16375.14199 [GMT 1:00] Running from: c:\users\Kkthnx\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\users\Kkthnx\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll c:\users\Kkthnx\Desktop\Setup.exe c:\users\Kkthnx\Documents\~WRL0001.tmp c:\users\Kkthnx\Documents\~WRL0002.tmp c:\windows\security\Database\tmp.edb c:\windows\SysWow64\muzapp.exe c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete . . ((((((((((((((((((((((((( Files Created from 2012-05-17 to 2012-06-17 ))))))))))))))))))))))))))))))) . . 2012-06-17 15:14 . 2012-06-17 15:14 -------- d-----w- c:\users\Lisa\AppData\Local\temp 2012-06-17 15:14 . 2012-06-17 15:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-17 14:58 . 2012-06-17 14:58 -------- d-----w- C:\_OTL 2012-06-16 18:23 . 2012-06-16 22:55 -------- d-----w- C:\ARK 2012-06-16 18:14 . 2012-06-16 18:14 -------- d-----w- c:\program files (x86)\ERUNT 2012-06-15 04:54 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-15 04:53 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-15 04:53 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-12 12:49 . 2012-06-12 12:49 -------- d-----w- c:\program files (x86)\Nectar Search Toolbar 2012-06-06 19:52 . 2012-06-06 19:53 -------- d-----w- c:\users\Kkthnx\AppData\Roaming\AVG 2012-06-01 17:37 . 2012-06-01 17:37 -------- d-----w- c:\users\Kkthnx\AppData\Local\Albelli Photo books 2012-05-30 16:03 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-30 16:03 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-30 16:03 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-30 16:02 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-30 16:01 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-30 16:01 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-30 16:01 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-30 16:01 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-30 16:01 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-28 08:43 . 2012-05-28 08:43 -------- d-----w- c:\users\Lisa\AppData\Local\Htc 2012-05-28 08:43 . 2012-05-28 08:43 -------- d-----w- c:\users\Lisa\AppData\Roaming\HTC 2012-05-20 14:06 . 2012-06-17 15:04 -------- d-----w- c:\users\Kkthnx\AppData\Local\Htc 2012-05-20 13:34 . 2012-05-20 14:07 -------- d-----w- c:\users\Kkthnx\AppData\Roaming\HTC 2012-05-20 13:25 . 2012-05-20 13:25 -------- d-----w- c:\program files (x86)\Spirent Communications 2012-05-20 13:24 . 2012-05-20 13:34 -------- d-----w- c:\program files (x86)\HTC 2012-05-20 13:24 . 2012-05-20 13:24 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR 2012-05-20 13:24 . 2012-05-20 13:24 -------- d-----w- c:\program files (x86)\MSXML 4.0 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-12 15:19 . 2012-05-12 15:19 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-05-12 15:19 . 2012-05-12 15:19 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-05-12 15:19 . 2012-05-12 15:19 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-05-12 15:19 . 2012-05-12 15:19 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-05-12 15:19 . 2012-05-12 15:19 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-05-12 15:19 . 2012-05-12 15:19 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-05-12 15:19 . 2012-05-12 15:19 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-05-12 15:19 . 2012-05-12 15:19 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-05-12 15:19 . 2012-05-12 15:19 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-05-12 15:19 . 2012-05-12 15:19 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-05-12 15:19 . 2012-05-12 15:19 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-05-12 15:19 . 2012-05-12 15:19 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-05-12 15:19 . 2012-05-12 15:19 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-05-12 15:19 . 2012-05-12 15:19 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-05-12 15:19 . 2012-05-12 15:19 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-05-12 15:19 . 2012-05-12 15:19 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-05-12 15:19 . 2012-05-12 15:19 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-05-12 15:19 . 2012-05-12 15:19 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-05-12 15:19 . 2012-05-12 15:19 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-05-12 15:19 . 2012-05-12 15:19 448512 ----a-w- c:\windows\system32\html.iec 2012-05-12 15:19 . 2012-05-12 15:19 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-05-12 15:19 . 2012-05-12 15:19 222208 ----a-w- c:\windows\system32\msls31.dll 2012-05-12 15:19 . 2012-05-12 15:19 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-05-12 15:19 . 2012-05-12 15:19 12288 ----a-w- c:\windows\system32\mshta.exe 2012-05-12 15:19 . 2012-05-12 15:19 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-05-12 15:19 . 2012-05-12 15:19 114176 ----a-w- c:\windows\system32\admparse.dll 2012-05-12 15:19 . 2012-05-12 15:19 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-05-12 15:19 . 2012-05-12 15:19 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-05-12 15:19 . 2012-05-12 15:19 603648 ----a-w- c:\windows\system32\vbscript.dll 2012-05-12 15:19 . 2012-05-12 15:19 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-12 15:19 . 2012-05-12 15:19 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-05-12 15:19 . 2012-05-12 15:19 160256 ----a-w- c:\windows\system32\wextract.exe 2012-05-11 20:08 . 2012-05-11 20:08 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-05-11 20:08 . 2012-05-11 20:08 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2012-05-11 20:08 . 2012-05-11 20:08 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll 2012-05-08 13:07 . 2012-05-08 13:07 8072272 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.382.0oemBingBarSetup-Partner.EXE 2012-05-05 09:38 . 2012-05-05 09:38 388096 ----a-r- c:\users\Kkthnx\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-05 09:37 . 2012-04-21 19:56 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-05 09:37 . 2012-04-21 19:56 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-05 09:37 . 2012-05-05 09:37 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-22 21:30 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-04-22 21:30 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-04-22 19:09 . 2012-04-22 19:09 53248 ----a-r- c:\users\Kkthnx\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe 2012-04-21 18:12 . 2011-03-28 17:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-04-21 17:25 . 2011-03-29 09:04 27760 ----a-w- c:\windows\system32\ViakaraokeSrv.exe 2012-04-21 17:25 . 2011-03-29 09:04 116848 ----a-w- c:\windows\system32\ViaKaraokePropPageExt.dll 2012-04-21 17:25 . 2011-03-29 09:04 1161328 ----a-w- c:\windows\system32\ViaKaraokeApo.dll 2012-04-21 17:25 . 2007-12-04 10:28 86016 ----a-w- c:\windows\system32\nQPropPageExt.dll 2012-04-21 17:25 . 2007-12-04 10:28 82432 ----a-w- c:\windows\system32\nQAPO.dll 2012-04-21 17:25 . 2012-04-21 17:26 414632 ------w- c:\windows\difxapi.dll 2012-04-19 03:50 . 2012-04-19 03:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2012-04-18 02:03 . 2012-04-21 14:56 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBFDAF5D-CD80-43A9-B85E-60A9D4A2674F}\mpengine.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d}"= "c:\program files (x86)\Nectar Search Toolbar\Helper.dll" [2012-06-12 360960] . [HKEY_CLASSES_ROOT\clsid\{ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{8021825B-2FBA-43AA-8FC9-1289DCD80B76}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B7C2F0D8-2209-4693-A15D-5A537211D48B}] 2012-06-12 12:49 1624576 ----a-w- c:\program files (x86)\Nectar Search Toolbar\Toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{8020143D-5926-4394-A04D-DD0B649DA121}"= "c:\program files (x86)\Nectar Search Toolbar\Toolbar.dll" [2012-06-12 1624576] . [HKEY_CLASSES_ROOT\clsid\{8020143d-5926-4394-a04d-dd0b649da121}] [HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{22466F1F-0B10-41B0-A971-3A28599AA7C7}] [HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-21 39408] "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-27 955280] "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-16 21416] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448] "ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-27 3521424] "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264] . c:\users\Kkthnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Belkin Network USB Hub Control Center.lnk - c:\program files\Belkin\Network USB Hub Control Center\Connect.exe [2012-4-21 790651] BUFFALO NAS Navigator2.lnk - c:\program files (x86)\BUFFALO\NASNAVI\NasNavi.exe [2011-10-27 1927120] ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912] NAS Scheduler.lnk - c:\program files (x86)\BUFFALO\NASNAVI\nassche.exe [2009-5-15 206128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-21 116648] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.382.0\SeaPort.exe [2012-04-16 240208] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-21 116648] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.382.0\BBSvc.exe [2012-04-16 193616] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x] S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000] S2 NasPmService;NAS PM Service;c:\program files (x86)\BUFFALO\NASNAVI\nassvc.exe [2011-10-31 251760] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040] S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880] S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x] S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 09:37] . 2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-21 17:52] . 2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-21 17:52] . 2012-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1779838713-1673122979-475417329-1001Core.job - c:\users\Kkthnx\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-25 17:52] . 2012-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1779838713-1673122979-475417329-1001UA.job - c:\users\Kkthnx\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-25 17:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{8020143D-5926-4394-A04D-DD0B649DA121} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe c:\program files (x86)\TeamViewer\Version7\tv_w32.exe c:\program files\Logitech Gaming Software\Applets\LCDMedia.exe . ************************************************************************** . Completion time: 2012-06-17 16:22:50 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-17 15:22 . Pre-Run: 288,396,566,528 bytes free Post-Run: 287,872,425,984 bytes free . - - End Of File - - B243040802F8DD43A4E7AB7D3DC5659F -
Random loss of access to certain webpages and lag.
kkthnx replied to kkthnx's topic in Resolved Malware Removal Logs
All processes killed ========== PROCESSES ========== ========== FILES ========== recycler not found in C:\ recycler not found in D:\ recycler not found in E:\ recycler not found in F:\ recycler not found in G:\ recycler not found in H:\ recycler not found in I:\ recycler not found in J:\ recycler not found in K:\ recycler not found in L:\ ========== COMMANDS ========== HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Kkthnx ->Temp folder emptied: 49045747 bytes ->Temporary Internet Files folder emptied: 269407165 bytes ->Google Chrome cache emptied: 62881985 bytes ->Apple Safari cache emptied: 14817280 bytes ->Flash cache emptied: 1408 bytes User: Lisa ->Temp folder emptied: 539787 bytes ->Temporary Internet Files folder emptied: 114768487 bytes ->Flash cache emptied: 901 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 242596 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes RecycleBin emptied: 17049005024 bytes Total Files Cleaned = 16,747.00 mb Restore point Set: OTL Restore Point [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Kkthnx ->Flash cache emptied: 0 bytes User: Lisa ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.49.0 log created on 06172012_155824 Files\Folders moved on Reboot... C:\Users\Kkthnx\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot. File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot. Registry entries deleted on Reboot... -
Random loss of access to certain webpages and lag.
kkthnx replied to kkthnx's topic in Resolved Malware Removal Logs
Results of screen317's Security Check version 0.99.41 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Edition 2012 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` AVG PC Tuneup Adobe Reader X (10.1.3) Google Chrome 19.0.1084.52 Google Chrome 19.0.1084.56 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe AVG avgtray.exe Trend Micro HiJackThis HiJackThis.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` -
Random loss of access to certain webpages and lag.
kkthnx replied to kkthnx's topic in Resolved Malware Removal Logs
OTL Extras logfile created on: 16/06/2012 19:39:21 - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Kkthnx\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 15.99 Gb Total Physical Memory | 11.15 Gb Available Physical Memory | 69.74% Memory free 31.98 Gb Paging File | 26.26 Gb Available in Paging File | 82.12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.66 Gb Total Space | 251.92 Gb Free Space | 54.10% Space Free | Partition Type: NTFS Drive D: | 233.76 Gb Total Space | 11.62 Gb Free Space | 4.97% Space Free | Partition Type: NTFS Drive E: | 1.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive F: | 917.07 Gb Total Space | 467.70 Gb Free Space | 51.00% Space Free | Partition Type: NTFS Drive G: | 917.07 Gb Total Space | 625.00 Gb Free Space | 68.15% Space Free | Partition Type: NTFS Drive H: | 451.41 Gb Total Space | 398.90 Gb Free Space | 88.37% Space Free | Partition Type: NTFS Drive I: | 358.28 Gb Total Space | 234.73 Gb Free Space | 65.52% Space Free | Partition Type: NTFS Drive J: | 3696.91 Gb Total Space | 3621.68 Gb Free Space | 97.97% Space Free | Partition Type: NTFS Drive K: | 358.28 Gb Total Space | 234.73 Gb Free Space | 65.52% Space Free | Partition Type: NTFS Drive L: | 1.83 Gb Total Space | 1.82 Gb Free Space | 99.40% Space Free | Partition Type: FAT Computer Name: KKTHNX-PC | User Name: Kkthnx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03109532-3286-422B-9A73-1294BF173E77}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{20CC0F94-7B1D-4212-81D9-EA2BDF4F662B}" = rport=137 | protocol=17 | dir=out | app=system | "{3741FD20-DC92-4E62-96F0-8819FDD75218}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{4012471E-29FD-4B3B-AB8A-9E480358EDA5}" = lport=138 | protocol=17 | dir=in | app=system | "{410C722F-9605-4ABD-9C3B-2DADEA631629}" = lport=19540 | protocol=17 | dir=in | name=sxuptp | "{44C03FE9-0316-410F-B72F-1C1DE3B6EBBE}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{4C082241-69E1-47ED-A4F0-1A14C97DD9FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | "{4E8D6D3F-8BB3-40F0-B7FC-3F492C8FAFF7}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{582CCFA8-A1B1-4393-BE2F-E9CA4FAE7C4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6BAD3854-AAE7-40C2-918B-A2B35D22F163}" = lport=139 | protocol=6 | dir=in | app=system | "{72E23BC5-2C04-4104-87BD-6F621682F101}" = rport=139 | protocol=6 | dir=out | app=system | "{77CC0975-F4A6-4FFA-8995-FCE80157378B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | "{8256EC3C-243A-4330-B197-14D68155B679}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8E67BC46-9DE7-49E4-8926-5E0574AD72E8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) | "{8ED5DC53-3976-45BF-AAF7-1EFEFB6BC7D3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{972AF833-0BA9-4855-9C4A-1741680F84D5}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{AFCCC138-E95C-49EA-B0FE-CD79C97516BF}" = rport=445 | protocol=6 | dir=out | app=system | "{B65CD66D-E89B-4986-B850-342F29C04929}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{BC318D12-A6DA-47C8-B1BB-DAF02BD63CF7}" = lport=137 | protocol=17 | dir=in | app=system | "{C05B5494-4084-4E08-A9A9-53E2EFC257C2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C099A85C-4C34-4C3F-8834-25FA01C27873}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C0E63225-511C-4F9A-AAAD-076CCCF10357}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D04D0E13-8B15-4268-BDD3-80E3DB8C6C26}" = rport=138 | protocol=17 | dir=out | app=system | "{D19F0276-D63B-4B7B-B3BE-DA0406498B1C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D1A79A2F-4994-4143-AC9F-E6863E88E05C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{D39BF75F-68E8-4DCB-BBAF-A25320BDD41C}" = lport=445 | protocol=6 | dir=in | app=system | "{EC092F9B-0F98-4673-930D-7F5365595E45}" = lport=2869 | protocol=6 | dir=in | app=system | "{EC158EA4-E346-44E6-9794-9574663FB556}" = rport=10243 | protocol=6 | dir=out | app=system | "{ECA757BA-EDFC-4DD7-9E86-69902A1484EF}" = lport=10243 | protocol=6 | dir=in | app=system | "{F2C6D28C-2174-485D-969F-2D511D3395EA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe | "{F95E14EE-F161-405A-883A-0DB47B301246}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02FEC314-A7BD-42B7-850E-504DC481C40C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{0FEB2194-413C-452E-B52D-D3C54E267351}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{1358B4AC-9753-4806-8727-47B7A871791C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{1554D3E8-4FFE-449C-A8C0-5483A62156BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1686A5B4-F2CA-4910-AF5A-F0E7C2C866E8}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | "{170D6F07-C1DC-4D94-9753-9F384CCAADFC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2CDF6D17-E886-4AF9-95C2-DD6CEE7081D1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2CFD2D13-2E2F-4943-9046-17DCAAA71A85}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{300C9D2D-C6C6-4E57-9965-88370BD9A8C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{317B2280-E508-4010-9F34-CEA533A9A5E1}" = protocol=6 | dir=out | app=system | "{384052D1-C261-411B-A8C2-5957595EFB49}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) | "{398F2DD9-2812-41D3-9C14-C536A143511D}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{3F806D0D-6F53-4509-B0EF-E2A6C057CEFB}" = protocol=58 | dir=in | app=system | "{448BE999-5518-44A4-A816-2C575EAA8C04}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{4931A365-1C02-4B6B-9F9D-6C2A2480AF46}" = protocol=6 | dir=in | app=c:\program files (x86)\nectar search toolbar\troubleshooter.exe | "{4CBAA2FF-CA00-4C97-A418-3EB3BDE9B36A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{50370C14-5BFA-49A1-B602-45BCDEAC1F99}" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe | "{50C2923B-5EF3-45FB-94FB-45AE3C076962}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{54A63216-E579-4F31-B60B-0D0F07039B42}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{57713688-BC88-4BB7-9624-792A085BA560}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{5C1B1455-EE7F-49F4-9B72-572EF7475672}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5EF395D3-FCD8-41C9-B42E-ADC9F82D4D1C}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "{6245FE47-50A2-408C-B335-F9E90602DF9E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{650EB11F-B11E-4910-A536-55E291C37176}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{69CDD8B9-98BB-4038-8221-4324E7492267}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6B30ED58-9F48-4832-A9BC-3175A7FD32C7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{715C1227-AC07-46EF-AE22-635A2ADD8FFB}" = protocol=17 | dir=in | app=c:\program files (x86)\nectar search toolbar\troubleshooter.exe | "{7314259B-D60D-43CF-B6C1-60A2FEE5C706}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{75A0B26F-091E-45AC-8CEB-535411DDAFC0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7677FCFD-2AD0-4304-A98B-A80F287EC6CE}" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe | "{7BDB55D1-5BAE-4052-95B3-FB90FA09F5A0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{932CCB1B-CDE0-4B5F-A2EE-901E0A6C3D5C}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) | "{9806D792-21AF-462A-ABDC-278F1F0609F7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9DDDD60C-B3C7-4579-8BA6-6D5BE33C8640}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{9E9BDC04-91BF-4816-B68E-D19A95213912}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{9FD0586A-0D32-4816-9DB8-D19B0826DCE3}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) | "{9FE9CB4A-38FF-4DA1-9CCF-E147ACFD8D58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A12E3932-4669-4E74-8837-88D99E75FE4D}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | "{A28A5AC7-5D44-47C7-86CF-D2E4099AFDEF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{A9196B45-7B61-40A9-B6CE-03EE65AD7970}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{AB0A8F41-481D-4D61-9185-C53BE98D4958}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{AFFE5852-1873-4593-852F-45CC26E61214}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | "{B230F118-D216-451D-BF4B-9ADF6C59000D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{B9C1AC3C-CAA8-4003-9AC8-646EC494A4CA}" = protocol=17 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe | "{B9E87AA2-BB12-4282-8924-91B55C02C1C4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{BB5E386B-FEC9-45EA-9170-02E33360771E}" = protocol=6 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe | "{BF069F11-DBCA-48F4-A95B-F48B00389992}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "{C4DCBF26-262E-46A3-B8A8-F6CE7B00BB56}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) | "{C75169DF-1971-4B96-A2F8-D9FB1773B412}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{CD25B79B-4C18-4616-8DC0-8207D4EEF314}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{D0085A35-A6F5-4841-AAD4-55DA88EAE37F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D16C28DB-037C-4374-A01E-D659F5603924}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{DB170881-1BDD-423A-B99D-8BCA596F3F97}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{F3F500CA-91E9-46C9-9D6E-6B7137203542}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{F5622474-F271-490C-81B6-EF404569E222}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | "{F56953A7-6CFC-4780-A45B-14C9185CB3D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F6C793E2-55A9-446B-8F9E-64F6A0D5FA35}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{FE95B263-4DCF-43EB-AD9D-45E1D4CD6D79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{10E3E779-703B-4996-844D-2385D7C1409E}C:\program files\belkin\network usb hub control center\connect.exe" = protocol=6 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe | "TCP Query User{1F4954AD-A30B-43FC-A054-1DBAABAAF91B}D:\program files (x86)\sony\everquest\eqvoiceservice.exe" = protocol=6 | dir=in | app=d:\program files (x86)\sony\everquest\eqvoiceservice.exe | "TCP Query User{35CA7747-2B06-4263-86CD-128B223C612E}C:\program files (x86)\research in motion\blackberry desktop\rim.desktophelper.exe" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktophelper.exe | "TCP Query User{6461F739-4F35-4ADC-9673-7CA5092C092C}C:\users\kkthnx\desktop\link\tftpsrv.exe" = protocol=6 | dir=in | app=c:\users\kkthnx\desktop\link\tftpsrv.exe | "TCP Query User{7C651FC0-DB49-4445-B618-AA56890E1485}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "TCP Query User{8A6D73B1-6D7C-45ED-BA68-C9104A804BF4}C:\macroquest2\mq2eqbcs.exe" = protocol=6 | dir=in | app=c:\macroquest2\mq2eqbcs.exe | "TCP Query User{9616D85F-ECF5-42F4-BA45-D2452AAB9246}C:\macroquest2\mmoloader.exe" = protocol=6 | dir=in | app=c:\macroquest2\mmoloader.exe | "TCP Query User{9D83F623-D0AD-4E19-98C4-88D6984A881C}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe | "TCP Query User{CBB71A7E-29FA-411D-854B-DF67DB1D68AB}D:\program files (x86)\sony\legends of norrath\launchpad.exe" = protocol=6 | dir=in | app=d:\program files (x86)\sony\legends of norrath\launchpad.exe | "TCP Query User{FF752B41-914C-4F9C-BC6E-25EB31F2A778}D:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\program files (x86)\mirc\mirc.exe | "UDP Query User{155472E4-6380-445C-8C53-5CB8BA1F0E5F}C:\macroquest2\mq2eqbcs.exe" = protocol=17 | dir=in | app=c:\macroquest2\mq2eqbcs.exe | "UDP Query User{236FF75A-5F22-4096-8482-E7A587302132}C:\macroquest2\mmoloader.exe" = protocol=17 | dir=in | app=c:\macroquest2\mmoloader.exe | "UDP Query User{30719585-1FE6-416B-8696-71D773F4C34D}C:\users\kkthnx\desktop\link\tftpsrv.exe" = protocol=17 | dir=in | app=c:\users\kkthnx\desktop\link\tftpsrv.exe | "UDP Query User{4848C665-67B3-40EB-8364-5B6B447AA0D3}D:\program files (x86)\sony\everquest\eqvoiceservice.exe" = protocol=17 | dir=in | app=d:\program files (x86)\sony\everquest\eqvoiceservice.exe | "UDP Query User{516D2956-9469-459C-A122-3DFA204BF57E}D:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\program files (x86)\mirc\mirc.exe | "UDP Query User{7DA31594-A5A9-42AD-B7BC-EED7241C858F}C:\program files\belkin\network usb hub control center\connect.exe" = protocol=17 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe | "UDP Query User{C2296C0C-DAB1-45D5-9D9B-FEB9FB4286B7}D:\program files (x86)\sony\legends of norrath\launchpad.exe" = protocol=17 | dir=in | app=d:\program files (x86)\sony\legends of norrath\launchpad.exe | "UDP Query User{CB4F8064-D52A-49FD-AE7A-740833F23448}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe | "UDP Query User{D40B3E05-79BC-491F-BC3B-7CA81A79E498}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "UDP Query User{FEA0BB18-49AC-44CD-A3A3-8EFDB8D9F793}C:\program files (x86)\research in motion\blackberry desktop\rim.desktophelper.exe" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktophelper.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety "{06DB2C4C-DC29-DA42-3B00-5581CBF545BB}" = AMD Drag and Drop Transcoding "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{13815D81-44B6-7ADA-2A41-FFFC64DD6FAB}" = ccc-utility64 "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding "{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7C5CAFD6-F51C-0011-410B-001EF3E342A7}" = AMD Media Foundation Decoders "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{90CB2C55-426D-0752-968D-9B0F1110202A}" = AMD Catalyst Install Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{BFF4A9FB-75F3-4162-84CD-16CE48C19173}" = AVG 2012 "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "AVG" = AVG 2012 "Belkin Network USB Hub Control Center" = Belkin Network USB Hub Control Center "CPUID CPU-Z_is1" = CPUID CPU-Z 1.60.1 "Logitech Gaming Software" = Logitech Gaming Software 8.20 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional "{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian "{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater "{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common "{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish "{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish "{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai "{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish "{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean "{7FB64E72-9B0E-4460-A821-040C341E414A}" = ASUS Ai Charger "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9739666-2235-42F8-85D6-9B4005DC7951}" = Bing Bar "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German "{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English "{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding "{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish "{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek "{CC2BAF9A-926F-791D-772C-F582CD8A47B0}" = Catalyst Control Center InstallProxy "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1 "{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D7A89413-FB45-4ECE-A893-32DC87F45554}" = Legends of Norrath "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese "{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = Catalyst Control Center "{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1 "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "BlackBerry_Desktop" = BlackBerry Desktop Software 6.1 "ERUNT_is1" = ERUNT 1.1j "ExtractNow_is1" = ExtractNow "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "mIRC" = mIRC "Nectar Search Toolbar" = Nectar Search Toolbar "Office14.SingleImage" = Microsoft Office Home and Student 2010 "TeamViewer 7" = TeamViewer 7 "UN060501" = BUFFALO NAS Navigator2 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{EE19063F-7048-4094-9A1D-D69D9C591119}_is1" = Albelli Photo books "6f16172c295f43ac" = GamParse "Google Chrome" = Google Chrome "SOE-EverQuest" = EverQuest ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 08/05/2012 16:05:21 | Computer Name = Kkthnx-PC | Source = Application Hang | ID = 1002 Description = The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: e28 Start Time: 01cd2d53ecf9da13 Termination Time: 24252 Application Path: C:\Windows\explorer.exe Report Id: 0cb3574d-9949-11e1-8ae1-bcaec5b6be7c Error - 08/05/2012 16:08:21 | Computer Name = Kkthnx-PC | Source = Application Hang | ID = 1002 Description = The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: b34 Start Time: 01cd2d55d7878733 Termination Time: 7000 Application Path: C:\Windows\explorer.exe Report Id: 88726629-9949-11e1-8ae1-bcaec5b6be7c Error - 08/05/2012 17:24:32 | Computer Name = Kkthnx-PC | Source = Application Hang | ID = 1002 Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: dd4 Start Time: 01cd2d5b02f5bb45 Termination Time: 60000 Application Path: C:\Windows\Explorer.EXE Report Id: 081d870f-9954-11e1-9db4-bcaec5b6be7c Error - 09/05/2012 04:36:30 | Computer Name = Kkthnx-PC | Source = Application Hang | ID = 1002 Description = The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: c4c Start Time: 01cd2d60cfacb8e3 Termination Time: 22964 Application Path: C:\Windows\explorer.exe Report Id: 028fef2e-99b2-11e1-9db4-bcaec5b6be7c Error - 11/05/2012 16:57:48 | Computer Name = Kkthnx-PC | Source = Application Error | ID = 1000 Description = Faulting application name: eqgame.exe, version: 0.0.0.0, time stamp: 0x4fa8cdbd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x77551264 Faulting process id: 0x850 Faulting application start time: 0x01cd2f7f477024c3 Faulting application path: D:\Program Files (x86)\Sony\EverQuest\eqgame.exe Faulting module path: unknown Report Id: f6a3ca47-9bab-11e1-9db4-bcaec5b6be7c Error - 20/05/2012 10:38:18 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-RestartManager | ID = 10006 Description = Application or service 'adb' could not be shut down. Error - 27/05/2012 09:07:44 | Computer Name = Kkthnx-PC | Source = Application Error | ID = 1000 Description = Faulting application name: eqgame.exe, version: 0.0.0.0, time stamp: 0x4fad9db8 Faulting module name: MQ2Main.dll_unloaded, version: 0.0.0.0, time stamp: 0x4fb144e5 Exception code: 0xc0000005 Fault offset: 0x032001d8 Faulting process id: 0x1a10 Faulting application start time: 0x01cd3c08688c0b8a Faulting application path: D:\Program Files (x86)\Sony\EverQuest\eqgame.exe Faulting module path: MQ2Main.dll Report Id: f212640f-a7fc-11e1-bd18-bcaec5b6be7c Error - 27/05/2012 09:07:52 | Computer Name = Kkthnx-PC | Source = Application Error | ID = 1000 Description = Faulting application name: eqgame.exe, version: 0.0.0.0, time stamp: 0x4fad9db8 Faulting module name: MQ2Main.dll_unloaded, version: 0.0.0.0, time stamp: 0x4fb144e5 Exception code: 0xc0000005 Fault offset: 0x037901d8 Faulting process id: 0x1c90 Faulting application start time: 0x01cd3a90a596d80b Faulting application path: D:\Program Files (x86)\Sony\EverQuest\eqgame.exe Faulting module path: MQ2Main.dll Report Id: f6b856dc-a7fc-11e1-bd18-bcaec5b6be7c Error - 03/06/2012 13:06:04 | Computer Name = Kkthnx-PC | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0xca62196b Faulting process id: 0x1e9c Faulting application start time: 0x01cd417026b3276d Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown Report Id: 6663e407-ad9e-11e1-b243-bcaec5b6be7c Error - 04/06/2012 09:55:20 | Computer Name = Kkthnx-PC | Source = Application Hang | ID = 1002 Description = The program eqgame.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1c38 Start Time: 01cd424fc84ca0a3 Termination Time: 60000 Application Path: D:\Program Files (x86)\Sony\EverQuest\eqgame.exe Report Id: c0fe3200-ae4c-11e1-b243-bcaec5b6be7c [ System Events ] Error - 15/06/2012 08:51:23 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 15/06/2012 08:51:23 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 15/06/2012 09:22:36 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 15/06/2012 09:22:37 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 15/06/2012 10:52:39 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 15/06/2012 22:58:11 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 16/06/2012 11:56:46 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 16/06/2012 11:56:52 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 16/06/2012 11:56:57 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 16/06/2012 11:56:58 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. < End of report > -
Random loss of access to certain webpages and lag.
