Jump to content

Random loss of access to certain webpages and lag.


Recommended Posts

Hi,

Recently ive had random access to certain webpages, mainly FaceBook and eBay, amongst a few others. Pinging them shows they're up, and i can access them from other devices on my network, but they just won't load on my PC.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:16:39, on 16/06/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16446)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe

C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe

C:\Program Files (x86)\mIRC\mirc.exe

C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: FCToolbarURLSearchHook Class - {ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d} - C:\Program Files (x86)\Nectar Search Toolbar\Helper.dll

R3 - URLSearchHook: (no name) - - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: FCTBPos00Pos - {B7C2F0D8-2209-4693-A15D-5A537211D48B} - C:\Program Files (x86)\Nectar Search Toolbar\Toolbar.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BingExt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BingExt.dll" (file missing)

O3 - Toolbar: Nectar Search Toolbar - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files (x86)\Nectar Search Toolbar\Toolbar.dll

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

O4 - HKLM\..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Kkthnx\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: Belkin Network USB Hub Control Center.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe

O4 - Startup: BUFFALO NAS Navigator2.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe

O4 - Startup: NAS Scheduler.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NAS PM Service (NasPmService) - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 13646 bytes

Edited by Maurice Naggar
Codebox removed
Link to post
Share on other sites

Hello and welcome to MalwareBytes forums.

Do me a big favor: do not put logs/reports inside Code blocks. Just simply Copy & Paste. TIA.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT by doing a Right-Click on it & select Run As Admisnistrator

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 4

Please read carefully and follow these steps.

  • Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  • Download TDSSKiller and save it to your Desktop.
  • If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
    If on Windows XP, double-click to start.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Then press Start Scan

When the scan is done, it will display a summary screen.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

Create a new folder on your C drive, name it ARK ===> C:\\ARK

Go Here and click the "Download EXE" button & Save the file to ARK folder

RIGHT-click the exe and select Run As Administrator to launch the program. (If you get an immediate message about rootkit activity, ignore and proceed with instructuions please)

Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Attach the results here in your reply.

Step 6

RE-Enable your antivirus program. excl.png

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
Then copy/paste the following into your post (in order):
  • the contents of aswMBR report;
  • the contents of TDSSKILLER log;
  • the contents of GMER log;
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-06-16 19:20:42

-----------------------------

19:20:42.432 OS Version: Windows x64 6.1.7601 Service Pack 1

19:20:42.432 Number of processors: 4 586 0x2505

19:20:42.433 ComputerName: KKTHNX-PC UserName: Kkthnx

19:20:43.391 Initialize success

19:21:43.860 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3

19:21:43.861 Disk 0 Vendor: Maxtor_6Y250M0 YAR511W0 Size: 239372MB BusType: 3

19:21:43.863 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4

19:21:43.864 Disk 1 Vendor: WDC_WD5000AAKX-001CA0 15.01H15 Size: 476940MB BusType: 3

19:21:43.871 Disk 1 MBR read successfully

19:21:43.872 Disk 1 MBR scan

19:21:43.874 Disk 1 Windows 7 default MBR code

19:21:43.877 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

19:21:43.888 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848

19:21:43.910 Disk 1 scanning C:\Windows\system32\drivers

19:21:49.541 Service scanning

19:22:01.472 Modules scanning

19:22:01.478 Scan finished successfully

19:27:07.377 Disk 1 MBR has been saved successfully to "C:\Users\Kkthnx\Desktop\MBR.dat"

19:27:07.384 The log file has been saved successfully to "C:\Users\Kkthnx\Desktop\aswMBR.txt"

Fix wasn't clickable.

19:22:10.0143 4456 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31

19:22:10.0252 4456 ============================================================

19:22:10.0252 4456 Current date / time: 2012/06/16 19:22:10.0252

19:22:10.0252 4456 SystemInfo:

19:22:10.0252 4456

19:22:10.0252 4456 OS Version: 6.1.7601 ServicePack: 1.0

19:22:10.0252 4456 Product type: Workstation

19:22:10.0252 4456 ComputerName: KKTHNX-PC

19:22:10.0252 4456 UserName: Kkthnx

19:22:10.0252 4456 Windows directory: C:\Windows

19:22:10.0252 4456 System windows directory: C:\Windows

19:22:10.0252 4456 Running under WOW64

19:22:10.0252 4456 Processor architecture: Intel x64

19:22:10.0252 4456 Number of processors: 4

19:22:10.0252 4456 Page size: 0x1000

19:22:10.0252 4456 Boot type: Normal boot

19:22:10.0252 4456 ============================================================

19:22:11.0059 4456 Drive \Device\Harddisk0\DR0 - Size: 0x3A70C70000 (233.76 Gb), SectorSize: 0x200, Cylinders: 0x7733, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:22:11.0070 4456 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:22:11.0136 4456 Drive \Device\Harddisk5\DR5 - Size: 0x75400000 (1.83 Gb), SectorSize: 0x200, Cylinders: 0xEF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

19:22:11.0140 4456 ============================================================

19:22:11.0140 4456 \Device\Harddisk0\DR0:

19:22:11.0140 4456 MBR partitions:

19:22:11.0140 4456 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D385000

19:22:11.0140 4456 \Device\Harddisk1\DR1:

19:22:11.0140 4456 MBR partitions:

19:22:11.0140 4456 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

19:22:11.0140 4456 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000

19:22:11.0140 4456 \Device\Harddisk5\DR5:

19:22:11.0145 4456 MBR partitions:

19:22:11.0145 4456 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x6, StartLBA 0x200B, BlocksNum 0x3A7FF5

19:22:11.0145 4456 ============================================================

19:22:11.0181 4456 C: <-> \Device\Harddisk1\DR1\Partition1

19:22:11.0219 4456 D: <-> \Device\Harddisk0\DR0\Partition0

19:22:11.0219 4456 ============================================================

19:22:11.0219 4456 Initialize success

19:22:11.0219 4456 ============================================================

19:22:46.0394 3012 ============================================================

19:22:46.0394 3012 Scan started

19:22:46.0394 3012 Mode: Manual; SigCheck; TDLFS;

19:22:46.0394 3012 ============================================================

19:22:47.0153 3012 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

19:22:47.0203 3012 1394ohci - ok

19:22:47.0228 3012 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

19:22:47.0240 3012 ACPI - ok

19:22:47.0273 3012 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

19:22:47.0287 3012 AcpiPmi - ok

19:22:47.0343 3012 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

19:22:47.0349 3012 AdobeARMservice - ok

19:22:47.0431 3012 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

19:22:47.0441 3012 AdobeFlashPlayerUpdateSvc - ok

19:22:47.0482 3012 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

19:22:47.0497 3012 adp94xx - ok

19:22:47.0522 3012 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

19:22:47.0534 3012 adpahci - ok

19:22:47.0548 3012 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

19:22:47.0558 3012 adpu320 - ok

19:22:47.0580 3012 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

19:22:47.0609 3012 AeLookupSvc - ok

19:22:47.0659 3012 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

19:22:47.0693 3012 AFD - ok

19:22:47.0722 3012 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

19:22:47.0731 3012 agp440 - ok

19:22:47.0779 3012 AiCharger (254a19686e9c8e1b59ac06b7fd1e753c) C:\Windows\system32\DRIVERS\AiCharger.sys