kkthnx replied to kkthnx's topic in Resolved Malware Removal Logs
Computer Name: KKTHNX-PC | User Name: Kkthnx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03109532-3286-422B-9A73-1294BF173E77}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{20CC0F94-7B1D-4212-81D9-EA2BDF4F662B}" = rport=137 | protocol=17 | dir=out | app=system | "{3741FD20-DC92-4E62-96F0-8819FDD75218}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{4012471E-29FD-4B3B-AB8A-9E480358EDA5}" = lport=138 | protocol=17 | dir=in | app=system | "{410C722F-9605-4ABD-9C3B-2DADEA631629}" = lport=19540 | protocol=17 | dir=in | name=sxuptp | "{44C03FE9-0316-410F-B72F-1C1DE3B6EBBE}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{4C082241-69E1-47ED-A4F0-1A14C97DD9FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | "{4E8D6D3F-8BB3-40F0-B7FC-3F492C8FAFF7}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{582CCFA8-A1B1-4393-BE2F-E9CA4FAE7C4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6BAD3854-AAE7-40C2-918B-A2B35D22F163}" = lport=139 | protocol=6 | dir=in | app=system | "{72E23BC5-2C04-4104-87BD-6F621682F101}" = rport=139 | protocol=6 | dir=out | app=system | "{77CC0975-F4A6-4FFA-8995-FCE80157378B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | "{8256EC3C-243A-4330-B197-14D68155B679}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8E67BC46-9DE7-49E4-8926-5E0574AD72E8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) | "{8ED5DC53-3976-45BF-AAF7-1EFEFB6BC7D3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{972AF833-0BA9-4855-9C4A-1741680F84D5}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{AFCCC138-E95C-49EA-B0FE-CD79C97516BF}" = rport=445 | protocol=6 | dir=out | app=system | "{B65CD66D-E89B-4986-B850-342F29C04929}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{BC318D12-A6DA-47C8-B1BB-DAF02BD63CF7}" = lport=137 | protocol=17 | dir=in | app=system | "{C05B5494-4084-4E08-A9A9-53E2EFC257C2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C099A85C-4C34-4C3F-8834-25FA01C27873}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C0E63225-511C-4F9A-AAAD-076CCCF10357}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D04D0E13-8B15-4268-BDD3-80E3DB8C6C26}" = rport=138 | protocol=17 | dir=out | app=system | "{D19F0276-D63B-4B7B-B3BE-DA0406498B1C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D1A79A2F-4994-4143-AC9F-E6863E88E05C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{D39BF75F-68E8-4DCB-BBAF-A25320BDD41C}" = lport=445 | protocol=6 | dir=in | app=system | "{EC092F9B-0F98-4673-930D-7F5365595E45}" = lport=2869 | protocol=6 | dir=in | app=system | "{EC158EA4-E346-44E6-9794-9574663FB556}" = rport=10243 | protocol=6 | dir=out | app=system | "{ECA757BA-EDFC-4DD7-9E86-69902A1484EF}" = lport=10243 | protocol=6 | dir=in | app=system | "{F2C6D28C-2174-485D-969F-2D511D3395EA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe | "{F95E14EE-F161-405A-883A-0DB47B301246}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02FEC314-A7BD-42B7-850E-504DC481C40C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{0FEB2194-413C-452E-B52D-D3C54E267351}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{1358B4AC-9753-4806-8727-47B7A871791C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{1554D3E8-4FFE-449C-A8C0-5483A62156BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1686A5B4-F2CA-4910-AF5A-F0E7C2C866E8}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | "{170D6F07-C1DC-4D94-9753-9F384CCAADFC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2CDF6D17-E886-4AF9-95C2-DD6CEE7081D1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2CFD2D13-2E2F-4943-9046-17DCAAA71A85}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{300C9D2D-C6C6-4E57-9965-88370BD9A8C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{317B2280-E508-4010-9F34-CEA533A9A5E1}" = protocol=6 | dir=out | app=system | "{384052D1-C261-411B-A8C2-5957595EFB49}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) | "{398F2DD9-2812-41D3-9C14-C536A143511D}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{3F806D0D-6F53-4509-B0EF-E2A6C057CEFB}" = protocol=58 | dir=in | app=system | "{448BE999-5518-44A4-A816-2C575EAA8C04}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{4931A365-1C02-4B6B-9F9D-6C2A2480AF46}" = protocol=6 | dir=in | app=c:\program files (x86)\nectar search toolbar\troubleshooter.exe | "{4CBAA2FF-CA00-4C97-A418-3EB3BDE9B36A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{50370C14-5BFA-49A1-B602-45BCDEAC1F99}" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe | "{50C2923B-5EF3-45FB-94FB-45AE3C076962}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{54A63216-E579-4F31-B60B-0D0F07039B42}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{57713688-BC88-4BB7-9624-792A085BA560}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{5C1B1455-EE7F-49F4-9B72-572EF7475672}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5EF395D3-FCD8-41C9-B42E-ADC9F82D4D1C}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "{6245FE47-50A2-408C-B335-F9E90602DF9E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{650EB11F-B11E-4910-A536-55E291C37176}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{69CDD8B9-98BB-4038-8221-4324E7492267}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6B30ED58-9F48-4832-A9BC-3175A7FD32C7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{715C1227-AC07-46EF-AE22-635A2ADD8FFB}" = protocol=17 | dir=in | app=c:\program files (x86)\nectar search toolbar\troubleshooter.exe | "{7314259B-D60D-43CF-B6C1-60A2FEE5C706}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{75A0B26F-091E-45AC-8CEB-535411DDAFC0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7677FCFD-2AD0-4304-A98B-A80F287EC6CE}" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe | "{7BDB55D1-5BAE-4052-95B3-FB90FA09F5A0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{932CCB1B-CDE0-4B5F-A2EE-901E0A6C3D5C}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) | "{9806D792-21AF-462A-ABDC-278F1F0609F7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9DDDD60C-B3C7-4579-8BA6-6D5BE33C8640}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{9E9BDC04-91BF-4816-B68E-D19A95213912}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{9FD0586A-0D32-4816-9DB8-D19B0826DCE3}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) | "{9FE9CB4A-38FF-4DA1-9CCF-E147ACFD8D58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A12E3932-4669-4E74-8837-88D99E75FE4D}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | "{A28A5AC7-5D44-47C7-86CF-D2E4099AFDEF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{A9196B45-7B61-40A9-B6CE-03EE65AD7970}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{AB0A8F41-481D-4D61-9185-C53BE98D4958}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{AFFE5852-1873-4593-852F-45CC26E61214}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | "{B230F118-D216-451D-BF4B-9ADF6C59000D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{B9C1AC3C-CAA8-4003-9AC8-646EC494A4CA}" = protocol=17 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe | "{B9E87AA2-BB12-4282-8924-91B55C02C1C4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{BB5E386B-FEC9-45EA-9170-02E33360771E}" = protocol=6 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe | "{BF069F11-DBCA-48F4-A95B-F48B00389992}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "{C4DCBF26-262E-46A3-B8A8-F6CE7B00BB56}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) | "{C75169DF-1971-4B96-A2F8-D9FB1773B412}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{CD25B79B-4C18-4616-8DC0-8207D4EEF314}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{D0085A35-A6F5-4841-AAD4-55DA88EAE37F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D16C28DB-037C-4374-A01E-D659F5603924}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{DB170881-1BDD-423A-B99D-8BCA596F3F97}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{F3F500CA-91E9-46C9-9D6E-6B7137203542}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{F5622474-F271-490C-81B6-EF404569E222}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | "{F56953A7-6CFC-4780-A45B-14C9185CB3D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F6C793E2-55A9-446B-8F9E-64F6A0D5FA35}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{FE95B263-4DCF-43EB-AD9D-45E1D4CD6D79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{10E3E779-703B-4996-844D-2385D7C1409E}C:\program files\belkin\network usb hub control center\connect.exe" = protocol=6 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe | "TCP Query User{1F4954AD-A30B-43FC-A054-1DBAABAAF91B}D:\program files (x86)\sony\everquest\eqvoiceservice.exe" = protocol=6 | dir=in | app=d:\program files (x86)\sony\everquest\eqvoiceservice.exe | "TCP Query User{35CA7747-2B06-4263-86CD-128B223C612E}C:\program files (x86)\research in motion\blackberry desktop\rim.desktophelper.exe" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktophelper.exe | "TCP Query User{6461F739-4F35-4ADC-9673-7CA5092C092C}C:\users\kkthnx\desktop\link\tftpsrv.exe" = protocol=6 | dir=in | app=c:\users\kkthnx\desktop\link\tftpsrv.exe | "TCP Query User{7C651FC0-DB49-4445-B618-AA56890E1485}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "TCP Query User{8A6D73B1-6D7C-45ED-BA68-C9104A804BF4}C:\macroquest2\mq2eqbcs.exe" = protocol=6 | dir=in | app=c:\macroquest2\mq2eqbcs.exe | "TCP Query User{9616D85F-ECF5-42F4-BA45-D2452AAB9246}C:\macroquest2\mmoloader.exe" = protocol=6 | dir=in | app=c:\macroquest2\mmoloader.exe | "TCP Query User{9D83F623-D0AD-4E19-98C4-88D6984A881C}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe | "TCP Query User{CBB71A7E-29FA-411D-854B-DF67DB1D68AB}D:\program files (x86)\sony\legends of norrath\launchpad.exe" = protocol=6 | dir=in | app=d:\program files (x86)\sony\legends of norrath\launchpad.exe | "TCP Query User{FF752B41-914C-4F9C-BC6E-25EB31F2A778}D:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\program files (x86)\mirc\mirc.exe | "UDP Query User{155472E4-6380-445C-8C53-5CB8BA1F0E5F}C:\macroquest2\mq2eqbcs.exe" = protocol=17 | dir=in | app=c:\macroquest2\mq2eqbcs.exe | "UDP Query User{236FF75A-5F22-4096-8482-E7A587302132}C:\macroquest2\mmoloader.exe" = protocol=17 | dir=in | app=c:\macroquest2\mmoloader.exe | "UDP Query User{30719585-1FE6-416B-8696-71D773F4C34D}C:\users\kkthnx\desktop\link\tftpsrv.exe" = protocol=17 | dir=in | app=c:\users\kkthnx\desktop\link\tftpsrv.exe | "UDP Query User{4848C665-67B3-40EB-8364-5B6B447AA0D3}D:\program files (x86)\sony\everquest\eqvoiceservice.exe" = protocol=17 | dir=in | app=d:\program files (x86)\sony\everquest\eqvoiceservice.exe | "UDP Query User{516D2956-9469-459C-A122-3DFA204BF57E}D:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\program files (x86)\mirc\mirc.exe | "UDP Query User{7DA31594-A5A9-42AD-B7BC-EED7241C858F}C:\program files\belkin\network usb hub control center\connect.exe" = protocol=17 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe | "UDP Query User{C2296C0C-DAB1-45D5-9D9B-FEB9FB4286B7}D:\program files (x86)\sony\legends of norrath\launchpad.exe" = protocol=17 | dir=in | app=d:\program files (x86)\sony\legends of norrath\launchpad.exe | "UDP Query User{CB4F8064-D52A-49FD-AE7A-740833F23448}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe | "UDP Query User{D40B3E05-79BC-491F-BC3B-7CA81A79E498}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "UDP Query User{FEA0BB18-49AC-44CD-A3A3-8EFDB8D9F793}C:\program files (x86)\research in motion\blackberry desktop\rim.desktophelper.exe" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktophelper.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety "{06DB2C4C-DC29-DA42-3B00-5581CBF545BB}" = AMD Drag and Drop Transcoding "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{13815D81-44B6-7ADA-2A41-FFFC64DD6FAB}" = ccc-utility64 "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding "{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7C5CAFD6-F51C-0011-410B-001EF3E342A7}" = AMD Media Foundation Decoders "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{90CB2C55-426D-0752-968D-9B0F1110202A}" = AMD Catalyst Install Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{BFF4A9FB-75F3-4162-84CD-16CE48C19173}" = AVG 2012 "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "AVG" = AVG 2012 "Belkin Network USB Hub Control Center" = Belkin Network USB Hub Control Center "CPUID CPU-Z_is1" = CPUID CPU-Z 1.60.1 "Logitech Gaming Software" = Logitech Gaming Software 8.20 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional "{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian "{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater "{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common "{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish "{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish "{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai "{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish "{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean "{7FB64E72-9B0E-4460-A821-040C341E414A}" = ASUS Ai Charger "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9739666-2235-42F8-85D6-9B4005DC7951}" = Bing Bar "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German "{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English "{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding "{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish "{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek "{CC2BAF9A-926F-791D-772C-F582CD8A47B0}" = Catalyst Control Center InstallProxy "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1 "{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D7A89413-FB45-4ECE-A893-32DC87F45554}" = Legends of Norrath "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese "{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = Catalyst Control Center "{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1 "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "BlackBerry_Desktop" = BlackBerry Desktop Software 6.1 "ERUNT_is1" = ERUNT 1.1j "ExtractNow_is1" = ExtractNow "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "mIRC" = mIRC "Nectar Search Toolbar" = Nectar Search Toolbar "Office14.SingleImage" = Microsoft Office Home and Student 2010 "TeamViewer 7" = TeamViewer 7 "UN060501" = BUFFALO NAS Navigator2 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{EE19063F-7048-4094-9A1D-D69D9C591119}_is1" = Albelli Photo books "6f16172c295f43ac" = GamParse "Google Chrome" = Google Chrome "SOE-EverQuest" = EverQuest ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 08/05/2012 16:05:21 | Computer Name = Kkthnx-PC | Source = Application Hang | ID = 1002 Description = The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: e28 Start Time: 01cd2d53ecf9da13 Termination Time: 24252 Application Path: C:\Windows\explorer.exe Report Id: 0cb3574d-9949-11e1-8ae1-bcaec5b6be7c Error - 08/05/2012 16:08:21 | Computer Name = Kkthnx-PC | Source = Application Hang | ID = 1002 Description = The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: b34 Start Time: 01cd2d55d7878733 Termination Time: 7000 Application Path: C:\Windows\explorer.exe Report Id: 88726629-9949-11e1-8ae1-bcaec5b6be7c Error - 08/05/2012 17:24:32 | Computer Name = Kkthnx-PC | Source = Application Hang | ID = 1002 Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: dd4 Start Time: 01cd2d5b02f5bb45 Termination Time: 60000 Application Path: C:\Windows\Explorer.EXE Report Id: 081d870f-9954-11e1-9db4-bcaec5b6be7c Error - 09/05/2012 04:36:30 | Computer Name = Kkthnx-PC | Source = Application Hang | ID = 1002 Description = The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: c4c Start Time: 01cd2d60cfacb8e3 Termination Time: 22964 Application Path: C:\Windows\explorer.exe Report Id: 028fef2e-99b2-11e1-9db4-bcaec5b6be7c Error - 11/05/2012 16:57:48 | Computer Name = Kkthnx-PC | Source = Application Error | ID = 1000 Description = Faulting application name: eqgame.exe, version: 0.0.0.0, time stamp: 0x4fa8cdbd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x77551264 Faulting process id: 0x850 Faulting application start time: 0x01cd2f7f477024c3 Faulting application path: D:\Program Files (x86)\Sony\EverQuest\eqgame.exe Faulting module path: unknown Report Id: f6a3ca47-9bab-11e1-9db4-bcaec5b6be7c Error - 20/05/2012 10:38:18 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-RestartManager | ID = 10006 Description = Application or service 'adb' could not be shut down. Error - 27/05/2012 09:07:44 | Computer Name = Kkthnx-PC | Source = Application Error | ID = 1000 Description = Faulting application name: eqgame.exe, version: 0.0.0.0, time stamp: 0x4fad9db8 Faulting module name: MQ2Main.dll_unloaded, version: 0.0.0.0, time stamp: 0x4fb144e5 Exception code: 0xc0000005 Fault offset: 0x032001d8 Faulting process id: 0x1a10 Faulting application start time: 0x01cd3c08688c0b8a Faulting application path: D:\Program Files (x86)\Sony\EverQuest\eqgame.exe Faulting module path: MQ2Main.dll Report Id: f212640f-a7fc-11e1-bd18-bcaec5b6be7c Error - 27/05/2012 09:07:52 | Computer Name = Kkthnx-PC | Source = Application Error | ID = 1000 Description = Faulting application name: eqgame.exe, version: 0.0.0.0, time stamp: 0x4fad9db8 Faulting module name: MQ2Main.dll_unloaded, version: 0.0.0.0, time stamp: 0x4fb144e5 Exception code: 0xc0000005 Fault offset: 0x037901d8 Faulting process id: 0x1c90 Faulting application start time: 0x01cd3a90a596d80b Faulting application path: D:\Program Files (x86)\Sony\EverQuest\eqgame.exe Faulting module path: MQ2Main.dll Report Id: f6b856dc-a7fc-11e1-bd18-bcaec5b6be7c Error - 03/06/2012 13:06:04 | Computer Name = Kkthnx-PC | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0xca62196b Faulting process id: 0x1e9c Faulting application start time: 0x01cd417026b3276d Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown Report Id: 6663e407-ad9e-11e1-b243-bcaec5b6be7c Error - 04/06/2012 09:55:20 | Computer Name = Kkthnx-PC | Source = Application Hang | ID = 1002 Description = The program eqgame.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1c38 Start Time: 01cd424fc84ca0a3 Termination Time: 60000 Application Path: D:\Program Files (x86)\Sony\EverQuest\eqgame.exe Report Id: c0fe3200-ae4c-11e1-b243-bcaec5b6be7c [ System Events ] Error - 15/06/2012 08:51:23 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 15/06/2012 08:51:23 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 15/06/2012 09:22:36 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 15/06/2012 09:22:37 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 15/06/2012 10:52:39 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 15/06/2012 22:58:11 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 16/06/2012 11:56:46 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 16/06/2012 11:56:52 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 16/06/2012 11:56:57 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 16/06/2012 11:56:58 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. < End of report > -
Random loss of access to certain webpages and lag.
kkthnx replied to kkthnx's topic in Resolved Malware Removal Logs
OTL logfile created on: 16/06/2012 19:39:21 - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Kkthnx\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 15.99 Gb Total Physical Memory | 11.15 Gb Available Physical Memory | 69.74% Memory free 31.98 Gb Paging File | 26.26 Gb Available in Paging File | 82.12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.66 Gb Total Space | 251.92 Gb Free Space | 54.10% Space Free | Partition Type: NTFS Drive D: | 233.76 Gb Total Space | 11.62 Gb Free Space | 4.97% Space Free | Partition Type: NTFS Drive E: | 1.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive F: | 917.07 Gb Total Space | 467.70 Gb Free Space | 51.00% Space Free | Partition Type: NTFS Drive G: | 917.07 Gb Total Space | 625.00 Gb Free Space | 68.15% Space Free | Partition Type: NTFS Drive H: | 451.41 Gb Total Space | 398.90 Gb Free Space | 88.37% Space Free | Partition Type: NTFS Drive I: | 358.28 Gb Total Space | 234.73 Gb Free Space | 65.52% Space Free | Partition Type: NTFS Drive J: | 3696.91 Gb Total Space | 3621.68 Gb Free Space | 97.97% Space Free | Partition Type: NTFS Drive K: | 358.28 Gb Total Space | 234.73 Gb Free Space | 65.52% Space Free | Partition Type: NTFS Drive L: | 1.83 Gb Total Space | 1.82 Gb Free Space | 99.40% Space Free | Partition Type: FAT Computer Name: KKTHNX-PC | User Name: Kkthnx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/16 19:25:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kkthnx\Desktop\OTL.exe PRC - [2012/06/16 19:24:01 | 000,302,592 | ---- | M] () -- C:\ARK\2022s9hg.exe PRC - [2012/06/16 19:21:57 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kkthnx\Desktop\tdsskiller.exe PRC - [2012/06/16 19:20:13 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Kkthnx\Desktop\aswMBR.exe PRC - [2012/05/16 17:42:05 | 000,021,416 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012/05/12 00:16:23 | 006,934,528 | ---- | M] () -- D:\Program Files (x86)\Sony\EverQuest\eqgame.exe PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe PRC - [2012/04/27 02:13:06 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2012/04/21 18:53:14 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2012/04/16 17:49:06 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\SeaPort.EXE PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe PRC - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012/03/19 12:38:47 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe PRC - [2012/03/19 12:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012/03/19 12:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe PRC - [2011/12/07 21:11:56 | 000,659,224 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe PRC - [2011/10/31 14:53:44 | 000,251,760 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe PRC - [2011/10/27 11:17:20 | 001,927,120 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe PRC - [2011/10/13 10:58:04 | 003,256,408 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files (x86)\mIRC\mirc.exe PRC - [2011/09/01 17:47:26 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe PRC - [2010/05/10 11:04:16 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe PRC - [2009/07/16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe PRC - [2009/05/15 10:37:00 | 000,206,128 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe PRC - [2007/09/28 08:34:58 | 000,790,651 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe ========== Modules (No Company Name) ========== MOD - [2012/06/16 19:24:01 | 000,302,592 | ---- | M] () -- C:\ARK\2022s9hg.exe MOD - [2012/06/15 06:01:47 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bcec0e7db1d027328cc8cd702185fa66\PresentationFramework.ni.dll MOD - [2012/06/15 06:01:37 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b460188cf6862491550a006c3660e2e6\PresentationCore.ni.dll MOD - [2012/06/15 06:01:35 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll MOD - [2012/06/15 06:01:28 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1d3c2d83da69c30ba8edf5cfea3c0057\WindowsBase.ni.dll MOD - [2012/06/15 06:01:28 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll MOD - [2012/06/12 13:49:37 | 001,624,576 | ---- | M] () -- C:\Users\Kkthnx\AppData\LocalLow\FCTB000061465\Toolbar\Toolbar.dll MOD - [2012/06/12 13:49:37 | 001,624,576 | ---- | M] () -- C:\Program Files (x86)\Nectar Search Toolbar\Toolbar.dll MOD - [2012/06/12 13:49:37 | 000,360,960 | ---- | M] () -- C:\Users\Kkthnx\AppData\LocalLow\FCTB000061465\Toolbar\Helper.dll MOD - [2012/06/12 13:49:37 | 000,360,960 | ---- | M] () -- C:\Program Files (x86)\Nectar Search Toolbar\Helper.dll MOD - [2012/06/10 15:52:17 | 000,115,137 | ---- | M] () -- C:\Users\Kkthnx\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll MOD - [2012/05/30 20:30:34 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012/05/30 20:29:59 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/30 20:29:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/30 20:29:56 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/30 20:29:52 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/05/30 17:34:48 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\e72d56a0f58bcf95890614700f925609\System.Management.ni.dll MOD - [2012/05/30 17:33:45 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e5f1db35163684e821bca4a2fb0311b1\System.Runtime.Remoting.ni.dll MOD - [2012/05/30 17:33:41 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll MOD - [2012/05/30 17:10:08 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3263fe38362543170c1682381eeac25a\PresentationFramework.Aero.ni.dll MOD - [2012/05/30 17:07:40 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll MOD - [2012/05/30 17:07:37 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll MOD - [2012/05/30 17:07:32 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll MOD - [2012/05/30 17:07:27 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll MOD - [2012/05/16 17:42:05 | 000,021,416 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2012/04/17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll MOD - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2012/04/17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll MOD - [2012/04/17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2012/04/17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll MOD - [2012/04/17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2012/04/17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2012/04/17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll MOD - [2012/04/17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2012/01/12 00:54:44 | 000,220,672 | ---- | M] () -- C:\Users\Kkthnx\AppData\LocalLow\FCTB000061465\Toolbar\SearchComponent.dll MOD - [2012/01/10 23:39:26 | 000,512,512 | ---- | M] () -- C:\Users\Kkthnx\AppData\LocalLow\FCTB000061465\Toolbar\emailchecker_plugin.dll MOD - [2011/09/27 23:55:02 | 000,366,592 | ---- | M] () -- C:\Users\Kkthnx\AppData\LocalLow\FCTB000061465\Toolbar\RSSReader_plugin.dll MOD - [2011/07/01 20:53:38 | 000,395,264 | ---- | M] () -- C:\Users\Kkthnx\AppData\LocalLow\FCTB000061465\Toolbar\RadioPlugin.dll MOD - [2011/07/01 20:52:42 | 000,274,432 | ---- | M] () -- C:\Users\Kkthnx\AppData\LocalLow\FCTB000061465\Toolbar\bookmarksplugin.dll MOD - [2011/07/01 20:52:02 | 000,281,088 | ---- | M] () -- C:\Users\Kkthnx\AppData\LocalLow\FCTB000061465\Toolbar\weatherplugin.dll MOD - [2011/07/01 20:51:44 | 000,294,400 | ---- | M] () -- C:\Users\Kkthnx\AppData\LocalLow\FCTB000061465\Toolbar\msgboxplugin.dll MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009/10/14 13:36:34 | 000,181,592 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LvApi11\LvApi11.dll MOD - [2009/07/16 15:36:20 | 000,138,000 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll MOD - [2009/07/16 15:36:16 | 000,035,088 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll MOD - [2009/07/16 15:36:16 | 000,028,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll MOD - [2009/07/16 15:35:30 | 000,027,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll MOD - [2009/07/16 15:35:20 | 000,363,792 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\qtxml4.dll MOD - [2009/07/16 15:35:08 | 011,311,888 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll MOD - [2009/07/16 15:34:56 | 000,199,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\qtsql4.dll MOD - [2009/07/16 15:34:46 | 000,475,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll MOD - [2009/07/16 15:34:34 | 000,968,976 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll MOD - [2009/07/16 15:34:22 | 007,704,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll MOD - [2009/07/16 15:34:22 | 002,140,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll MOD - [2009/07/16 15:34:12 | 000,291,600 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/04/21 18:25:39 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService) SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/05/05 10:37:21 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/04/16 17:49:06 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\SeaPort.EXE -- (BBUpdate) SRV - [2012/04/16 17:49:06 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BBSvc.EXE -- (BBSvc) SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012/03/19 12:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011/10/31 14:53:44 | 000,251,760 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012/03/09 10:57:36 | 000,023,816 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter) DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2011/12/05 20:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2011/07/20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/06/02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011/06/02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2011/06/02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010/05/15 12:11:48 | 001,327,520 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2010/05/05 16:38:26 | 000,014,592 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger) DRV:64bit: - [2009/11/24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009/11/24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam E3500(UVC) DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2007/10/03 07:42:00 | 000,078,952 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp) DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A 6D 39 86 D5 1F CD 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d} - C:\Program Files (x86)\Nectar Search Toolbar\Helper.dll () IE - HKCU\..\SearchScopes,DefaultScope = {C76E7B3E-63CB-4631-BD31-D7B54ED128CC} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{300AC705-5124-4AC4-8CF7-A6FA705ABA8C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{C76E7B3E-63CB-4631-BD31-D7B54ED128CC}: "URL" = http://uk.search.yahoo.com/search?ourmark=4&ei=utf-8&fr=nectar-tb-v2&slv8-&type=61465&p={searchTerms}&partnerId= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kkthnx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kkthnx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/12 09:20:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/27 08:34:08 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Kkthnx\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kkthnx\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kkthnx\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Kkthnx\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Kkthnx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Kkthnx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Kkthnx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AVG Safe Search = C:\Users\Kkthnx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\ CHR - Extension: AVG Do Not Track = C:\Users\Kkthnx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ CHR - Extension: Gmail = C:\Users\Kkthnx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ Hosts file not found O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Nectar Search Toolbar BHO) - {B7C2F0D8-2209-4693-A15D-5A537211D48B} - C:\Program Files (x86)\Nectar Search Toolbar\Toolbar.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Nectar Search Toolbar) - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files (x86)\Nectar Search Toolbar\Toolbar.dll () O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Nectar Search Toolbar) - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files (x86)\Nectar Search Toolbar\Toolbar.dll () O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.) O4 - Startup: C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Network USB Hub Control Center.lnk = File not found O4 - Startup: C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.) O4 - Startup: C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE () O4 - Startup: C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EF0DD38-316B-4ED7-B4ED-BDFD0E35207D}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/03/19 20:22:44 | 000,000,175 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{bf3cf6e4-8bbe-11e1-b12d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{bf3cf6e4-8bbe-11e1-b12d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2010/03/20 02:00:10 | 000,464,248 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{bf3cf6e4-8bbe-11e1-b12d-806e6f6e6963}\Shell\configure\command - "" = E:\setup.exe -- [2010/03/20 02:00:10 | 000,464,248 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{bf3cf6e4-8bbe-11e1-b12d-806e6f6e6963}\Shell\install\command - "" = E:\setup.exe -- [2010/03/20 02:00:10 | 000,464,248 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/16 19:25:45 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Kkthnx\Desktop\OTL.exe [2012/06/16 19:23:39 | 000,000,000 | ---D | C] -- C:\ARK [2012/06/16 19:21:57 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kkthnx\Desktop\tdsskiller.exe [2012/06/16 19:20:13 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Kkthnx\Desktop\aswMBR.exe [2012/06/16 19:15:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/06/16 19:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2012/06/16 19:14:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2012/06/16 17:04:52 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{EAB5EA8B-F283-4E02-8E29-65A8D25221F0} [2012/06/15 05:55:15 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/06/15 05:55:15 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/06/15 05:55:14 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/06/15 05:55:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/06/15 05:55:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/06/15 05:55:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/06/15 05:55:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/06/15 05:55:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/06/15 05:55:09 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/06/15 05:55:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/06/15 05:55:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/06/15 05:55:09 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/06/15 05:55:09 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/06/15 05:54:32 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/06/15 05:54:32 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/06/15 05:54:31 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/06/15 05:54:23 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012/06/15 05:54:22 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012/06/15 05:54:18 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012/06/15 05:54:18 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012/06/15 05:54:18 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012/06/15 05:53:46 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012/06/14 15:59:34 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{80924590-969B-4420-B4F7-B883B65C2F6B} [2012/06/14 03:59:10 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{53A6CB1C-103E-4DB9-A1A2-677245F51E95} [2012/06/13 15:58:46 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{3BAA178D-3C2B-4F2B-BF4C-E5F23ACF7B72} [2012/06/13 03:58:22 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{A9279328-50C5-487E-A25F-AD8F461650FD} [2012/06/12 15:57:58 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{A1B8270F-8EE6-486C-BAC5-C97E00CE10DD} [2012/06/12 13:49:37 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nectar Search Toolbar [2012/06/12 13:49:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nectar Search Toolbar [2012/06/12 09:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/06/12 03:57:35 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{64C413CB-2B5C-4911-8EF0-913AD6B334EE} [2012/06/11 15:57:11 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{B0D9E510-0FBD-409F-A87D-A0C5AAF70B3B} [2012/06/11 03:56:47 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{F6BAD160-21BA-4765-AF0D-0AEBDE9F93C4} [2012/06/10 22:15:45 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\Desktop\Wedding [2012/06/10 19:45:07 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft [2012/06/10 19:44:44 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\Desktop\Application Files [2012/06/10 15:56:15 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{3812001B-B939-4C0E-A158-692A1F9AE27D} [2012/06/10 15:56:03 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{B1A567E7-8194-414E-A4A3-FD7E9538ED9F} [2012/06/10 15:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legends of Norrath [2012/06/09 11:48:47 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{EA351766-0BE1-441F-BF9D-EB3EE56734A6} [2012/06/09 11:48:35 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{6F8326E6-EF10-4885-966D-EF07678C653B} [2012/06/06 20:52:24 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Roaming\AVG [2012/06/06 20:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012/06/06 20:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011 [2012/06/01 18:37:14 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\Documents\Albelli Photo books [2012/06/01 18:37:09 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Albelli Photo books [2012/06/01 18:37:08 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\Albelli Photo books [2012/06/01 08:34:20 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{1FB0A941-BB83-44FC-9193-E2EA8DFA4007} [2012/06/01 08:34:09 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{875DA443-92D4-4189-B0B5-36B787C8A974} [2012/05/31 20:33:56 