19:22:47.0788 3012 AiCharger - ok

19:22:47.0804 3012 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

19:22:47.0824 3012 ALG - ok

19:22:47.0851 3012 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

19:22:47.0859 3012 aliide - ok

19:22:47.0894 3012 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe

19:22:47.0922 3012 AMD External Events Utility - ok

19:22:47.0930 3012 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

19:22:47.0937 3012 amdide - ok

19:22:47.0979 3012 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

19:22:48.0005 3012 AmdK8 - ok

19:22:48.0257 3012 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys

19:22:48.0425 3012 amdkmdag - ok

19:22:48.0524 3012 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys

19:22:48.0556 3012 amdkmdap - ok

19:22:48.0588 3012 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

19:22:48.0602 3012 AmdPPM - ok

19:22:48.0642 3012 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

19:22:48.0651 3012 amdsata - ok

19:22:48.0667 3012 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

19:22:48.0680 3012 amdsbs - ok

19:22:48.0690 3012 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

19:22:48.0700 3012 amdxata - ok

19:22:48.0740 3012 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

19:22:48.0778 3012 AppID - ok

19:22:48.0794 3012 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

19:22:48.0823 3012 AppIDSvc - ok

19:22:48.0869 3012 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

19:22:48.0914 3012 Appinfo - ok

19:22:48.0987 3012 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

19:22:48.0997 3012 Apple Mobile Device - ok

19:22:49.0049 3012 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

19:22:49.0062 3012 arc - ok

19:22:49.0072 3012 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

19:22:49.0082 3012 arcsas - ok

19:22:49.0112 3012 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

19:22:49.0153 3012 AsyncMac - ok

19:22:49.0187 3012 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

19:22:49.0198 3012 atapi - ok

19:22:49.0243 3012 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys

19:22:49.0252 3012 AtiHDAudioService - ok

19:22:49.0324 3012 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

19:22:49.0368 3012 AudioEndpointBuilder - ok

19:22:49.0373 3012 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

19:22:49.0412 3012 AudioSrv - ok

19:22:49.0591 3012 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

19:22:49.0665 3012 AVGIDSAgent - ok

19:22:49.0746 3012 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys

19:22:49.0753 3012 AVGIDSDriver - ok

19:22:49.0763 3012 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys

19:22:49.0769 3012 AVGIDSFilter - ok

19:22:49.0787 3012 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys

19:22:49.0794 3012 AVGIDSHA - ok

19:22:49.0817 3012 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys

19:22:49.0826 3012 Avgldx64 - ok

19:22:49.0842 3012 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys

19:22:49.0848 3012 Avgmfx64 - ok

19:22:49.0871 3012 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys

19:22:49.0877 3012 Avgrkx64 - ok

19:22:49.0920 3012 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys

19:22:49.0932 3012 Avgtdia - ok

19:22:49.0999 3012 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

19:22:50.0007 3012 avgwd - ok

19:22:50.0048 3012 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

19:22:50.0075 3012 AxInstSV - ok

19:22:50.0123 3012 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

19:22:50.0151 3012 b06bdrv - ok

19:22:50.0194 3012 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

19:22:50.0232 3012 b57nd60a - ok

19:22:50.0301 3012 BBSvc (ceabb1e93186e7056ea46cbad8f8fd85) C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BBSvc.exe

19:22:50.0311 3012 BBSvc - ok

19:22:50.0327 3012 BBUpdate (c0d34db1235b6a5c3df5a5c212d67f73) C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\SeaPort.exe

19:22:50.0338 3012 BBUpdate - ok

19:22:50.0366 3012 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

19:22:50.0384 3012 BDESVC - ok

19:22:50.0395 3012 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

19:22:50.0426 3012 Beep - ok

19:22:50.0487 3012 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

19:22:50.0534 3012 BFE - ok

19:22:50.0590 3012 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

19:22:50.0636 3012 BITS - ok

19:22:50.0687 3012 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

19:22:50.0696 3012 blbdrive - ok

19:22:50.0801 3012 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

19:22:50.0811 3012 Bonjour Service - ok

19:22:50.0850 3012 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

19:22:50.0858 3012 bowser - ok

19:22:50.0888 3012 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

19:22:50.0919 3012 BrFiltLo - ok

19:22:50.0921 3012 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

19:22:50.0932 3012 BrFiltUp - ok

19:22:50.0973 3012 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

19:22:51.0014 3012 Browser - ok

19:22:51.0036 3012 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

19:22:51.0048 3012 Brserid - ok

19:22:51.0052 3012 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

19:22:51.0073 3012 BrSerWdm - ok

19:22:51.0076 3012 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

19:22:51.0090 3012 BrUsbMdm - ok

19:22:51.0095 3012 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

19:22:51.0109 3012 BrUsbSer - ok

19:22:51.0156 3012 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

19:22:51.0179 3012 BthEnum - ok

19:22:51.0201 3012 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

19:22:51.0217 3012 BTHMODEM - ok

19:22:51.0237 3012 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

19:22:51.0260 3012 BthPan - ok

19:22:51.0296 3012 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

19:22:51.0327 3012 BTHPORT - ok

19:22:51.0356 3012 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

19:22:51.0384 3012 bthserv - ok

19:22:51.0397 3012 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

19:22:51.0417 3012 BTHUSB - ok

19:22:51.0440 3012 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

19:22:51.0468 3012 cdfs - ok

19:22:51.0509 3012 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

19:22:51.0529 3012 cdrom - ok

19:22:51.0566 3012 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

19:22:51.0613 3012 CertPropSvc - ok

19:22:51.0622 3012 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

19:22:51.0653 3012 circlass - ok

19:22:51.0695 3012 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

19:22:51.0708 3012 CLFS - ok

19:22:51.0766 3012 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:22:51.0775 3012 clr_optimization_v2.0.50727_32 - ok

19:22:51.0789 3012 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

19:22:51.0797 3012 clr_optimization_v2.0.50727_64 - ok

19:22:51.0861 3012 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:22:51.0869 3012 clr_optimization_v4.0.30319_32 - ok

19:22:51.0889 3012 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

19:22:51.0899 3012 clr_optimization_v4.0.30319_64 - ok

19:22:51.0933 3012 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

19:22:51.0946 3012 CmBatt - ok

19:22:51.0980 3012 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

19:22:51.0988 3012 cmdide - ok

19:22:52.0014 3012 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

19:22:52.0042 3012 CNG - ok

19:22:52.0050 3012 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

19:22:52.0057 3012 Compbatt - ok

19:22:52.0096 3012 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

19:22:52.0143 3012 CompositeBus - ok

19:22:52.0154 3012 COMSysApp - ok

19:22:52.0186 3012 cpuz135 (75dbd5db9892d7451d0429bec1aabe1a) C:\Windows\system32\drivers\cpuz135_x64.sys

19:22:52.0193 3012 cpuz135 - ok

19:22:52.0208 3012 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

19:22:52.0217 3012 crcdisk - ok

19:22:52.0265 3012 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

19:22:52.0277 3012 CryptSvc - ok

19:22:52.0311 3012 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys

19:22:52.0333 3012 dc3d - ok

19:22:52.0380 3012 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

19:22:52.0412 3012 DcomLaunch - ok

19:22:52.0452 3012 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

19:22:52.0499 3012 defragsvc - ok

19:22:52.0543 3012 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

19:22:52.0586 3012 DfsC - ok

19:22:52.0630 3012 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

19:22:52.0675 3012 Dhcp - ok

19:22:52.0697 3012 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

19:22:52.0734 3012 discache - ok

19:22:52.0761 3012 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

19:22:52.0770 3012 Disk - ok

19:22:52.0794 3012 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

19:22:52.0814 3012 Dnscache - ok

19:22:52.0861 3012 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

19:22:52.0912 3012 dot3svc - ok

19:22:52.0943 3012 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

19:22:52.0980 3012 DPS - ok

19:22:53.0005 3012 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

19:22:53.0016 3012 drmkaud - ok

19:22:53.0072 3012 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

19:22:53.0091 3012 DXGKrnl - ok

19:22:53.0112 3012 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

19:22:53.0154 3012 EapHost - ok

19:22:53.0254 3012 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

19:22:53.0320 3012 ebdrv - ok

19:22:53.0387 3012 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

19:22:53.0414 3012 EFS - ok

19:22:53.0494 3012 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

19:22:53.0509 3012 ehRecvr - ok

19:22:53.0529 3012 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

19:22:53.0539 3012 ehSched - ok

19:22:53.0587 3012 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

19:22:53.0603 3012 elxstor - ok

19:22:53.0627 3012 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

19:22:53.0649 3012 ErrDev - ok

19:22:53.0700 3012 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

19:22:53.0740 3012 EventSystem - ok

19:22:53.0759 3012 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

19:22:53.0794 3012 exfat - ok

19:22:53.0811 3012 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

19:22:53.0840 3012 fastfat - ok

19:22:53.0896 3012 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

19:22:53.0915 3012 Fax - ok

19:22:53.0919 3012 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

19:22:53.0933 3012 fdc - ok

19:22:53.0951 3012 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

19:22:53.0979 3012 fdPHost - ok

19:22:53.0989 3012 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

19:22:54.0042 3012 FDResPub - ok

19:22:54.0055 3012 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

19:22:54.0063 3012 FileInfo - ok

19:22:54.0072 3012 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

19:22:54.0105 3012 Filetrace - ok

19:22:54.0108 3012 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

19:22:54.0118 3012 flpydisk - ok

19:22:54.0159 3012 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

19:22:54.0172 3012 FltMgr - ok

19:22:54.0232 3012 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

19:22:54.0262 3012 FontCache - ok

19:22:54.0336 3012 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

19:22:54.0342 3012 FontCache3.0.0.0 - ok

19:22:54.0367 3012 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

19:22:54.0375 3012 FsDepends - ok

19:22:54.0397 3012 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys

19:22:54.0403 3012 fssfltr - ok

19:22:54.0508 3012 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

19:22:54.0553 3012 fsssvc - ok

19:22:54.0620 3012 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

19:22:54.0630 3012 Fs_Rec - ok

19:22:54.0669 3012 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

19:22:54.0681 3012 fvevol - ok

19:22:54.0706 3012 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

19:22:54.0715 3012 gagp30kx - ok

19:22:54.0750 3012 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

19:22:54.0755 3012 GEARAspiWDM - ok

19:22:54.0817 3012 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

19:22:54.0851 3012 gpsvc - ok

19:22:54.0921 3012 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:22:54.0928 3012 gupdate - ok