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{4FB20D5E-F1F3-457B-AB50-C80B9C89E8AE} [2012/05/31 20:33:44 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{7E826CF9-ECEB-4EFD-8A18-48817DD5A570} [2012/05/31 08:33:19 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{AD897653-D109-44AC-9908-CB01A91A6CE1} [2012/05/31 08:33:07 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{29F2AB1B-1C76-475B-923B-D394CA5698D7} [2012/05/30 20:32:41 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{877F431C-6A28-48A7-ABE2-2A59ABC4095C} [2012/05/30 20:32:29 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{6B06B411-C7BF-4957-BD2A-A0955E78F7A5} [2012/05/30 17:03:10 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012/05/30 08:32:04 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{7C4CE855-E92D-44B8-A811-7A384FC418A7} [2012/05/30 08:31:52 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{CCDFBDB9-D5D6-4EF5-9A0B-01A83953D2A8} [2012/05/29 20:31:40 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{690C766D-D451-4448-895D-6C469D2857AD} [2012/05/29 20:31:28 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{EA65894B-F840-4CCC-A152-BCEB2AD953E1} [2012/05/29 08:31:16 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{9DE8523E-A0F6-4A8E-8340-10A44DF1C8E5} [2012/05/28 20:30:52 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{F5333B40-0B59-4473-951E-11F5521F66B4} [2012/05/28 20:30:41 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{DBC8330C-A2D9-4EFF-B79F-59F518B5EF4F} [2012/05/28 20:30:19 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{8070981D-FACC-409F-8A97-87CA25D9C860} [2012/05/28 08:30:06 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{A3739A5B-DA57-44EE-8D0E-330E0F5D4A43} [2012/05/28 08:29:56 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{E054B536-534A-4F16-BCC0-530C517B389A} [2012/05/28 08:29:45 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{71E08792-9D45-47FD-85E6-D95B2846334A} [2012/05/27 20:29:21 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{135E3856-3A43-4B82-AD6A-3C44F41A0C2C} [2012/05/27 20:29:10 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{CFA0DCC5-EAEA-43D3-B9E6-59F3C40DB660} [2012/05/27 20:28:59 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{7641D7AF-1711-4D6D-9A5B-D54A87453F96} [2012/05/27 08:28:32 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{3CA5186F-0D45-4519-962E-F2A050352638} [2012/05/26 20:28:08 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{27917BFD-DA29-4125-8C6E-384816AA05C4} [2012/05/26 20:27:57 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{82CB98CB-63B0-426E-BADA-435AE9DBC2BD} [2012/05/26 20:27:36 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{D3702EA3-BFCB-4A94-B579-A2FEEC7B4AA1} [2012/05/26 08:27:23 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{A8CAEB68-8C73-4C92-957A-6921F45E1979} [2012/05/26 08:27:13 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{6B194D85-353E-4B2F-8897-651F9D9AD435} [2012/05/26 08:26:51 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{4417638D-B136-4106-90DE-AC9A666AFD2F} [2012/05/25 20:26:38 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{85CB08FE-77C2-40AD-9B82-8149D9F84CE1} [2012/05/25 20:26:27 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{87F8ADC1-0016-4925-8B08-DE8FA11AC1F1} [2012/05/25 16:09:33 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/05/25 08:26:03 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{D58E5D09-E434-42E4-B6D3-7F64BC746BE0} [2012/05/25 08:25:52 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{B9DFA5BC-3285-4218-9C48-DD57862ECFBF} [2012/05/25 08:25:30 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{56EB12FC-5775-490E-AF60-1C73BD46026C} [2012/05/24 20:25:17 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{61CE10B6-96BB-44D2-8BA8-51FC8A129DAC} [2012/05/24 20:25:06 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{CA6683AD-5DEC-4128-8C3A-D0D822587BC0} [2012/05/24 08:24:42 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{01743EAD-47D0-4AC0-9F19-1823D2A5F947} [2012/05/23 20:24:14 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{2D697A99-95AB-4406-9F6D-27EAEAC8EBE9} [2012/05/23 20:23:58 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{C2A7B10F-B7C4-4237-A2F1-A93F94402CED} [2012/05/23 20:23:39 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{1C7F2A2B-88F9-4C48-9882-C03F32A67551} [2012/05/22 18:15:20 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{E26918E7-1922-4267-98CE-4A2C7D3B50DB} [2012/05/22 18:15:09 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{DFF4CB0F-33ED-4262-937B-499AE2531910} [2012/05/22 06:14:43 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{A3B71060-FE5B-4E56-8CD2-1FDD93B6CF11} [2012/05/22 06:14:32 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{0BC81C66-07D3-484D-BB22-F3B067FDA546} [2012/05/21 18:14:07 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{0725E74A-5CAC-4B37-AD39-91DF3C2FC5E2} [2012/05/21 18:13:56 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{FC1B5D96-9CDD-4AA1-910B-42F1A5A01253} [2012/05/21 18:13:45 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{4FB162A3-4A08-4F48-8071-9B44CB6A92C1} [2012/05/21 06:13:22 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{2A834925-768F-4CD4-A02C-9987EE041311} [2012/05/21 06:13:11 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{E5CBAEF8-24AE-45F6-B34B-AEDFC807881B} [2012/05/21 06:13:00 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{818C98E9-9163-4B63-B675-722F1DCECFD0} [2012/05/20 18:12:37 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{0C345EE1-50F9-44C7-95E8-083BF8A750FA} [2012/05/20 18:12:26 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{06FDC4DD-6927-4D69-8FAA-7480FCE5B919} [2012/05/20 18:12:15 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{4861B13B-017C-4762-92BA-83A060CE4493} [2012/05/20 18:12:03 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{F5F22E01-72C6-4821-B57A-16C520790922} [2012/05/20 15:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync [2012/05/20 15:17:27 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012/05/20 15:06:58 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\Htc [2012/05/20 14:34:34 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Roaming\HTC [2012/05/20 14:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC [2012/05/20 14:25:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications [2012/05/20 14:24:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC [2012/05/20 14:24:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2012/05/20 14:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012/05/20 06:11:38 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{9128DA31-E64E-48AE-9E2A-666174BD5079} [2012/05/20 06:11:27 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{3FFE2030-FAE3-4586-B0E6-7BFAB44945C4} [2012/05/19 18:11:14 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{EBA008BE-DD9F-433A-9156-E8BF4EB4AF9D} [2012/05/19 18:11:03 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{BFB54227-D70C-42BA-BB2B-BB25E5BB5F32} [2012/05/18 04:26:57 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{7B96D8CA-5D60-4F96-A5EA-9DA19D646AB7} [2012/05/18 04:26:46 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{D26AA30E-BCAE-4E23-A98D-5140AF3E413A} [2 C:\Users\Kkthnx\Documents\*.tmp files -> C:\Users\Kkthnx\Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/16 19:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/06/16 19:27:07 | 000,000,512 | ---- | M] () -- C:\Users\Kkthnx\Desktop\MBR.dat [2012/06/16 19:25:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kkthnx\Desktop\OTL.exe [2012/06/16 19:21:57 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kkthnx\Desktop\tdsskiller.exe [2012/06/16 19:21:57 | 000,014,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/16 19:21:57 | 000,014,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/16 19:20:13 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Kkthnx\Desktop\aswMBR.exe [2012/06/16 19:14:46 | 000,001,104 | ---- | M] () -- C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2012/06/16 19:14:37 | 000,000,924 | ---- | M] () -- C:\Users\Kkthnx\Desktop\NTREGOPT.lnk [2012/06/16 19:14:37 | 000,000,905 | ---- | M] () -- C:\Users\Kkthnx\Desktop\ERUNT.lnk [2012/06/16 19:14:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1779838713-1673122979-475417329-1001UA.job [2012/06/16 18:57:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/16 18:57:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/16 18:13:54 | 000,213,050 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/06/16 17:06:55 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/16 17:06:55 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/16 17:06:55 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/16 16:56:48 | 000,416,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/06/16 16:56:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/16 16:56:14 | 4287,930,366 | -HS- | M] () -- C:\hiberfil.sys [2012/06/16 12:04:33 | 000,014,848 | ---- | M] () -- C:\Users\Kkthnx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/06/16 09:49:52 | 100,503,311 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/06/15 16:14:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1779838713-1673122979-475417329-1001Core.job [2012/06/13 18:03:28 | 003,618,206 | ---- | M] () -- C:\Users\Kkthnx\Desktop\DSC01213.JPG [2012/06/12 09:20:22 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/06/10 17:40:33 | 000,034,764 | ---- | M] () -- C:\Users\Kkthnx\AppData\Local\dt.dat [2012/06/10 16:16:20 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\Legends of Norrath.lnk [2012/06/06 20:51:21 | 000,001,166 | ---- | M] () -- C:\Users\Kkthnx\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk [2012/06/03 18:10:45 | 000,000,335 | ---- | M] () -- C:\Windows\mozregistry.dat [2012/06/02 06:17:21 | 000,059,329 | ---- | M] () -- C:\Users\Kkthnx\Desktop\Safe.2012.RC.BDRip.XviD.AC3.5-1.HQ.Hive-CM8(1).torrent [2012/06/01 18:46:30 | 000,006,952 | ---- | M] () -- C:\Users\Kkthnx\Desktop\fortescue-coat-of-arms-98fix.jpg [2012/06/01 18:45:53 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2012/06/01 18:44:29 | 000,028,427 | ---- | M] () -- C:\Users\Kkthnx\Desktop\fortescue-coat-of-arms-98.jpg [2012/06/01 18:42:34 | 000,043,191 | ---- | M] () -- C:\Users\Kkthnx\Desktop\fortescue_family_crest_speckcase-p176286186643536524vu1z1_400.jpg [2012/06/01 18:42:27 | 000,008,006 | ---- | M] () -- C:\Users\Kkthnx\Desktop\fortescue2.jpg [2012/06/01 18:37:13 | 000,001,908 | ---- | M] () -- C:\Users\Kkthnx\Desktop\Albelli Photo books.lnk [2012/06/01 16:05:20 | 000,033,385 | ---- | M] () -- C:\Users\Kkthnx\Desktop\random.jpg [2012/05/31 19:52:43 | 000,050,336 | ---- | M] () -- C:\Users\Kkthnx\Desktop\Bang.Bus.37.2012.XXX.DVDRip.XviD-CiCXXX.torrent [2012/05/31 17:58:45 | 000,002,398 | ---- | M] () -- C:\Users\Kkthnx\Desktop\Men In Black 3 2012 PROPER TS Xvid New Video UnKnOwN.torrent [2012/05/30 21:10:07 | 000,064,795 | ---- | M] () -- C:\Users\Kkthnx\Desktop\Man.on.a.Ledge.2012.BDRip.XVID.AC3.HQ.Hive-CM8.torrent [2012/05/30 20:39:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2012/05/30 20:34:45 | 000,007,600 | ---- | M] () -- C:\Users\Kkthnx\AppData\Local\resmon.resmoncfg [2012/05/30 20:23:19 | 1138,312,663 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/05/27 14:09:06 | 000,000,107 | ---- | M] () -- C:\Windows\Zones.ini [2012/05/20 15:39:08 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk [2012/05/20 15:05:02 | 000,001,437 | ---- | M] () -- C:\Users\Kkthnx\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/05/18 03:06:48 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/05/18 02:58:39 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/05/18 02:58:15 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/05/18 02:55:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/05/18 02:55:06 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/05/18 02:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/05/18 02:47:42 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/05/17 23:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/05/17 23:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/05/17 23:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/05/17 23:29:30 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/05/17 23:25:17 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/05/17 23:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2 C:\Users\Kkthnx\Documents\*.tmp files -> C:\Users\Kkthnx\Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/16 19:27:07 | 000,000,512 | ---- | C] () -- C:\Users\Kkthnx\Desktop\MBR.dat [2012/06/16 19:14:46 | 000,001,104 | ---- | C] () -- C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2012/06/16 19:14:37 | 000,000,924 | ---- | C] () -- C:\Users\Kkthnx\Desktop\NTREGOPT.lnk [2012/06/16 19:14:37 | 000,000,905 | ---- | C] () -- C:\Users\Kkthnx\Desktop\ERUNT.lnk [2012/06/13 18:04:49 | 003,618,206 | ---- | C] () -- C:\Users\Kkthnx\Desktop\DSC01213.JPG [2012/06/10 17:40:33 | 000,034,764 | ---- | C] () -- C:\Users\Kkthnx\AppData\Local\dt.dat [2012/06/10 15:39:22 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\Legends of Norrath.lnk [2012/06/06 20:51:21 | 000,001,166 | ---- | C] () -- C:\Users\Kkthnx\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk [2012/06/03 18:10:45 | 000,000,335 | ---- | C] () -- C:\Windows\mozregistry.dat [2012/06/02 06:17:21 | 000,059,329 | ---- | C] () -- C:\Users\Kkthnx\Desktop\Safe.2012.RC.BDRip.XviD.AC3.5-1.HQ.Hive-CM8(1).torrent [2012/06/01 18:50:02 | 000,008,006 | ---- | C] () -- C:\Users\Kkthnx\Desktop\fortescue2.jpg [2012/06/01 18:46:30 | 000,006,952 | ---- | C] () -- C:\Users\Kkthnx\Desktop\fortescue-coat-of-arms-98fix.jpg [2012/06/01 18:44:57 | 000,028,427 | ---- | C] () -- C:\Users\Kkthnx\Desktop\fortescue-coat-of-arms-98.jpg [2012/06/01 18:42:45 | 000,043,191 | ---- | C] () -- C:\Users\Kkthnx\Desktop\fortescue_family_crest_speckcase-p176286186643536524vu1z1_400.jpg [2012/06/01 18:37:13 | 000,001,908 | ---- | C] () -- C:\Users\Kkthnx\Desktop\Albelli Photo books.lnk [2012/06/01 16:02:08 | 000,033,385 | ---- | C] () -- C:\Users\Kkthnx\Desktop\random.jpg [2012/05/31 19:52:43 | 000,050,336 | ---- | C] () -- C:\Users\Kkthnx\Desktop\Bang.Bus.37.2012.XXX.DVDRip.XviD-CiCXXX.torrent [2012/05/31 17:58:45 | 000,002,398 | ---- | C] () -- C:\Users\Kkthnx\Desktop\Men In Black 3 2012 PROPER TS Xvid New Video UnKnOwN.torrent [2012/05/30 21:10:07 | 000,064,795 | ---- | C] () -- C:\Users\Kkthnx\Desktop\Man.on.a.Ledge.2012.BDRip.XVID.AC3.HQ.Hive-CM8.torrent [2012/05/30 20:23:19 | 1138,312,663 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/05/27 14:08:51 | 000,000,107 | ---- | C] () -- C:\Windows\Zones.ini [2012/05/25 16:09:19 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1779838713-1673122979-475417329-1001UA.job [2012/05/25 16:09:18 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1779838713-1673122979-475417329-1001Core.job [2012/05/21 20:53:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2012/05/20 15:39:08 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk [2012/05/08 21:50:23 | 000,007,600 | ---- | C] () -- C:\Users\Kkthnx\AppData\Local\resmon.resmoncfg [2012/04/27 19:48:55 | 000,186,844 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012/04/22 19:57:28 | 000,014,848 | ---- | C] () -- C:\Users\Kkthnx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/04/21 18:25:12 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012/04/21 17:20:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012/04/21 17:07:34 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/03/09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/03/09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/03/02 07:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011/03/02 07:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011/03/02 07:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011/03/02 07:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011/03/02 07:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll ========== LOP Check ========== [2012/06/06 20:53:31 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\AVG [2012/04/21 19:38:50 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\AVG2012 [2012/05/20 15:07:05 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\HTC [2012/05/20 15:17:27 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012/04/21 18:54:02 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\Leadertech [2012/05/09 00:00:25 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\NASNaviator2 [2012/04/22 19:57:08 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\Research In Motion [2012/05/16 17:36:45 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\Samsung [2012/04/28 16:14:30 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\TeamViewer [2012/05/16 18:37:56 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\Temp [2012/04/28 14:34:43 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\ts3overlay [2012/05/06 14:43:48 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\Windows Live Writer [2009/07/14 06:08:49 | 000,009,046 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0B4227B4 < End of report > OTL Extras logfile created on: 16/06/2012 19:39:21 - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Kkthnx\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 15.99 Gb Total Physical Memory | 11.15 Gb Available Physical Memory | 69.74% Memory free 31.98 Gb Paging File | 26.26 Gb Available in Paging File | 82.12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.66 Gb Total Space | 251.92 Gb Free Space | 54.10% Space Free | Partition Type: NTFS Drive D: | 233.76 Gb Total Space | 11.62 Gb Free Space | 4.97% Space Free | Partition Type: NTFS Drive E: | 1.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive F: | 917.07 Gb Total Space | 467.70 Gb Free Space | 51.00% Space Free | Partition Type: NTFS Drive G: | 917.07 Gb Total Space | 625.00 Gb Free Space | 68.15% Space Free | Partition Type: NTFS Drive H: | 451.41 Gb Total Space | 398.90 Gb Free Space | 88.37% Space Free | Partition Type: NTFS Drive I: | 358.28 Gb Total Space | 234.73 Gb Free Space | 65.52% Space Free | Partition Type: NTFS Drive J: | 3696.91 Gb Total Space | 3621.68 Gb Free Space | 97.97% Space Free | Partition Type: NTFS Drive K: | 358.28 Gb Total Space | 234.73 Gb Free Space | 65.52% Space Free | Partition Type: NTFS Drive L: | 1.83 Gb Total Space | 1.82 Gb Free Space | 99.40% Space Free | Partition Type: FAT -
Random loss of access to certain webpages and lag.