19:22:54.0932 3012 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:22:54.0939 3012 gupdatem - ok

19:22:54.0968 3012 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

19:22:54.0976 3012 gusvc - ok

19:22:55.0004 3012 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

19:22:55.0017 3012 hcw85cir - ok

19:22:55.0065 3012 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

19:22:55.0089 3012 HdAudAddService - ok

19:22:55.0148 3012 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

19:22:55.0185 3012 HDAudBus - ok

19:22:55.0188 3012 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

19:22:55.0200 3012 HidBatt - ok

19:22:55.0205 3012 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

19:22:55.0223 3012 HidBth - ok

19:22:55.0244 3012 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

19:22:55.0269 3012 HidIr - ok

19:22:55.0297 3012 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

19:22:55.0337 3012 hidserv - ok

19:22:55.0377 3012 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

19:22:55.0387 3012 HidUsb - ok

19:22:55.0426 3012 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

19:22:55.0464 3012 hkmsvc - ok

19:22:55.0501 3012 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

19:22:55.0535 3012 HomeGroupListener - ok

19:22:55.0569 3012 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

19:22:55.0588 3012 HomeGroupProvider - ok

19:22:55.0630 3012 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

19:22:55.0639 3012 HpSAMD - ok

19:22:55.0665 3012 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys

19:22:55.0676 3012 HTCAND64 - ok

19:22:55.0716 3012 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys

19:22:55.0722 3012 htcnprot - ok

19:22:55.0792 3012 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

19:22:55.0854 3012 HTTP - ok

19:22:55.0884 3012 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

19:22:55.0892 3012 hwpolicy - ok

19:22:55.0929 3012 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

19:22:55.0938 3012 i8042prt - ok

19:22:55.0994 3012 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

19:22:56.0008 3012 iaStorV - ok

19:22:56.0102 3012 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

19:22:56.0118 3012 idsvc - ok

19:22:56.0139 3012 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

19:22:56.0148 3012 iirsp - ok

19:22:56.0206 3012 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

19:22:56.0270 3012 IKEEXT - ok

19:22:56.0292 3012 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

19:22:56.0300 3012 intelide - ok

19:22:56.0318 3012 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

19:22:56.0329 3012 intelppm - ok

19:22:56.0350 3012 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

19:22:56.0401 3012 IPBusEnum - ok

19:22:56.0431 3012 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:22:56.0459 3012 IpFilterDriver - ok

19:22:56.0502 3012 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

19:22:56.0557 3012 iphlpsvc - ok

19:22:56.0680 3012 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

19:22:56.0715 3012 IPMIDRV - ok

19:22:56.0741 3012 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

19:22:56.0776 3012 IPNAT - ok

19:22:56.0859 3012 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

19:22:56.0882 3012 iPod Service - ok

19:22:56.0906 3012 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

19:22:56.0933 3012 IRENUM - ok

19:22:56.0949 3012 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

19:22:56.0957 3012 isapnp - ok

19:22:56.0995 3012 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

19:22:57.0006 3012 iScsiPrt - ok

19:22:57.0027 3012 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

19:22:57.0036 3012 kbdclass - ok

19:22:57.0073 3012 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

19:22:57.0096 3012 kbdhid - ok

19:22:57.0128 3012 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:22:57.0136 3012 KeyIso - ok

19:22:57.0146 3012 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

19:22:57.0154 3012 KSecDD - ok

19:22:57.0173 3012 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

19:22:57.0183 3012 KSecPkg - ok

19:22:57.0200 3012 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

19:22:57.0228 3012 ksthunk - ok

19:22:57.0250 3012 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

19:22:57.0302 3012 KtmRm - ok

19:22:57.0347 3012 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

19:22:57.0392 3012 LanmanServer - ok

19:22:57.0430 3012 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

19:22:57.0475 3012 LanmanWorkstation - ok

19:22:57.0491 3012 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys

19:22:57.0497 3012 LGBusEnum - ok

19:22:57.0532 3012 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys

19:22:57.0537 3012 LGVirHid - ok

19:22:57.0586 3012 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

19:22:57.0631 3012 lltdio - ok

19:22:57.0669 3012 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

19:22:57.0714 3012 lltdsvc - ok

19:22:57.0736 3012 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

19:22:57.0764 3012 lmhosts - ok

19:22:57.0822 3012 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

19:22:57.0831 3012 LSI_FC - ok

19:22:57.0872 3012 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

19:22:57.0881 3012 LSI_SAS - ok

19:22:57.0893 3012 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

19:22:57.0901 3012 LSI_SAS2 - ok

19:22:57.0907 3012 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

19:22:57.0917 3012 LSI_SCSI - ok

19:22:57.0944 3012 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

19:22:57.0984 3012 luafv - ok

19:22:58.0024 3012 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys

19:22:58.0031 3012 LVPr2M64 - ok

19:22:58.0048 3012 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys

19:22:58.0054 3012 LVPr2Mon - ok

19:22:58.0120 3012 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

19:22:58.0128 3012 LVPrcS64 - ok

19:22:58.0170 3012 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys

19:22:58.0179 3012 LVRS64 - ok

19:22:58.0355 3012 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys

19:22:58.0441 3012 LVUVC64 - ok

19:22:58.0518 3012 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

19:22:58.0528 3012 Mcx2Svc - ok

19:22:58.0555 3012 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

19:22:58.0563 3012 megasas - ok

19:22:58.0584 3012 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

19:22:58.0596 3012 MegaSR - ok

19:22:58.0630 3012 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

19:22:58.0658 3012 MMCSS - ok

19:22:58.0668 3012 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

19:22:58.0715 3012 Modem - ok

19:22:58.0753 3012 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

19:22:58.0781 3012 monitor - ok

19:22:58.0814 3012 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

19:22:58.0822 3012 mouclass - ok

19:22:58.0826 3012 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

19:22:58.0846 3012 mouhid - ok

19:22:58.0874 3012 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

19:22:58.0882 3012 mountmgr - ok

19:22:58.0920 3012 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

19:22:58.0933 3012 mpio - ok

19:22:58.0944 3012 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

19:22:58.0972 3012 mpsdrv - ok

19:22:59.0033 3012 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

19:22:59.0073 3012 MpsSvc - ok

19:22:59.0110 3012 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

19:22:59.0139 3012 MRxDAV - ok

19:22:59.0166 3012 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:22:59.0187 3012 mrxsmb - ok

19:22:59.0207 3012 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:22:59.0227 3012 mrxsmb10 - ok

19:22:59.0246 3012 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:22:59.0254 3012 mrxsmb20 - ok