kkthnx replied to kkthnx's topic in Resolved Malware Removal Logs
GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-16 19:36:28 Windows 6.1.7601 Service Pack 1 Running: 2022s9hg.exe ---- Files - GMER 1.0.15 ---- File C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Cookies\D7ONDCB1.txt 0 bytes File C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Cookies\31XM5UUP.txt 0 bytes ---- EOF - GMER 1.0.15 ---- -
Random loss of access to certain webpages and lag.
kkthnx replied to kkthnx's topic in Resolved Malware Removal Logs
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-16 19:20:42 ----------------------------- 19:20:42.432 OS Version: Windows x64 6.1.7601 Service Pack 1 19:20:42.432 Number of processors: 4 586 0x2505 19:20:42.433 ComputerName: KKTHNX-PC UserName: Kkthnx 19:20:43.391 Initialize success 19:21:43.860 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 19:21:43.861 Disk 0 Vendor: Maxtor_6Y250M0 YAR511W0 Size: 239372MB BusType: 3 19:21:43.863 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4 19:21:43.864 Disk 1 Vendor: WDC_WD5000AAKX-001CA0 15.01H15 Size: 476940MB BusType: 3 19:21:43.871 Disk 1 MBR read successfully 19:21:43.872 Disk 1 MBR scan 19:21:43.874 Disk 1 Windows 7 default MBR code 19:21:43.877 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 19:21:43.888 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848 19:21:43.910 Disk 1 scanning C:\Windows\system32\drivers 19:21:49.541 Service scanning 19:22:01.472 Modules scanning 19:22:01.478 Scan finished successfully 19:27:07.377 Disk 1 MBR has been saved successfully to "C:\Users\Kkthnx\Desktop\MBR.dat" 19:27:07.384 The log file has been saved successfully to "C:\Users\Kkthnx\Desktop\aswMBR.txt" Fix wasn't clickable. 19:22:10.0143 4456 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31 19:22:10.0252 4456 ============================================================ 19:22:10.0252 4456 Current date / time: 2012/06/16 19:22:10.0252 19:22:10.0252 4456 SystemInfo: 19:22:10.0252 4456 19:22:10.0252 4456 OS Version: 6.1.7601 ServicePack: 1.0 19:22:10.0252 4456 Product type: Workstation 19:22:10.0252 4456 ComputerName: KKTHNX-PC 19:22:10.0252 4456 UserName: Kkthnx 19:22:10.0252 4456 Windows directory: C:\Windows 19:22:10.0252 4456 System windows directory: C:\Windows 19:22:10.0252 4456 Running under WOW64 19:22:10.0252 4456 Processor architecture: Intel x64 19:22:10.0252 4456 Number of processors: 4 19:22:10.0252 4456 Page size: 0x1000 19:22:10.0252 4456 Boot type: Normal boot 19:22:10.0252 4456 ============================================================ 19:22:11.0059 4456 Drive \Device\Harddisk0\DR0 - Size: 0x3A70C70000 (233.76 Gb), SectorSize: 0x200, Cylinders: 0x7733, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:22:11.0070 4456 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:22:11.0136 4456 Drive \Device\Harddisk5\DR5 - Size: 0x75400000 (1.83 Gb), SectorSize: 0x200, Cylinders: 0xEF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 19:22:11.0140 4456 ============================================================ 19:22:11.0140 4456 \Device\Harddisk0\DR0: 19:22:11.0140 4456 MBR partitions: 19:22:11.0140 4456 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D385000 19:22:11.0140 4456 \Device\Harddisk1\DR1: 19:22:11.0140 4456 MBR partitions: 19:22:11.0140 4456 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 19:22:11.0140 4456 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000 19:22:11.0140 4456 \Device\Harddisk5\DR5: 19:22:11.0145 4456 MBR partitions: 19:22:11.0145 4456 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x6, StartLBA 0x200B, BlocksNum 0x3A7FF5 19:22:11.0145 4456 ============================================================ 19:22:11.0181 4456 C: <-> \Device\Harddisk1\DR1\Partition1 19:22:11.0219 4456 D: <-> \Device\Harddisk0\DR0\Partition0 19:22:11.0219 4456 ============================================================ 19:22:11.0219 4456 Initialize success 19:22:11.0219 4456 ============================================================ 19:22:46.0394 3012 ============================================================ 19:22:46.0394 3012 Scan started 19:22:46.0394 3012 Mode: Manual; SigCheck; TDLFS; 19:22:46.0394 3012 ============================================================ 19:22:47.0153 3012 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 19:22:47.0203 3012 1394ohci - ok 19:22:47.0228 3012 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 19:22:47.0240 3012 ACPI - ok 19:22:47.0273 3012 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 19:22:47.0287 3012 AcpiPmi - ok 19:22:47.0343 3012 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 19:22:47.0349 3012 AdobeARMservice - ok 19:22:47.0431 3012 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 19:22:47.0441 3012 AdobeFlashPlayerUpdateSvc - ok 19:22:47.0482 3012 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 19:22:47.0497 3012 adp94xx - ok 19:22:47.0522 3012 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 19:22:47.0534 3012 adpahci - ok 19:22:47.0548 3012 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 19:22:47.0558 3012 adpu320 - ok 19:22:47.0580 3012 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 19:22:47.0609 3012 AeLookupSvc - ok 19:22:47.0659 3012 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 19:22:47.0693 3012 AFD - ok 19:22:47.0722 3012 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 19:22:47.0731 3012 agp440 - ok 19:22:47.0779 3012 AiCharger (254a19686e9c8e1b59ac06b7fd1e753c) C:\Windows\system32\DRIVERS\AiCharger.sys 19:22:47.0788 3012 AiCharger - ok 19:22:47.0804 3012 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 19:22:47.0824 3012 ALG - ok 19:22:47.0851 3012 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 19:22:47.0859 3012 aliide - ok 19:22:47.0894 3012 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe 19:22:47.0922 3012 AMD External Events Utility - ok 19:22:47.0930 3012 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 19:22:47.0937 3012 amdide - ok 19:22:47.0979 3012 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 19:22:48.0005 3012 AmdK8 - ok 19:22:48.0257 3012 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys 19:22:48.0425 3012 amdkmdag - ok 19:22:48.0524 3012 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys 19:22:48.0556 3012 amdkmdap - ok 19:22:48.0588 3012 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 19:22:48.0602 3012 AmdPPM - ok 19:22:48.0642 3012 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 19:22:48.0651 3012 amdsata - ok 19:22:48.0667 3012 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 19:22:48.0680 3012 amdsbs - ok 19:22:48.0690 3012 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 19:22:48.0700 3012 amdxata - ok 19:22:48.0740 3012 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 19:22:48.0778 3012 AppID - ok 19:22:48.0794 3012 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 19:22:48.0823 3012 AppIDSvc - ok 19:22:48.0869 3012 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 19:22:48.0914 3012 Appinfo - ok 19:22:48.0987 3012 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 19:22:48.0997 3012 Apple Mobile Device - ok 19:22:49.0049 3012 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 19:22:49.0062 3012 arc - ok 19:22:49.0072 3012 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 19:22:49.0082 3012 arcsas - ok 19:22:49.0112 3012 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 19:22:49.0153 3012 AsyncMac - ok 19:22:49.0187 3012 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 19:22:49.0198 3012 atapi - ok 19:22:49.0243 3012 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys 19:22:49.0252 3012 AtiHDAudioService - ok 19:22:49.0324 3012 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 19:22:49.0368 3012 AudioEndpointBuilder - ok 19:22:49.0373 3012 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 19:22:49.0412 3012 AudioSrv - ok 19:22:49.0591 3012 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe 19:22:49.0665 3012 AVGIDSAgent - ok 19:22:49.0746 3012 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys 19:22:49.0753 3012 AVGIDSDriver - ok 19:22:49.0763 3012 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys 19:22:49.0769 3012 AVGIDSFilter - ok 19:22:49.0787 3012 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys 19:22:49.0794 3012 AVGIDSHA - ok 19:22:49.0817 3012 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys 19:22:49.0826 3012 Avgldx64 - ok 19:22:49.0842 3012 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys 19:22:49.0848 3012 Avgmfx64 - ok 19:22:49.0871 3012 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys 19:22:49.0877 3012 Avgrkx64 - ok 19:22:49.0920 3012 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys 19:22:49.0932 3012 Avgtdia - ok 19:22:49.0999 3012 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe 19:22:50.0007 3012 avgwd - ok 19:22:50.0048 3012 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 19:22:50.0075 3012 AxInstSV - ok 19:22:50.0123 3012 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 19:22:50.0151 3012 b06bdrv - ok 19:22:50.0194 3012 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 19:22:50.0232 3012 b57nd60a - ok 19:22:50.0301 3012 BBSvc (ceabb1e93186e7056ea46cbad8f8fd85) C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BBSvc.exe 19:22:50.0311 3012 BBSvc - ok 19:22:50.0327 3012 BBUpdate (c0d34db1235b6a5c3df5a5c212d67f73) C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\SeaPort.exe 19:22:50.0338 3012 BBUpdate - ok 19:22:50.0366 3012 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 19:22:50.0384 3012 BDESVC - ok 19:22:50.0395 3012 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 19:22:50.0426 3012 Beep - ok 19:22:50.0487 3012 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 19:22:50.0534 3012 BFE - ok 19:22:50.0590 3012 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 19:22:50.0636 3012 BITS - ok 19:22:50.0687 3012 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 19:22:50.0696 3012 blbdrive - ok 19:22:50.0801 3012 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 19:22:50.0811 3012 Bonjour Service - ok 19:22:50.0850 3012 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 19:22:50.0858 3012 bowser - ok 19:22:50.0888 3012 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:22:50.0919 3012 BrFiltLo - ok 19:22:50.0921 3012 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:22:50.0932 3012 BrFiltUp - ok 19:22:50.0973 3012 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 19:22:51.0014 3012 Browser - ok 19:22:51.0036 3012 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 19:22:51.0048 3012 Brserid - ok 19:22:51.0052 3012 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 19:22:51.0073 3012 BrSerWdm - ok 19:22:51.0076 3012 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 19:22:51.0090 3012 BrUsbMdm - ok 19:22:51.0095 3012 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 19:22:51.0109 3012 BrUsbSer - ok 19:22:51.0156 3012 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 19:22:51.0179 3012 BthEnum - ok 19:22:51.0201 3012 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 19:22:51.0217 3012 BTHMODEM - ok 19:22:51.0237 3012 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 19:22:51.0260 3012 BthPan - ok 19:22:51.0296 3012 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 19:22:51.0327 3012 BTHPORT - ok 19:22:51.0356 3012 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 19:22:51.0384 3012 bthserv - ok 19:22:51.0397 3012 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 19:22:51.0417 3012 BTHUSB - ok 19:22:51.0440 3012 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 19:22:51.0468 3012 cdfs - ok 19:22:51.0509 3012 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 19:22:51.0529 3012 cdrom - ok 19:22:51.0566 3012 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 19:22:51.0613 3012 CertPropSvc - ok 19:22:51.0622 3012 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 19:22:51.0653 3012 circlass - ok 19:22:51.0695 3012 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 19:22:51.0708 3012 CLFS - ok 19:22:51.0766 3012 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:22:51.0775 3012 clr_optimization_v2.0.50727_32 - ok 19:22:51.0789 3012 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 19:22:51.0797 3012 clr_optimization_v2.0.50727_64 - ok 19:22:51.0861 3012 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:22:51.0869 3012 clr_optimization_v4.0.30319_32 - ok 19:22:51.0889 3012 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 19:22:51.0899 3012 clr_optimization_v4.0.30319_64 - ok 19:22:51.0933 3012 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 19:22:51.0946 3012 CmBatt - ok 19:22:51.0980 3012 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 19:22:51.0988 3012 cmdide - ok 19:22:52.0014 3012 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 19:22:52.0042 3012 CNG - ok 19:22:52.0050 3012 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 19:22:52.0057 3012 Compbatt - ok 19:22:52.0096 3012 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 19:22:52.0143 3012 CompositeBus - ok 19:22:52.0154 3012 COMSysApp - ok 19:22:52.0186 3012 cpuz135 (75dbd5db9892d7451d0429bec1aabe1a) C:\Windows\system32\drivers\cpuz135_x64.sys 19:22:52.0193 3012 cpuz135 - ok 19:22:52.0208 3012 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 19:22:52.0217 3012 crcdisk - ok 19:22:52.0265 3012 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 19:22:52.0277 3012 CryptSvc - ok 19:22:52.0311 3012 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys 19:22:52.0333 3012 dc3d - ok 19:22:52.0380 3012 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 19:22:52.0412 3012 DcomLaunch - ok 19:22:52.0452 3012 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 19:22:52.0499 3012 defragsvc - ok 19:22:52.0543 3012 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 19:22:52.0586 3012 DfsC - ok 19:22:52.0630 3012 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 19:22:52.0675 3012 Dhcp - ok 19:22:52.0697 3012 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 19:22:52.0734 3012 discache - ok 19:22:52.0761 3012 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 19:22:52.0770 3012 Disk - ok 19:22:52.0794 3012 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 19:22:52.0814 3012 Dnscache - ok 19:22:52.0861 3012 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 19:22:52.0912 3012 dot3svc - ok 19:22:52.0943 3012 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 19:22:52.0980 3012 DPS - ok 19:22:53.0005 3012 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 19:22:53.0016 3012 drmkaud - ok 19:22:53.0072 3012 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 19:22:53.0091 3012 DXGKrnl - ok 19:22:53.0112 3012 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 19:22:53.0154 3012 EapHost - ok 19:22:53.0254 3012 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 19:22:53.0320 3012 ebdrv - ok 19:22:53.0387 3012 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 19:22:53.0414 3012 EFS - ok 19:22:53.0494 3012 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 19:22:53.0509 3012 ehRecvr - ok 19:22:53.0529 3012 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 19:22:53.0539 3012 ehSched - ok 19:22:53.0587 3012 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 19:22:53.0603 3012 elxstor - ok 19:22:53.0627 3012 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 19:22:53.0649 3012 ErrDev - ok 19:22:53.0700 3012 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 19:22:53.0740 3012 EventSystem - ok 19:22:53.0759 3012 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 19:22:53.0794 3012 exfat - ok 19:22:53.0811 3012 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 19:22:53.0840 3012 fastfat - ok 19:22:53.0896 3012 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 19:22:53.0915 3012 Fax - ok 19:22:53.0919 3012 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 19:22:53.0933 3012 fdc - ok 19:22:53.0951 3012 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 19:22:53.0979 3012 fdPHost - ok 19:22:53.0989 3012 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 19:22:54.0042 3012 FDResPub - ok 19:22:54.0055 3012 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 19:22:54.0063 3012 FileInfo - ok 19:22:54.0072 3012 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 19:22:54.0105 3012 Filetrace - ok 19:22:54.0108 3012 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 19:22:54.0118 3012 flpydisk - ok 19:22:54.0159 3012 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 19:22:54.0172 3012 FltMgr - ok 19:22:54.0232 3012 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 19:22:54.0262 3012 FontCache - ok 19:22:54.0336 3012 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 19:22:54.0342 3012 FontCache3.0.0.0 - ok 19:22:54.0367 3012 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 19:22:54.0375 3012 FsDepends - ok 19:22:54.0397 3012 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys 19:22:54.0403 3012 fssfltr - ok 19:22:54.0508 3012 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 19:22:54.0553 3012 fsssvc - ok 19:22:54.0620 3012 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 19:22:54.0630 3012 Fs_Rec - ok 19:22:54.0669 3012 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 19:22:54.0681 3012 fvevol - ok 19:22:54.0706 3012 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 19:22:54.0715 3012 gagp30kx - ok 19:22:54.0750 3012 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 19:22:54.0755 3012 GEARAspiWDM - ok 19:22:54.0817 3012 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 19:22:54.0851 3012 gpsvc - ok 19:22:54.0921 3012 