19:22:59.0295 3012 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

19:22:59.0305 3012 msahci - ok

19:22:59.0343 3012 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

19:22:59.0352 3012 msdsm - ok

19:22:59.0388 3012 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

19:22:59.0399 3012 MSDTC - ok

19:22:59.0423 3012 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

19:22:59.0451 3012 Msfs - ok

19:22:59.0461 3012 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

19:22:59.0490 3012 mshidkmdf - ok

19:22:59.0524 3012 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

19:22:59.0531 3012 msisadrv - ok

19:22:59.0566 3012 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

19:22:59.0617 3012 MSiSCSI - ok

19:22:59.0620 3012 msiserver - ok

19:22:59.0640 3012 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

19:22:59.0679 3012 MSKSSRV - ok

19:22:59.0686 3012 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

19:22:59.0728 3012 MSPCLOCK - ok

19:22:59.0731 3012 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

19:22:59.0775 3012 MSPQM - ok

19:22:59.0823 3012 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

19:22:59.0836 3012 MsRPC - ok

19:22:59.0865 3012 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

19:22:59.0873 3012 mssmbios - ok

19:22:59.0886 3012 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

19:22:59.0920 3012 MSTEE - ok

19:22:59.0923 3012 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

19:22:59.0937 3012 MTConfig - ok

19:22:59.0957 3012 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys

19:22:59.0985 3012 MTsensor - ok

19:23:00.0014 3012 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

19:23:00.0023 3012 Mup - ok

19:23:00.0070 3012 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

19:23:00.0102 3012 napagent - ok

19:23:00.0151 3012 NasPmService - ok

19:23:00.0193 3012 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

19:23:00.0214 3012 NativeWifiP - ok

19:23:00.0273 3012 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

19:23:00.0292 3012 NDIS - ok

19:23:00.0311 3012 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

19:23:00.0339 3012 NdisCap - ok

19:23:00.0357 3012 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

19:23:00.0392 3012 NdisTapi - ok

19:23:00.0426 3012 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

19:23:00.0454 3012 Ndisuio - ok

19:23:00.0487 3012 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

19:23:00.0525 3012 NdisWan - ok

19:23:00.0559 3012 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

19:23:00.0593 3012 NDProxy - ok

19:23:00.0622 3012 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

19:23:00.0671 3012 NetBIOS - ok

19:23:00.0703 3012 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

19:23:00.0737 3012 NetBT - ok

19:23:00.0753 3012 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:23:00.0765 3012 Netlogon - ok

19:23:00.0802 3012 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

19:23:00.0833 3012 Netman - ok

19:23:00.0857 3012 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

19:23:00.0897 3012 netprofm - ok

19:23:00.0969 3012 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:23:00.0977 3012 NetTcpPortSharing - ok

19:23:01.0002 3012 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

19:23:01.0012 3012 nfrd960 - ok

19:23:01.0054 3012 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

19:23:01.0103 3012 NlaSvc - ok

19:23:01.0123 3012 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

19:23:01.0152 3012 Npfs - ok

19:23:01.0177 3012 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

19:23:01.0206 3012 nsi - ok

19:23:01.0220 3012 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

19:23:01.0249 3012 nsiproxy - ok

19:23:01.0333 3012 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

19:23:01.0384 3012 Ntfs - ok

19:23:01.0453 3012 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

19:23:01.0488 3012 Null - ok

19:23:01.0530 3012 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

19:23:01.0540 3012 nvraid - ok

19:23:01.0575 3012 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

19:23:01.0586 3012 nvstor - ok

19:23:01.0604 3012 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

19:23:01.0613 3012 nv_agp - ok

19:23:01.0639 3012 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

19:23:01.0648 3012 ohci1394 - ok

19:23:01.0740 3012 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:23:01.0748 3012 ose - ok

19:23:01.0917 3012 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

19:23:02.0024 3012 osppsvc - ok

19:23:02.0095 3012 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

19:23:02.0112 3012 p2pimsvc - ok

19:23:02.0143 3012 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

19:23:02.0156 3012 p2psvc - ok

19:23:02.0199 3012 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

19:23:02.0211 3012 Parport - ok

19:23:02.0245 3012 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

19:23:02.0254 3012 partmgr - ok

19:23:02.0337 3012 PassThru Service (afada8b97be3c9398dc6c770409c3544) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

19:23:02.0340 3012 PassThru Service ( UnsignedFile.Multi.Generic ) - warning

19:23:02.0340 3012 PassThru Service - detected UnsignedFile.Multi.Generic (1)

19:23:02.0358 3012 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

19:23:02.0380 3012 PcaSvc - ok

19:23:02.0416 3012 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

19:23:02.0427 3012 pci - ok

19:23:02.0435 3012 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

19:23:02.0443 3012 pciide - ok

19:23:02.0478 3012 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

19:23:02.0489 3012 pcmcia - ok

19:23:02.0502 3012 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

19:23:02.0511 3012 pcw - ok

19:23:02.0533 3012 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

19:23:02.0574 3012 PEAUTH - ok

19:23:02.0637 3012 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

19:23:02.0655 3012 PerfHost - ok

19:23:02.0735 3012 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

19:23:02.0774 3012 pla - ok

19:23:02.0802 3012 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

19:23:02.0826 3012 PlugPlay - ok

19:23:02.0844 3012 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

19:23:02.0860 3012 PNRPAutoReg - ok

19:23:02.0887 3012 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

19:23:02.0897 3012 PNRPsvc - ok

19:23:02.0956 3012 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys

19:23:02.0962 3012 Point64 - ok

19:23:03.0012 3012 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

19:23:03.0052 3012 PolicyAgent - ok

19:23:03.0078 3012 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

19:23:03.0109 3012 Power - ok

19:23:03.0149 3012 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

19:23:03.0185 3012 PptpMiniport - ok

19:23:03.0213 3012 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

19:23:03.0227 3012 Processor - ok

19:23:03.0258 3012 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

19:23:03.0289 3012 ProfSvc - ok

19:23:03.0312 3012 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:23:03.0322 3012 ProtectedStorage - ok

19:23:03.0357 3012 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

19:23:03.0397 3012 Psched - ok

19:23:03.0456 3012 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

19:23:03.0502 3012 ql2300 - ok

19:23:03.0598 3012 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

19:23:03.0607 3012 ql40xx - ok

19:23:03.0637 3012 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

19:23:03.0655 3012 QWAVE - ok

19:23:03.0662 3012 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

19:23:03.0675 3012 QWAVEdrv - ok

19:23:03.0685 3012 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

19:23:03.0719 3012 RasAcd - ok

19:23:03.0747 3012 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

19:23:03.0777 3012 RasAgileVpn - ok

19:23:03.0788 3012 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

19:23:03.0829 3012 RasAuto - ok

19:23:03.0862 3012 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:23:03.0890 3012 Rasl2tp - ok

19:23:03.0930 3012 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

19:23:03.0974 3012 RasMan - ok

19:23:03.0993 3012 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

19:23:04.0045 3012 RasPppoe - ok

19:23:04.0080 3012 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

19:23:04.0119 3012 RasSstp - ok

19:23:04.0142 3012 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

19:23:04.0181 3012 rdbss - ok

19:23:04.0197 3012 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

19:23:04.0210 3012 rdpbus - ok

19:23:04.0221 3012 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:23:04.0256 3012 RDPCDD - ok

19:23:04.0268 3012 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

19:23:04.0310 3012 RDPENCDD - ok

19:23:04.0313 3012 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

19:23:04.0341 3012 RDPREFMP - ok

19:23:04.0383 3012 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

19:23:04.0407 3012 RDPWD - ok

19:23:04.0467 3012 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

19:23:04.0477 3012 rdyboost - ok

19:23:04.0500 3012 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

19:23:04.0529 3012 RemoteAccess - ok

19:23:04.0548 3012 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

19:23:04.0592 3012 RemoteRegistry - ok

19:23:04.0635 3012 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

19:23:04.0657 3012 RFCOMM - ok

19:23:04.0684 3012 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys

19:23:04.0699 3012 RimUsb - ok

19:23:04.0739 3012 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

19:23:04.0747 3012 RimVSerPort - ok

19:23:04.0765 3012 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys

19:23:04.0807 3012 ROOTMODEM - ok

19:23:04.0835 3012 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

19:23:04.0876 3012 RpcEptMapper - ok

19:23:04.0901 3012 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

19:23:04.0922 3012 RpcLocator - ok

19:23:04.0971 3012 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

19:23:05.0002 3012 RpcSs - ok

19:23:05.0023 3012 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

19:23:05.0054 3012 rspndr - ok

19:23:05.0110 3012 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys

19:23:05.0123 3012 RTL8167 - ok

19:23:05.0136 3012 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:23:05.0147 3012 SamSs - ok

19:23:05.0180 3012 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

19:23:05.0188 3012 sbp2port - ok

19:23:05.0216 3012 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

19:23:05.0259 3012 SCardSvr - ok

19:23:05.0286 3012 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

19:23:05.0319 3012 scfilter - ok

19:23:05.0385 3012 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

19:23:05.0434 3012 Schedule - ok

19:23:05.0470 3012 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

19:23:05.0498 3012 SCPolicySvc - ok

19:23:05.0510 3012 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

19:23:05.0537 3012 SDRSVC - ok

19:23:05.0594 3012 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

19:23:05.0625 3012 secdrv - ok

19:23:05.0662 3012 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

19:23:05.0696 3012 seclogon - ok

19:23:05.0719 3012 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

19:23:05.0750 3012 SENS - ok

19:23:05.0774 3012 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

19:23:05.0785 3012 SensrSvc - ok

19:23:05.0788 3012 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

19:23:05.0810 3012 Serenum - ok

19:23:05.0844 3012 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

19:23:05.0853 3012 Serial - ok

19:23:05.0884 3012 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

19:23:05.0904 3012 sermouse - ok

19:23:05.0949 3012 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

19:23:05.0987 3012 SessionEnv - ok

19:23:06.0012 3012 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

19:23:06.0029 3012 sffdisk - ok

19:23:06.0047 3012 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

19:23:06.0057 3012 sffp_mmc - ok

19:23:06.0065 3012 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

19:23:06.0091 3012 sffp_sd - ok

19:23:06.0110 3012 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

19:23:06.0129 3012 sfloppy - ok

19:23:06.0169 3012 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

19:23:06.0204 3012 SharedAccess - ok

19:23:06.0248 3012 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

19:23:06.0288 3012 ShellHWDetection - ok

19:23:06.0301 3012 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

19:23:06.0310 3012 SiSRaid2 - ok

19:23:06.0320 3012 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

19:23:06.0328 3012 SiSRaid4 - ok

19:23:06.0342 3012 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

19:23:06.0383 3012 Smb - ok

19:23:06.0412 3012 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

19:23:06.0424 3012 SNMPTRAP - ok

19:23:06.0435 3012 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

19:23:06.0443 3012 spldr - ok

19:23:06.0472 3012 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

19:23:06.0510 3012 Spooler - ok

19:23:06.0628 3012 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

19:23:06.0698 3012 sppsvc - ok

19:23:07.0014 3012 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

19:23:07.0043 3012 sppuinotify - ok

19:23:07.0096 3012 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

19:23:07.0120 3012 srv - ok

19:23:07.0143 3012 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

19:23:07.0154 3012 srv2 - ok

19:23:07.0168 3012 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

19:23:07.0189 3012 srvnet - ok

19:23:07.0239 3012 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys

19:23:07.0259 3012 ssadbus - ok

19:23:07.0286 3012 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys

19:23:07.0294 3012 ssadmdfl - ok

19:23:07.0312 3012 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys

19:23:07.0337 3012 ssadmdm - ok

19:23:07.0373 3012 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

19:23:07.0418 3012 SSDPSRV - ok

19:23:07.0436 3012 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

19:23:07.0469 3012 SstpSvc - ok

19:23:07.0487 3012 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

19:23:07.0495 3012 stexstor - ok

19:23:07.0554 3012 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

19:23:07.0571 3012 stisvc - ok

19:23:07.0605 3012 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

19:23:07.0612 3012 swenum - ok

19:23:07.0636 3012 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

19:23:07.0670 3012 swprv - ok

19:23:07.0700 3012 sxuptp (e4154c5ce666b713de9398c053d8fb7e) C:\Windows\system32\DRIVERS\sxuptp.sys

19:23:07.0718 3012 sxuptp - ok

19:23:07.0839 3012 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

19:23:07.0868 3012 SysMain - ok

19:23:07.0947 3012 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

19:23:07.0961 3012 TabletInputService - ok

19:23:08.0014 3012 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

19:23:08.0055 3012 TapiSrv - ok

19:23:08.0075 3012 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

19:23:08.0105 3012 TBS - ok

19:23:08.0207 3012 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

19:23:08.0240 3012 Tcpip - ok

19:23:08.0368 3012 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

19:23:08.0400 3012 TCPIP6 - ok

19:23:08.0461 3012 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

19:23:08.0501 3012 tcpipreg - ok

19:23:08.0525 3012 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

19:23:08.0542 3012 TDPIPE - ok

19:23:08.0555 3012 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

19:23:08.0572 3012 TDTCP - ok

19:23:08.0617 3012 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

19:23:08.0648 3012 tdx - ok

19:23:08.0782 3012 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

19:23:08.0820 3012 TeamViewer7 - ok

19:23:08.0901 3012 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

19:23:08.0909 3012 TermDD - ok

19:23:08.0964 3012 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

19:23:08.0997 3012 TermService - ok

19:23:09.0013 3012 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

19:23:09.0039 3012 Themes - ok

19:23:09.0063 3012 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

19:23:09.0095 3012 THREADORDER - ok

19:23:09.0108 3012 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

19:23:09.0140 3012 TrkWks - ok

19:23:09.0198 3012 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

19:23:09.0247 3012 TrustedInstaller - ok

19:23:09.0279 3012 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:23:09.0313 3012 tssecsrv - ok

19:23:09.0354 3012 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

19:23:09.0362 3012 TsUsbFlt - ok

19:23:09.0408 3012 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

19:23:09.0446 3012 tunnel - ok

19:23:09.0466 3012 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

19:23:09.0474 3012 uagp35 - ok

19:23:09.0522 3012 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

19:23:09.0554 3012 udfs - ok

19:23:09.0581 3012 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

19:23:09.0592 3012 UI0Detect - ok

19:23:09.0627 3012 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

19:23:09.0635 3012 uliagpkx - ok

19:23:09.0678 3012 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

19:23:09.0697 3012 umbus - ok

19:23:09.0700 3012 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

19:23:09.0711 3012 UmPass - ok

19:23:09.0735 3012 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

19:23:09.0789 3012 upnphost - ok

19:23:09.0825 3012 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

19:23:09.0832 3012 USBAAPL64 - ok

19:23:09.0865 3012 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

19:23:09.0897 3012 usbaudio - ok

19:23:09.0932 3012 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

19:23:09.0942 3012 usbccgp - ok

19:23:09.0984 3012 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

19:23:09.0998 3012 usbcir - ok

19:23:10.0011 3012 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

19:23:10.0035 3012 usbehci - ok

19:23:10.0067 3012 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

19:23:10.0087 3012 usbhub - ok

19:23:10.0098 3012 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

19:23:10.0114 3012 usbohci - ok

19:23:10.0144 3012 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

19:23:10.0165 3012 usbprint - ok

19:23:10.0188 3012 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

19:23:10.0213 3012 usbscan - ok

19:23:10.0224 3012 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:23:10.0232 3012 USBSTOR - ok

19:23:10.0236 3012 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

19:23:10.0255 3012 usbuhci - ok

19:23:10.0292 3012 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

19:23:10.0305 3012 usbvideo - ok

19:23:10.0322 3012 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

19:23:10.0361 3012 UxSms - ok

19:23:10.0394 3012 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:23:10.0403 3012 VaultSvc - ok

19:23:10.0445 3012 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

19:23:10.0453 3012 vdrvroot - ok

19:23:10.0502 3012 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

19:23:10.0533 3012 vds - ok

19:23:10.0564 3012 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

19:23:10.0577 3012 vga - ok

19:23:10.0587 3012 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

19:23:10.0615 3012 VgaSave - ok

19:23:10.0636 3012 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

19:23:10.0646 3012 vhdmp - ok

19:23:10.0716 3012 VIAHdAudAddService (ba1da5cd689e9473d99731a2e1ff2fb5) C:\Windows\system32\drivers\viahduaa.sys

19:23:10.0739 3012 VIAHdAudAddService - ok

19:23:10.0750 3012 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

19:23:10.0759 3012 viaide - ok

19:23:10.0774 3012 VIAKaraokeService (f4310278e6ce1c507b5555b662369e26) C:\Windows\system32\viakaraokesrv.exe