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:22:54.0928 3012 gupdate - ok 19:22:54.0932 3012 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:22:54.0939 3012 gupdatem - ok 19:22:54.0968 3012 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 19:22:54.0976 3012 gusvc - ok 19:22:55.0004 3012 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 19:22:55.0017 3012 hcw85cir - ok 19:22:55.0065 3012 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 19:22:55.0089 3012 HdAudAddService - ok 19:22:55.0148 3012 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 19:22:55.0185 3012 HDAudBus - ok 19:22:55.0188 3012 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 19:22:55.0200 3012 HidBatt - ok 19:22:55.0205 3012 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 19:22:55.0223 3012 HidBth - ok 19:22:55.0244 3012 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 19:22:55.0269 3012 HidIr - ok 19:22:55.0297 3012 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 19:22:55.0337 3012 hidserv - ok 19:22:55.0377 3012 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 19:22:55.0387 3012 HidUsb - ok 19:22:55.0426 3012 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 19:22:55.0464 3012 hkmsvc - ok 19:22:55.0501 3012 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 19:22:55.0535 3012 HomeGroupListener - ok 19:22:55.0569 3012 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 19:22:55.0588 3012 HomeGroupProvider - ok 19:22:55.0630 3012 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 19:22:55.0639 3012 HpSAMD - ok 19:22:55.0665 3012 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys 19:22:55.0676 3012 HTCAND64 - ok 19:22:55.0716 3012 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys 19:22:55.0722 3012 htcnprot - ok 19:22:55.0792 3012 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 19:22:55.0854 3012 HTTP - ok 19:22:55.0884 3012 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 19:22:55.0892 3012 hwpolicy - ok 19:22:55.0929 3012 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 19:22:55.0938 3012 i8042prt - ok 19:22:55.0994 3012 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 19:22:56.0008 3012 iaStorV - ok 19:22:56.0102 3012 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:22:56.0118 3012 idsvc - ok 19:22:56.0139 3012 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 19:22:56.0148 3012 iirsp - ok 19:22:56.0206 3012 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 19:22:56.0270 3012 IKEEXT - ok 19:22:56.0292 3012 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 19:22:56.0300 3012 intelide - ok 19:22:56.0318 3012 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 19:22:56.0329 3012 intelppm - ok 19:22:56.0350 3012 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 19:22:56.0401 3012 IPBusEnum - ok 19:22:56.0431 3012 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:22:56.0459 3012 IpFilterDriver - ok 19:22:56.0502 3012 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 19:22:56.0557 3012 iphlpsvc - ok 19:22:56.0680 3012 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 19:22:56.0715 3012 IPMIDRV - ok 19:22:56.0741 3012 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 19:22:56.0776 3012 IPNAT - ok 19:22:56.0859 3012 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 19:22:56.0882 3012 iPod Service - ok 19:22:56.0906 3012 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 19:22:56.0933 3012 IRENUM - ok 19:22:56.0949 3012 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 19:22:56.0957 3012 isapnp - ok 19:22:56.0995 3012 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 19:22:57.0006 3012 iScsiPrt - ok 19:22:57.0027 3012 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 19:22:57.0036 3012 kbdclass - ok 19:22:57.0073 3012 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 19:22:57.0096 3012 kbdhid - ok 19:22:57.0128 3012 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:22:57.0136 3012 KeyIso - ok 19:22:57.0146 3012 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 19:22:57.0154 3012 KSecDD - ok 19:22:57.0173 3012 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 19:22:57.0183 3012 KSecPkg - ok 19:22:57.0200 3012 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 19:22:57.0228 3012 ksthunk - ok 19:22:57.0250 3012 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 19:22:57.0302 3012 KtmRm - ok 19:22:57.0347 3012 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 19:22:57.0392 3012 LanmanServer - ok 19:22:57.0430 3012 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 19:22:57.0475 3012 LanmanWorkstation - ok 19:22:57.0491 3012 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys 19:22:57.0497 3012 LGBusEnum - ok 19:22:57.0532 3012 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys 19:22:57.0537 3012 LGVirHid - ok 19:22:57.0586 3012 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 19:22:57.0631 3012 lltdio - ok 19:22:57.0669 3012 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 19:22:57.0714 3012 lltdsvc - ok 19:22:57.0736 3012 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 19:22:57.0764 3012 lmhosts - ok 19:22:57.0822 3012 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 19:22:57.0831 3012 LSI_FC - ok 19:22:57.0872 3012 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 19:22:57.0881 3012 LSI_SAS - ok 19:22:57.0893 3012 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:22:57.0901 3012 LSI_SAS2 - ok 19:22:57.0907 3012 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:22:57.0917 3012 LSI_SCSI - ok 19:22:57.0944 3012 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 19:22:57.0984 3012 luafv - ok 19:22:58.0024 3012 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys 19:22:58.0031 3012 LVPr2M64 - ok 19:22:58.0048 3012 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys 19:22:58.0054 3012 LVPr2Mon - ok 19:22:58.0120 3012 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 19:22:58.0128 3012 LVPrcS64 - ok 19:22:58.0170 3012 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys 19:22:58.0179 3012 LVRS64 - ok 19:22:58.0355 3012 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys 19:22:58.0441 3012 LVUVC64 - ok 19:22:58.0518 3012 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 19:22:58.0528 3012 Mcx2Svc - ok 19:22:58.0555 3012 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 19:22:58.0563 3012 megasas - ok 19:22:58.0584 3012 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 19:22:58.0596 3012 MegaSR - ok 19:22:58.0630 3012 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 19:22:58.0658 3012 MMCSS - ok 19:22:58.0668 3012 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 19:22:58.0715 3012 Modem - ok 19:22:58.0753 3012 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 19:22:58.0781 3012 monitor - ok 19:22:58.0814 3012 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 19:22:58.0822 3012 mouclass - ok 19:22:58.0826 3012 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 19:22:58.0846 3012 mouhid - ok 19:22:58.0874 3012 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 19:22:58.0882 3012 mountmgr - ok 19:22:58.0920 3012 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 19:22:58.0933 3012 mpio - ok 19:22:58.0944 3012 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 19:22:58.0972 3012 mpsdrv - ok 19:22:59.0033 3012 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 19:22:59.0073 3012 MpsSvc - ok 19:22:59.0110 3012 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 19:22:59.0139 3012 MRxDAV - ok 19:22:59.0166 3012 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 19:22:59.0187 3012 mrxsmb - ok 19:22:59.0207 3012 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:22:59.0227 3012 mrxsmb10 - ok 19:22:59.0246 3012 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:22:59.0254 3012 mrxsmb20 - ok 19:22:59.0295 3012 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 19:22:59.0305 3012 msahci - ok 19:22:59.0343 3012 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 19:22:59.0352 3012 msdsm - ok 19:22:59.0388 3012 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 19:22:59.0399 3012 MSDTC - ok 19:22:59.0423 3012 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 19:22:59.0451 3012 Msfs - ok 19:22:59.0461 3012 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 19:22:59.0490 3012 mshidkmdf - ok 19:22:59.0524 3012 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 19:22:59.0531 3012 msisadrv - ok 19:22:59.0566 3012 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 19:22:59.0617 3012 MSiSCSI - ok 19:22:59.0620 3012 msiserver - ok 19:22:59.0640 3012 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 19:22:59.0679 3012 MSKSSRV - ok 19:22:59.0686 3012 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 19:22:59.0728 3012 MSPCLOCK - ok 19:22:59.0731 3012 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 19:22:59.0775 3012 MSPQM - ok 19:22:59.0823 3012 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 19:22:59.0836 3012 MsRPC - ok 19:22:59.0865 3012 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 19:22:59.0873 3012 mssmbios - ok 19:22:59.0886 3012 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 19:22:59.0920 3012 MSTEE - ok 19:22:59.0923 3012 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 19:22:59.0937 3012 MTConfig - ok 19:22:59.0957 3012 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys 19:22:59.0985 3012 MTsensor - ok 19:23:00.0014 3012 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 19:23:00.0023 3012 Mup - ok 19:23:00.0070 3012 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 19:23:00.0102 3012 napagent - ok 19:23:00.0151 3012 NasPmService - ok 19:23:00.0193 3012 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 19:23:00.0214 3012 NativeWifiP - ok 19:23:00.0273 3012 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 19:23:00.0292 3012 NDIS - ok 19:23:00.0311 3012 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 19:23:00.0339 3012 NdisCap - ok 19:23:00.0357 3012 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 19:23:00.0392 3012 NdisTapi - ok 19:23:00.0426 3012 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 19:23:00.0454 3012 Ndisuio - ok 19:23:00.0487 3012 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 19:23:00.0525 3012 NdisWan - ok 19:23:00.0559 3012 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 19:23:00.0593 3012 NDProxy - ok 19:23:00.0622 3012 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 19:23:00.0671 3012 NetBIOS - ok 19:23:00.0703 3012 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 19:23:00.0737 3012 NetBT - ok 19:23:00.0753 3012 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:23:00.0765 3012 Netlogon - ok 19:23:00.0802 3012 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 19:23:00.0833 3012 Netman - ok 19:23:00.0857 3012 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 19:23:00.0897 3012 netprofm - ok 19:23:00.0969 3012 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 19:23:00.0977 3012 NetTcpPortSharing - ok 19:23:01.0002 3012 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 19:23:01.0012 3012 nfrd960 - ok 19:23:01.0054 3012 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 19:23:01.0103 3012 NlaSvc - ok 19:23:01.0123 3012 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 19:23:01.0152 3012 Npfs - ok 19:23:01.0177 3012 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 19:23:01.0206 3012 nsi - ok 19:23:01.0220 3012 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 19:23:01.0249 3012 nsiproxy - ok 19:23:01.0333 3012 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 19:23:01.0384 3012 Ntfs - ok 19:23:01.0453 3012 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 19:23:01.0488 3012 Null - ok 19:23:01.0530 3012 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 19:23:01.0540 3012 nvraid - ok 19:23:01.0575 3012 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 19:23:01.0586 3012 nvstor - ok 19:23:01.0604 3012 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 19:23:01.0613 3012 nv_agp - ok 19:23:01.0639 3012 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 19:23:01.0648 3012 ohci1394 - ok 19:23:01.0740 3012 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:23:01.0748 3012 ose - ok 19:23:01.0917 3012 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 19:23:02.0024 3012 osppsvc - ok 19:23:02.0095 3012 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 19:23:02.0112 3012 p2pimsvc - ok 19:23:02.0143 3012 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 19:23:02.0156 3012 p2psvc - ok 19:23:02.0199 3012 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 19:23:02.0211 3012 Parport - ok 19:23:02.0245 3012 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 19:23:02.0254 3012 partmgr - ok 19:23:02.0337 3012 PassThru Service (afada8b97be3c9398dc6c770409c3544) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 19:23:02.0340 3012 PassThru Service ( UnsignedFile.Multi.Generic ) - warning 19:23:02.0340 3012 PassThru Service - detected UnsignedFile.Multi.Generic (1) 19:23:02.0358 3012 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 19:23:02.0380 3012 PcaSvc - ok 19:23:02.0416 3012 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 19:23:02.0427 3012 pci - ok 19:23:02.0435 3012 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 19:23:02.0443 3012 pciide - ok 19:23:02.0478 3012 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 19:23:02.0489 3012 pcmcia - ok 19:23:02.0502 3012 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 19:23:02.0511 3012 pcw - ok 19:23:02.0533 3012 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 19:23:02.0574 3012 PEAUTH - ok 19:23:02.0637 3012 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 19:23:02.0655 3012 PerfHost - ok 19:23:02.0735 3012 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 19:23:02.0774 3012 pla - ok 19:23:02.0802 3012 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 19:23:02.0826 3012 PlugPlay - ok 19:23:02.0844 3012 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 19:23:02.0860 3012 PNRPAutoReg - ok 19:23:02.0887 3012 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 19:23:02.0897 3012 PNRPsvc - ok 19:23:02.0956 3012 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys 19:23:02.0962 3012 Point64 - ok 19:23:03.0012 3012 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 19:23:03.0052 3012 PolicyAgent - ok 19:23:03.0078 3012 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 19:23:03.0109 3012 Power - ok 19:23:03.0149 3012 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 19:23:03.0185 3012 PptpMiniport - ok 19:23:03.0213 3012 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 19:23:03.0227 3012 Processor - ok 19:23:03.0258 3012 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 19:23:03.0289 3012 ProfSvc - ok 19:23:03.0312 3012 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:23:03.0322 3012 ProtectedStorage - ok 19:23:03.0357 3012 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 19:23:03.0397 3012 Psched - ok 19:23:03.0456 3012 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 19:23:03.0502 3012 ql2300 - ok 19:23:03.0598 3012 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 19:23:03.0607 3012 ql40xx - ok 19:23:03.0637 3012 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 19:23:03.0655 3012 QWAVE - ok 19:23:03.0662 3012 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 19:23:03.0675 3012 QWAVEdrv - ok 19:23:03.0685 3012 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 19:23:03.0719 3012 RasAcd - ok 19:23:03.0747 3012 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 19:23:03.0777 3012 RasAgileVpn - ok 19:23:03.0788 3012 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 19:23:03.0829 3012 RasAuto - ok 19:23:03.0862 3012 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 19:23:03.0890 3012 Rasl2tp - ok 19:23:03.0930 3012 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 19:23:03.0974 3012 RasMan - ok 19:23:03.0993 3012 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 19:23:04.0045 3012 RasPppoe - ok 19:23:04.0080 3012 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 19:23:04.0119 3012 RasSstp - ok 19:23:04.0142 3012 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 19:23:04.0181 3012 rdbss - ok 19:23:04.0197 3012 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 19:23:04.0210 3012 rdpbus - ok 19:23:04.0221 3012 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 19:23:04.0256 3012 RDPCDD - ok 19:23:04.0268 3012 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 19:23:04.0310 3012 RDPENCDD - ok 19:23:04.0313 3012 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 19:23:04.0341 3012 RDPREFMP - ok 19:23:04.0383 3012 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 19:23:04.0407 3012 RDPWD - ok 19:23:04.0467 3012 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 19:23:04.0477 3012 rdyboost - ok 19:23:04.0500 3012 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 19:23:04.0529 3012 RemoteAccess - ok 19:23:04.0548 3012 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 19:23:04.0592 3012 RemoteRegistry - ok 19:23:04.0635 3012 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 19:23:04.0657 3012 RFCOMM - ok 19:23:04.0684 3012 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys 19:23:04.0699 3012 RimUsb - ok 19:23:04.0739 3012 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys 19:23:04.0747 3012 RimVSerPort - ok 19:23:04.0765 3012 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys 19:23:04.0807 3012 ROOTMODEM - ok 19:23:04.0835 3012 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 19:23:04.0876 3012 RpcEptMapper - ok 19:23:04.0901 3012 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 