19:23:10.0780 3012 VIAKaraokeService - ok

19:23:10.0807 3012 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

19:23:10.0816 3012 volmgr - ok

19:23:10.0864 3012 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

19:23:10.0875 3012 volmgrx - ok

19:23:10.0901 3012 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

19:23:10.0913 3012 volsnap - ok

19:23:10.0936 3012 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

19:23:10.0946 3012 vsmraid - ok

19:23:11.0033 3012 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

19:23:11.0082 3012 VSS - ok

19:23:11.0162 3012 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

19:23:11.0175 3012 vwifibus - ok

19:23:11.0213 3012 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

19:23:11.0244 3012 W32Time - ok

19:23:11.0258 3012 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

19:23:11.0277 3012 WacomPen - ok

19:23:11.0316 3012 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

19:23:11.0351 3012 WANARP - ok

19:23:11.0354 3012 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

19:23:11.0387 3012 Wanarpv6 - ok

19:23:11.0452 3012 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

19:23:11.0486 3012 WatAdminSvc - ok

19:23:11.0569 3012 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

19:23:11.0604 3012 wbengine - ok

19:23:11.0671 3012 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

19:23:11.0684 3012 WbioSrvc - ok

19:23:11.0730 3012 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

19:23:11.0749 3012 wcncsvc - ok

19:23:11.0757 3012 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

19:23:11.0780 3012 WcsPlugInService - ok

19:23:11.0820 3012 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

19:23:11.0828 3012 Wd - ok

19:23:11.0863 3012 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

19:23:11.0878 3012 Wdf01000 - ok

19:23:11.0891 3012 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

19:23:11.0904 3012 WdiServiceHost - ok

19:23:11.0907 3012 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

19:23:11.0923 3012 WdiSystemHost - ok

19:23:11.0960 3012 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

19:23:11.0989 3012 WebClient - ok

19:23:12.0020 3012 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

19:23:12.0057 3012 Wecsvc - ok

19:23:12.0074 3012 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

19:23:12.0103 3012 wercplsupport - ok

19:23:12.0129 3012 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

19:23:12.0158 3012 WerSvc - ok

19:23:12.0219 3012 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

19:23:12.0247 3012 WfpLwf - ok

19:23:12.0257 3012 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

19:23:12.0268 3012 WIMMount - ok

19:23:12.0294 3012 WinDefend - ok

19:23:12.0300 3012 WinHttpAutoProxySvc - ok

19:23:12.0350 3012 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

19:23:12.0392 3012 Winmgmt - ok

19:23:12.0485 3012 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

19:23:12.0530 3012 WinRM - ok

19:23:12.0631 3012 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

19:23:12.0641 3012 WinUsb - ok

19:23:12.0693 3012 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

19:23:12.0732 3012 Wlansvc - ok

19:23:12.0789 3012 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

19:23:12.0795 3012 wlcrasvc - ok

19:23:12.0905 3012 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

19:23:12.0956 3012 wlidsvc - ok

19:23:13.0055 3012 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

19:23:13.0072 3012 WmiAcpi - ok

19:23:13.0129 3012 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

19:23:13.0139 3012 wmiApSrv - ok

19:23:13.0187 3012 WMPNetworkSvc - ok

19:23:13.0212 3012 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

19:23:13.0220 3012 WPCSvc - ok

19:23:13.0254 3012 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

19:23:13.0265 3012 WPDBusEnum - ok

19:23:13.0282 3012 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

19:23:13.0311 3012 ws2ifsl - ok

19:23:13.0324 3012 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

19:23:13.0348 3012 wscsvc - ok

19:23:13.0351 3012 WSearch - ok

19:23:13.0447 3012 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

19:23:13.0513 3012 wuauserv - ok

19:23:13.0613 3012 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

19:23:13.0643 3012 WudfPf - ok

19:23:13.0660 3012 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:23:13.0691 3012 WUDFRd - ok

19:23:13.0722 3012 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

19:23:13.0750 3012 wudfsvc - ok

19:23:13.0786 3012 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

19:23:13.0810 3012 WwanSvc - ok

19:23:13.0854 3012 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

19:23:14.0046 3012 \Device\Harddisk0\DR0 - ok

19:23:14.0059 3012 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

19:23:14.0269 3012 \Device\Harddisk1\DR1 - ok

19:23:14.0286 3012 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR5

19:23:15.0082 3012 \Device\Harddisk5\DR5 - ok

19:23:15.0085 3012 Boot (0x1200) (fa52766619ed740157d34ba4eff117cb) \Device\Harddisk0\DR0\Partition0

19:23:15.0087 3012 \Device\Harddisk0\DR0\Partition0 - ok

19:23:15.0089 3012 Boot (0x1200) (77e8c0059b744097c522802e36d12b0a) \Device\Harddisk1\DR1\Partition0

19:23:15.0090 3012 \Device\Harddisk1\DR1\Partition0 - ok

19:23:15.0101 3012 Boot (0x1200) (d444a41f370a434b3184558f414d1e94) \Device\Harddisk1\DR1\Partition1

19:23:15.0102 3012 \Device\Harddisk1\DR1\Partition1 - ok

19:23:15.0112 3012 Boot (0x1200) (6b074784daa9b3d150985369aa4c5648) \Device\Harddisk5\DR5\Partition0

19:23:15.0115 3012 \Device\Harddisk5\DR5\Partition0 - ok

19:23:15.0116 3012 ============================================================

19:23:15.0116 3012 Scan finished

19:23:15.0116 3012 ============================================================

19:23:15.0125 1880 Detected object count: 1

19:23:15.0125 1880 Actual detected object count: 1

19:23:23.0905 1880 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user

19:23:23.0906 1880 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-06-16 19:36:28

Windows 6.1.7601 Service Pack 1

Running: 2022s9hg.exe

---- Files - GMER 1.0.15 ----

File C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Cookies\D7ONDCB1.txt 0 bytes

File C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Cookies\31XM5UUP.txt 0 bytes

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

OTL logfile created on: 16/06/2012 19:39:21 - Run 1

OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Kkthnx\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

15.99 Gb Total Physical Memory | 11.15 Gb Available Physical Memory | 69.74% Memory free

31.98 Gb Paging File | 26.26 Gb Available in Paging File | 82.12% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 251.92 Gb Free Space | 54.10% Space Free | Partition Type: NTFS

Drive D: | 233.76 Gb Total Space | 11.62 Gb Free Space | 4.97% Space Free | Partition Type: NTFS

Drive E: | 1.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive F: | 917.07 Gb Total Space | 467.70 Gb Free Space | 51.00% Space Free | Partition Type: NTFS

Drive G: | 917.07 Gb Total Space | 625.00 Gb Free Space | 68.15% Space Free | Partition Type: NTFS

Drive H: | 451.41 Gb Total Space | 398.90 Gb Free Space | 88.37% Space Free | Partition Type: NTFS

Drive I: | 358.28 Gb Total Space | 234.73 Gb Free Space | 65.52% Space Free | Partition Type: NTFS

Drive J: | 3696.91 Gb Total Space | 3621.68 Gb Free Space | 97.97% Space Free | Partition Type: NTFS

Drive K: | 358.28 Gb Total Space | 234.73 Gb Free Space | 65.52% Space Free | Partition Type: NTFS

Drive L: | 1.83 Gb Total Space | 1.82 Gb Free Space | 99.40% Space Free | Partition Type: FAT

Computer Name: KKTHNX-PC | User Name: Kkthnx | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/16 19:25:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kkthnx\Desktop\OTL.exe

PRC - [2012/06/16 19:24:01 | 000,302,592 | ---- | M] () -- C:\ARK\2022s9hg.exe

PRC - [2012/06/16 19:21:57 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kkthnx\Desktop\tdsskiller.exe

PRC - [2012/06/16 19:20:13 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Kkthnx\Desktop\aswMBR.exe

PRC - [2012/05/16 17:42:05 | 000,021,416 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

PRC - [2012/05/12 00:16:23 | 006,934,528 | ---- | M] () -- D:\Program Files (x86)\Sony\EverQuest\eqgame.exe

PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

PRC - [2012/04/27 02:13:06 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

PRC - [2012/04/21 18:53:14 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

PRC - [2012/04/16 17:49:06 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\SeaPort.EXE

PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

PRC - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

PRC - [2012/03/19 12:38:47 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

PRC - [2012/03/19 12:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2012/03/19 12:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe

PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

PRC - [2011/12/07 21:11:56 | 000,659,224 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe

PRC - [2011/10/31 14:53:44 | 000,251,760 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe

PRC - [2011/10/27 11:17:20 | 001,927,120 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe

PRC - [2011/10/13 10:58:04 | 003,256,408 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files (x86)\mIRC\mirc.exe

PRC - [2011/09/01 17:47:26 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

PRC - [2010/05/10 11:04:16 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe

PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

PRC - [2009/07/16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe

PRC - [2009/05/15 10:37:00 | 000,206,128 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe

PRC - [2007/09/28 08:34:58 | 000,790,651 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/16 19:24:01 | 000,302,592 | ---- | M] () -- C:\ARK\2022s9hg.exe

MOD - [2012/06/15 06:01:47 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bcec0e7db1d027328cc8cd702185fa66\PresentationFramework.ni.dll

MOD - [2012/06/15 06:01:37 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b460188cf6862491550a006c3660e2e6\PresentationCore.ni.dll

MOD - [2012/06/15 06:01:35 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll

MOD - [2012/06/15 06:01:28 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1d3c2d83da69c30ba8edf5cfea3c0057\WindowsBase.ni.dll

MOD - [2012/06/15 06:01:28 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll

MOD - [2012/06/12 13:49:37 | 001,624,576 | ---- | M] () -- C:\Users\Kkthnx\AppData\LocalLow\FCTB000061465\Toolbar\Toolbar.dll

MOD - [2012/06/12 13:49:37 | 001,624,576 | ---- | M] () -- C:\Program Files (x86)\Nectar Search Toolbar\Toolbar.dll

MOD - [2012/06/12 13:49:37 | 000,360,960 | ---- | M] () -- C:\Users\Kkthnx\AppData\LocalLow\FCTB000061465\Toolbar\Helper.dll

MOD - [2012/06/12 13:49:37 | 000,360,960 | ---- | M] () -- C:\Program Files (x86)\Nectar Search Toolbar\Helper.dll

MOD - [2012/06/10 15:52:17 | 000,115,137 | ---- | M] () -- C:\Users\Kkthnx\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll

MOD - [2012/05/30 20:30:34 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll

MOD - [2012/05/30 20:29:59 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/30 20:29:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/30 20:29:56 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/30 20:29:52 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2012/05/30 17:34:48 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\e72d56a0f58bcf95890614700f925609\System.Management.ni.dll

MOD - [2012/05/30 17:33:45 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e5f1db35163684e821bca4a2fb0311b1\System.Runtime.Remoting.ni.dll

MOD - [2012/05/30 17:33:41 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll

MOD - [2012/05/30 17:10:08 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3263fe38362543170c1682381eeac25a\PresentationFramework.Aero.ni.dll

MOD - [2012/05/30 17:07:40 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll

MOD - [2012/05/30 17:07:37 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll

MOD - [2012/05/30 17:07:32 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll

MOD - [2012/05/30 17:07:27 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll

MOD - [2012/05/16 17:42:05 | 000,021,416 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

MOD - [2012/04/17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll

MOD - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

MOD - [2012/04/17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll

MOD - [2012/04/17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll

MOD - [2012/04/17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll

MOD - [2012/04/17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll

MOD - [2012/04/17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll

MOD - [2012/04/17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll

MOD - [2012/04/17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll

MOD - [2012/01/12 00:54:44 | 000,220,672 | ---- | M] () -- C:\Users\Kkthnx\AppData\LocalLow\FCTB000061465\Toolbar\SearchComponent.dll

MOD - [2012/01/10 23:39:26 | 000,512,512 | ---- | M] () -- C:\Users\Kkthnx\AppData\LocalLow\FCTB000061465\Toolbar\emailchecker_plugin.dll

MOD - [2011/09/27 23:55:02 | 000,366,592 | ---- | M] () -- C:\Users\Kkthnx\AppData\LocalLow\FCTB000061465\Toolbar\RSSReader_plugin.dll

MOD - [2011/07/01 20:53:38 | 000,395,264 | ---- | M] () -- C:\Users\Kkthnx\AppData\LocalLow\FCTB000061465\Toolbar\RadioPlugin.dll

MOD - [2011/07/01 20:52:42 | 000,274,432 | ---- | M] () -- C:\Users\Kkthnx\AppData\LocalLow\FCTB000061465\Toolbar\bookmarksplugin.dll

MOD - [2011/07/01 20:52:02 | 000,281,088 | ---- | M] () -- C:\Users\Kkthnx\AppData\LocalLow\FCTB000061465\Toolbar\weatherplugin.dll

MOD - [2011/07/01 20:51:44 | 000,294,400 | ---- | M] () -- C:\Users\Kkthnx\AppData\LocalLow\FCTB000061465\Toolbar\msgboxplugin.dll

MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2009/10/14 13:36:34 | 000,181,592 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LvApi11\LvApi11.dll

MOD - [2009/07/16 15:36:20 | 000,138,000 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll

MOD - [2009/07/16 15:36:16 | 000,035,088 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll

MOD - [2009/07/16 15:36:16 | 000,028,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll

MOD - [2009/07/16 15:35:30 | 000,027,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll

MOD - [2009/07/16 15:35:20 | 000,363,792 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\qtxml4.dll

MOD - [2009/07/16 15:35:08 | 011,311,888 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll

MOD - [2009/07/16 15:34:56 | 000,199,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\qtsql4.dll

MOD - [2009/07/16 15:34:46 | 000,475,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll

MOD - [2009/07/16 15:34:34 | 000,968,976 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll

MOD - [2009/07/16 15:34:22 | 007,704,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll

MOD - [2009/07/16 15:34:22 | 002,140,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll

MOD - [2009/07/16 15:34:12 | 000,291,600 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/21 18:25:39 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)

SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/05/05 10:37:21 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2012/04/16 17:49:06 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/04/16 17:49:06 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BBSvc.EXE -- (BBSvc)

SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2012/03/19 12:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2011/10/31 14:53:44 | 000,251,760 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2012/03/09 10:57:36 | 000,023,816 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)

DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)

DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2011/12/05 20:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV:64bit: - [2011/07/20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)

DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/06/02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2011/06/02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV:64bit: - [2011/06/02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)

DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)

DRV:64bit: - [2010/05/15 12:11:48 | 001,327,520 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV:64bit: - [2010/05/05 16:38:26 | 000,014,592 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)

DRV:64bit: - [2009/11/24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)

DRV:64bit: - [2009/11/24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)

DRV:64bit: - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)

DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam E3500(UVC)

DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)

DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)

DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)

DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2007/10/03 07:42:00 | 000,078,952 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)

DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A 6D 39 86 D5 1F CD 01 [binary data]

IE - HKCU\..\URLSearchHook: - No CLSID value found

IE - HKCU\..\URLSearchHook: {ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d} - C:\Program Files (x86)\Nectar Search Toolbar\Helper.dll ()

IE - HKCU\..\SearchScopes,DefaultScope = {C76E7B3E-63CB-4631-BD31-D7B54ED128CC}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{300AC705-5124-4AC4-8CF7-A6FA705ABA8C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKCU\..\SearchScopes\{C76E7B3E-63CB-4631-BD31-D7B54ED128CC}: "URL" = http://uk.search.yahoo.com/search?ourmark=4&ei=utf-8&fr=nectar-tb-v2&slv8-&type=61465&p={searchTerms}&partnerId=

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kkthnx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kkthnx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/12 09:20:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/27 08:34:08 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Kkthnx\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kkthnx\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kkthnx\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Kkthnx\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Kkthnx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Kkthnx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Kkthnx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: AVG Safe Search = C:\Users\Kkthnx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\

CHR - Extension: AVG Do Not Track = C:\Users\Kkthnx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

CHR - Extension: Gmail = C:\Users\Kkthnx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found

O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)

O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (Nectar Search Toolbar BHO) - {B7C2F0D8-2209-4693-A15D-5A537211D48B} - C:\Program Files (x86)\Nectar Search Toolbar\Toolbar.dll ()

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BingExt.dll (Microsoft Corporation.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Nectar Search Toolbar) - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files (x86)\Nectar Search Toolbar\Toolbar.dll ()

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BingExt.dll (Microsoft Corporation.)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Nectar Search Toolbar) - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files (x86)\Nectar Search Toolbar\Toolbar.dll ()

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)

O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)

O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)

O4 - Startup: C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Network USB Hub Control Center.lnk = File not found

O4 - Startup: C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)