19:23:04.0922 3012 RpcLocator - ok 19:23:04.0971 3012 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 19:23:05.0002 3012 RpcSs - ok 19:23:05.0023 3012 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 19:23:05.0054 3012 rspndr - ok 19:23:05.0110 3012 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys 19:23:05.0123 3012 RTL8167 - ok 19:23:05.0136 3012 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:23:05.0147 3012 SamSs - ok 19:23:05.0180 3012 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 19:23:05.0188 3012 sbp2port - ok 19:23:05.0216 3012 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 19:23:05.0259 3012 SCardSvr - ok 19:23:05.0286 3012 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 19:23:05.0319 3012 scfilter - ok 19:23:05.0385 3012 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 19:23:05.0434 3012 Schedule - ok 19:23:05.0470 3012 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 19:23:05.0498 3012 SCPolicySvc - ok 19:23:05.0510 3012 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 19:23:05.0537 3012 SDRSVC - ok 19:23:05.0594 3012 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 19:23:05.0625 3012 secdrv - ok 19:23:05.0662 3012 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 19:23:05.0696 3012 seclogon - ok 19:23:05.0719 3012 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 19:23:05.0750 3012 SENS - ok 19:23:05.0774 3012 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 19:23:05.0785 3012 SensrSvc - ok 19:23:05.0788 3012 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 19:23:05.0810 3012 Serenum - ok 19:23:05.0844 3012 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 19:23:05.0853 3012 Serial - ok 19:23:05.0884 3012 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 19:23:05.0904 3012 sermouse - ok 19:23:05.0949 3012 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 19:23:05.0987 3012 SessionEnv - ok 19:23:06.0012 3012 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 19:23:06.0029 3012 sffdisk - ok 19:23:06.0047 3012 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 19:23:06.0057 3012 sffp_mmc - ok 19:23:06.0065 3012 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 19:23:06.0091 3012 sffp_sd - ok 19:23:06.0110 3012 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 19:23:06.0129 3012 sfloppy - ok 19:23:06.0169 3012 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 19:23:06.0204 3012 SharedAccess - ok 19:23:06.0248 3012 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 19:23:06.0288 3012 ShellHWDetection - ok 19:23:06.0301 3012 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:23:06.0310 3012 SiSRaid2 - ok 19:23:06.0320 3012 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 19:23:06.0328 3012 SiSRaid4 - ok 19:23:06.0342 3012 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 19:23:06.0383 3012 Smb - ok 19:23:06.0412 3012 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 19:23:06.0424 3012 SNMPTRAP - ok 19:23:06.0435 3012 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 19:23:06.0443 3012 spldr - ok 19:23:06.0472 3012 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 19:23:06.0510 3012 Spooler - ok 19:23:06.0628 3012 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 19:23:06.0698 3012 sppsvc - ok 19:23:07.0014 3012 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 19:23:07.0043 3012 sppuinotify - ok 19:23:07.0096 3012 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 19:23:07.0120 3012 srv - ok 19:23:07.0143 3012 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 19:23:07.0154 3012 srv2 - ok 19:23:07.0168 3012 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 19:23:07.0189 3012 srvnet - ok 19:23:07.0239 3012 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys 19:23:07.0259 3012 ssadbus - ok 19:23:07.0286 3012 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys 19:23:07.0294 3012 ssadmdfl - ok 19:23:07.0312 3012 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys 19:23:07.0337 3012 ssadmdm - ok 19:23:07.0373 3012 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 19:23:07.0418 3012 SSDPSRV - ok 19:23:07.0436 3012 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 19:23:07.0469 3012 SstpSvc - ok 19:23:07.0487 3012 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 19:23:07.0495 3012 stexstor - ok 19:23:07.0554 3012 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 19:23:07.0571 3012 stisvc - ok 19:23:07.0605 3012 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 19:23:07.0612 3012 swenum - ok 19:23:07.0636 3012 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 19:23:07.0670 3012 swprv - ok 19:23:07.0700 3012 sxuptp (e4154c5ce666b713de9398c053d8fb7e) C:\Windows\system32\DRIVERS\sxuptp.sys 19:23:07.0718 3012 sxuptp - ok 19:23:07.0839 3012 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 19:23:07.0868 3012 SysMain - ok 19:23:07.0947 3012 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 19:23:07.0961 3012 TabletInputService - ok 19:23:08.0014 3012 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 19:23:08.0055 3012 TapiSrv - ok 19:23:08.0075 3012 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 19:23:08.0105 3012 TBS - ok 19:23:08.0207 3012 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 19:23:08.0240 3012 Tcpip - ok 19:23:08.0368 3012 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 19:23:08.0400 3012 TCPIP6 - ok 19:23:08.0461 3012 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 19:23:08.0501 3012 tcpipreg - ok 19:23:08.0525 3012 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 19:23:08.0542 3012 TDPIPE - ok 19:23:08.0555 3012 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 19:23:08.0572 3012 TDTCP - ok 19:23:08.0617 3012 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 19:23:08.0648 3012 tdx - ok 19:23:08.0782 3012 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 19:23:08.0820 3012 TeamViewer7 - ok 19:23:08.0901 3012 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 19:23:08.0909 3012 TermDD - ok 19:23:08.0964 3012 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 19:23:08.0997 3012 TermService - ok 19:23:09.0013 3012 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 19:23:09.0039 3012 Themes - ok 19:23:09.0063 3012 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 19:23:09.0095 3012 THREADORDER - ok 19:23:09.0108 3012 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 19:23:09.0140 3012 TrkWks - ok 19:23:09.0198 3012 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 19:23:09.0247 3012 TrustedInstaller - ok 19:23:09.0279 3012 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 19:23:09.0313 3012 tssecsrv - ok 19:23:09.0354 3012 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 19:23:09.0362 3012 TsUsbFlt - ok 19:23:09.0408 3012 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 19:23:09.0446 3012 tunnel - ok 19:23:09.0466 3012 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 19:23:09.0474 3012 uagp35 - ok 19:23:09.0522 3012 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 19:23:09.0554 3012 udfs - ok 19:23:09.0581 3012 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 19:23:09.0592 3012 UI0Detect - ok 19:23:09.0627 3012 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 19:23:09.0635 3012 uliagpkx - ok 19:23:09.0678 3012 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 19:23:09.0697 3012 umbus - ok 19:23:09.0700 3012 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 19:23:09.0711 3012 UmPass - ok 19:23:09.0735 3012 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 19:23:09.0789 3012 upnphost - ok 19:23:09.0825 3012 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 19:23:09.0832 3012 USBAAPL64 - ok 19:23:09.0865 3012 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 19:23:09.0897 3012 usbaudio - ok 19:23:09.0932 3012 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 19:23:09.0942 3012 usbccgp - ok 19:23:09.0984 3012 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 19:23:09.0998 3012 usbcir - ok 19:23:10.0011 3012 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 19:23:10.0035 3012 usbehci - ok 19:23:10.0067 3012 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 19:23:10.0087 3012 usbhub - ok 19:23:10.0098 3012 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 19:23:10.0114 3012 usbohci - ok 19:23:10.0144 3012 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 19:23:10.0165 3012 usbprint - ok 19:23:10.0188 3012 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 19:23:10.0213 3012 usbscan - ok 19:23:10.0224 3012 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:23:10.0232 3012 USBSTOR - ok 19:23:10.0236 3012 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 19:23:10.0255 3012 usbuhci - ok 19:23:10.0292 3012 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 19:23:10.0305 3012 usbvideo - ok 19:23:10.0322 3012 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 19:23:10.0361 3012 UxSms - ok 19:23:10.0394 3012 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:23:10.0403 3012 VaultSvc - ok 19:23:10.0445 3012 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 19:23:10.0453 3012 vdrvroot - ok 19:23:10.0502 3012 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 19:23:10.0533 3012 vds - ok 19:23:10.0564 3012 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 19:23:10.0577 3012 vga - ok 19:23:10.0587 3012 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 19:23:10.0615 3012 VgaSave - ok 19:23:10.0636 3012 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 19:23:10.0646 3012 vhdmp - ok 19:23:10.0716 3012 VIAHdAudAddService (ba1da5cd689e9473d99731a2e1ff2fb5) C:\Windows\system32\drivers\viahduaa.sys 19:23:10.0739 3012 VIAHdAudAddService - ok 19:23:10.0750 3012 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 19:23:10.0759 3012 viaide - ok 19:23:10.0774 3012 VIAKaraokeService (f4310278e6ce1c507b5555b662369e26) C:\Windows\system32\viakaraokesrv.exe 19:23:10.0780 3012 VIAKaraokeService - ok 19:23:10.0807 3012 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 19:23:10.0816 3012 volmgr - ok 19:23:10.0864 3012 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 19:23:10.0875 3012 volmgrx - ok 19:23:10.0901 3012 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 19:23:10.0913 3012 volsnap - ok 19:23:10.0936 3012 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 19:23:10.0946 3012 vsmraid - ok 19:23:11.0033 3012 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 19:23:11.0082 3012 VSS - ok 19:23:11.0162 3012 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 19:23:11.0175 3012 vwifibus - ok 19:23:11.0213 3012 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 19:23:11.0244 3012 W32Time - ok 19:23:11.0258 3012 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 19:23:11.0277 3012 WacomPen - ok 19:23:11.0316 3012 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 19:23:11.0351 3012 WANARP - ok 19:23:11.0354 3012 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 19:23:11.0387 3012 Wanarpv6 - ok 19:23:11.0452 3012 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 19:23:11.0486 3012 WatAdminSvc - ok 19:23:11.0569 3012 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 19:23:11.0604 3012 wbengine - ok 19:23:11.0671 3012 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 19:23:11.0684 3012 WbioSrvc - ok 19:23:11.0730 3012 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 19:23:11.0749 3012 wcncsvc - ok 19:23:11.0757 3012 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 19:23:11.0780 3012 WcsPlugInService - ok 19:23:11.0820 3012 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 19:23:11.0828 3012 Wd - ok 19:23:11.0863 3012 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 19:23:11.0878 3012 Wdf01000 - ok 19:23:11.0891 3012 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 19:23:11.0904 3012 WdiServiceHost - ok 19:23:11.0907 3012 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 19:23:11.0923 3012 WdiSystemHost - ok 19:23:11.0960 3012 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 19:23:11.0989 3012 WebClient - ok 19:23:12.0020 3012 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 19:23:12.0057 3012 Wecsvc - ok 19:23:12.0074 3012 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 19:23:12.0103 3012 wercplsupport - ok 19:23:12.0129 3012 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 19:23:12.0158 3012 WerSvc - ok 19:23:12.0219 3012 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 19:23:12.0247 3012 WfpLwf - ok 19:23:12.0257 3012 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 19:23:12.0268 3012 WIMMount - ok 19:23:12.0294 3012 WinDefend - ok 19:23:12.0300 3012 WinHttpAutoProxySvc - ok 19:23:12.0350 3012 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 19:23:12.0392 3012 Winmgmt - ok 19:23:12.0485 3012 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 19:23:12.0530 3012 WinRM - ok 19:23:12.0631 3012 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 19:23:12.0641 3012 WinUsb - ok 19:23:12.0693 3012 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 19:23:12.0732 3012 Wlansvc - ok 19:23:12.0789 3012 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 19:23:12.0795 3012 wlcrasvc - ok 19:23:12.0905 3012 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 19:23:12.0956 3012 wlidsvc - ok 19:23:13.0055 3012 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 19:23:13.0072 3012 WmiAcpi - ok 19:23:13.0129 3012 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 19:23:13.0139 3012 wmiApSrv - ok 19:23:13.0187 3012 WMPNetworkSvc - ok 19:23:13.0212 3012 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 19:23:13.0220 3012 WPCSvc - ok 19:23:13.0254 3012 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 19:23:13.0265 3012 WPDBusEnum - ok 19:23:13.0282 3012 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 19:23:13.0311 3012 ws2ifsl - ok 19:23:13.0324 3012 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 19:23:13.0348 3012 wscsvc - ok 19:23:13.0351 3012 WSearch - ok 19:23:13.0447 3012 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 19:23:13.0513 3012 wuauserv - ok 19:23:13.0613 3012 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 19:23:13.0643 3012 WudfPf - ok 19:23:13.0660 3012 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 19:23:13.0691 3012 WUDFRd - ok 19:23:13.0722 3012 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 19:23:13.0750 3012 wudfsvc - ok 19:23:13.0786 3012 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 19:23:13.0810 3012 WwanSvc - ok 19:23:13.0854 3012 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 19:23:14.0046 3012 \Device\Harddisk0\DR0 - ok 19:23:14.0059 3012 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1 19:23:14.0269 3012 \Device\Harddisk1\DR1 - ok 19:23:14.0286 3012 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR5 19:23:15.0082 3012 \Device\Harddisk5\DR5 - ok 19:23:15.0085 3012 Boot (0x1200) (fa52766619ed740157d34ba4eff117cb) \Device\Harddisk0\DR0\Partition0 19:23:15.0087 3012 \Device\Harddisk0\DR0\Partition0 - ok 19:23:15.0089 3012 Boot (0x1200) (77e8c0059b744097c522802e36d12b0a) \Device\Harddisk1\DR1\Partition0 19:23:15.0090 3012 \Device\Harddisk1\DR1\Partition0 - ok 19:23:15.0101 3012 Boot (0x1200) (d444a41f370a434b3184558f414d1e94) \Device\Harddisk1\DR1\Partition1 19:23:15.0102 3012 \Device\Harddisk1\DR1\Partition1 - ok 19:23:15.0112 3012 Boot (0x1200) (6b074784daa9b3d150985369aa4c5648) \Device\Harddisk5\DR5\Partition0 19:23:15.0115 3012 \Device\Harddisk5\DR5\Partition0 - ok 19:23:15.0116 3012 ============================================================ 19:23:15.0116 3012 Scan finished 19:23:15.0116 3012 ============================================================ 19:23:15.0125 1880 Detected object count: 1 19:23:15.0125 1880 Actual detected object count: 1 19:23:23.0905 1880 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user 19:23:23.0906 1880 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip -
Hi, Recently ive had random access to certain webpages, mainly FaceBook and eBay, amongst a few others. Pinging them shows they're up, and i can access them from other devices on my network, but they just won't load on my PC. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:16:39, on 16/06/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe C:\Program Files (x86)\mIRC\mirc.exe C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: FCToolbarURLSearchHook Class - {ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d} - C:\Program Files (x86)\Nectar Search Toolbar\Helper.dll R3 - URLSearchHook: (no name) - - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: FCTBPos00Pos - {B7C2F0D8-2209-4693-A15D-5A537211D48B} - C:\Program Files (x86)\Nectar Search Toolbar\Toolbar.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BingExt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BingExt.dll" (file missing) O3 - Toolbar: Nectar Search Toolbar - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files (x86)\Nectar Search Toolbar\Toolbar.dll O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml O4 - HKLM\..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Kkthnx\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Belkin Network USB Hub Control Center.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe O4 - Startup: BUFFALO NAS Navigator2.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe O4 - Startup: NAS Scheduler.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.clonewarsadventures.com O15 - Trusted Zone: *.freerealms.com O15 - Trusted Zone: *.soe.com O15 - Trusted Zone: *.sony.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NAS PM Service (NasPmService) - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13646 bytes