O4 - Startup: C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

O4 - Startup: C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EF0DD38-316B-4ED7-B4ED-BDFD0E35207D}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/03/19 20:22:44 | 000,000,175 | R--- | M] () - E:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{bf3cf6e4-8bbe-11e1-b12d-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{bf3cf6e4-8bbe-11e1-b12d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2010/03/20 02:00:10 | 000,464,248 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{bf3cf6e4-8bbe-11e1-b12d-806e6f6e6963}\Shell\configure\command - "" = E:\setup.exe -- [2010/03/20 02:00:10 | 000,464,248 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{bf3cf6e4-8bbe-11e1-b12d-806e6f6e6963}\Shell\install\command - "" = E:\setup.exe -- [2010/03/20 02:00:10 | 000,464,248 | R--- | M] (Microsoft Corporation)

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/16 19:25:45 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Kkthnx\Desktop\OTL.exe

[2012/06/16 19:23:39 | 000,000,000 | ---D | C] -- C:\ARK

[2012/06/16 19:21:57 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kkthnx\Desktop\tdsskiller.exe

[2012/06/16 19:20:13 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Kkthnx\Desktop\aswMBR.exe

[2012/06/16 19:15:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/06/16 19:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/06/16 19:14:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2012/06/16 17:04:52 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{EAB5EA8B-F283-4E02-8E29-65A8D25221F0}

[2012/06/15 05:55:15 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/06/15 05:55:15 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/06/15 05:55:14 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/06/15 05:55:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/06/15 05:55:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/06/15 05:55:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/06/15 05:55:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/06/15 05:55:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/06/15 05:55:09 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/06/15 05:55:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/06/15 05:55:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/06/15 05:55:09 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/06/15 05:55:09 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/06/15 05:54:32 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012/06/15 05:54:32 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012/06/15 05:54:31 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012/06/15 05:54:23 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2012/06/15 05:54:22 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2012/06/15 05:54:18 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll

[2012/06/15 05:54:18 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll

[2012/06/15 05:54:18 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe

[2012/06/15 05:53:46 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll

[2012/06/14 15:59:34 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{80924590-969B-4420-B4F7-B883B65C2F6B}

[2012/06/14 03:59:10 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{53A6CB1C-103E-4DB9-A1A2-677245F51E95}

[2012/06/13 15:58:46 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{3BAA178D-3C2B-4F2B-BF4C-E5F23ACF7B72}

[2012/06/13 03:58:22 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{A9279328-50C5-487E-A25F-AD8F461650FD}

[2012/06/12 15:57:58 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{A1B8270F-8EE6-486C-BAC5-C97E00CE10DD}

[2012/06/12 13:49:37 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nectar Search Toolbar

[2012/06/12 13:49:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nectar Search Toolbar

[2012/06/12 09:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2012/06/12 03:57:35 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{64C413CB-2B5C-4911-8EF0-913AD6B334EE}

[2012/06/11 15:57:11 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{B0D9E510-0FBD-409F-A87D-A0C5AAF70B3B}

[2012/06/11 03:56:47 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{F6BAD160-21BA-4765-AF0D-0AEBDE9F93C4}

[2012/06/10 22:15:45 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\Desktop\Wedding

[2012/06/10 19:45:07 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft

[2012/06/10 19:44:44 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\Desktop\Application Files

[2012/06/10 15:56:15 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{3812001B-B939-4C0E-A158-692A1F9AE27D}

[2012/06/10 15:56:03 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{B1A567E7-8194-414E-A4A3-FD7E9538ED9F}

[2012/06/10 15:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legends of Norrath

[2012/06/09 11:48:47 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{EA351766-0BE1-441F-BF9D-EB3EE56734A6}

[2012/06/09 11:48:35 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{6F8326E6-EF10-4885-966D-EF07678C653B}

[2012/06/06 20:52:24 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Roaming\AVG

[2012/06/06 20:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2012/06/06 20:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011

[2012/06/01 18:37:14 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\Documents\Albelli Photo books

[2012/06/01 18:37:09 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Albelli Photo books

[2012/06/01 18:37:08 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\Albelli Photo books

[2012/06/01 08:34:20 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{1FB0A941-BB83-44FC-9193-E2EA8DFA4007}

[2012/06/01 08:34:09 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{875DA443-92D4-4189-B0B5-36B787C8A974}

[2012/05/31 20:33:56 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{4FB20D5E-F1F3-457B-AB50-C80B9C89E8AE}

[2012/05/31 20:33:44 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{7E826CF9-ECEB-4EFD-8A18-48817DD5A570}

[2012/05/31 08:33:19 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{AD897653-D109-44AC-9908-CB01A91A6CE1}

[2012/05/31 08:33:07 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{29F2AB1B-1C76-475B-923B-D394CA5698D7}

[2012/05/30 20:32:41 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{877F431C-6A28-48A7-ABE2-2A59ABC4095C}

[2012/05/30 20:32:29 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{6B06B411-C7BF-4957-BD2A-A0955E78F7A5}

[2012/05/30 17:03:10 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2012/05/30 08:32:04 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{7C4CE855-E92D-44B8-A811-7A384FC418A7}

[2012/05/30 08:31:52 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{CCDFBDB9-D5D6-4EF5-9A0B-01A83953D2A8}

[2012/05/29 20:31:40 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{690C766D-D451-4448-895D-6C469D2857AD}

[2012/05/29 20:31:28 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{EA65894B-F840-4CCC-A152-BCEB2AD953E1}

[2012/05/29 08:31:16 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{9DE8523E-A0F6-4A8E-8340-10A44DF1C8E5}

[2012/05/28 20:30:52 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{F5333B40-0B59-4473-951E-11F5521F66B4}

[2012/05/28 20:30:41 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{DBC8330C-A2D9-4EFF-B79F-59F518B5EF4F}

[2012/05/28 20:30:19 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{8070981D-FACC-409F-8A97-87CA25D9C860}

[2012/05/28 08:30:06 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{A3739A5B-DA57-44EE-8D0E-330E0F5D4A43}

[2012/05/28 08:29:56 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{E054B536-534A-4F16-BCC0-530C517B389A}

[2012/05/28 08:29:45 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{71E08792-9D45-47FD-85E6-D95B2846334A}

[2012/05/27 20:29:21 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{135E3856-3A43-4B82-AD6A-3C44F41A0C2C}

[2012/05/27 20:29:10 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{CFA0DCC5-EAEA-43D3-B9E6-59F3C40DB660}

[2012/05/27 20:28:59 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{7641D7AF-1711-4D6D-9A5B-D54A87453F96}

[2012/05/27 08:28:32 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{3CA5186F-0D45-4519-962E-F2A050352638}

[2012/05/26 20:28:08 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{27917BFD-DA29-4125-8C6E-384816AA05C4}

[2012/05/26 20:27:57 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{82CB98CB-63B0-426E-BADA-435AE9DBC2BD}

[2012/05/26 20:27:36 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{D3702EA3-BFCB-4A94-B579-A2FEEC7B4AA1}

[2012/05/26 08:27:23 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{A8CAEB68-8C73-4C92-957A-6921F45E1979}

[2012/05/26 08:27:13 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{6B194D85-353E-4B2F-8897-651F9D9AD435}

[2012/05/26 08:26:51 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{4417638D-B136-4106-90DE-AC9A666AFD2F}

[2012/05/25 20:26:38 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{85CB08FE-77C2-40AD-9B82-8149D9F84CE1}

[2012/05/25 20:26:27 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{87F8ADC1-0016-4925-8B08-DE8FA11AC1F1}

[2012/05/25 16:09:33 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/05/25 08:26:03 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{D58E5D09-E434-42E4-B6D3-7F64BC746BE0}

[2012/05/25 08:25:52 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{B9DFA5BC-3285-4218-9C48-DD57862ECFBF}

[2012/05/25 08:25:30 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{56EB12FC-5775-490E-AF60-1C73BD46026C}

[2012/05/24 20:25:17 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{61CE10B6-96BB-44D2-8BA8-51FC8A129DAC}

[2012/05/24 20:25:06 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{CA6683AD-5DEC-4128-8C3A-D0D822587BC0}

[2012/05/24 08:24:42 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{01743EAD-47D0-4AC0-9F19-1823D2A5F947}

[2012/05/23 20:24:14 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{2D697A99-95AB-4406-9F6D-27EAEAC8EBE9}

[2012/05/23 20:23:58 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{C2A7B10F-B7C4-4237-A2F1-A93F94402CED}

[2012/05/23 20:23:39 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{1C7F2A2B-88F9-4C48-9882-C03F32A67551}

[2012/05/22 18:15:20 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{E26918E7-1922-4267-98CE-4A2C7D3B50DB}

[2012/05/22 18:15:09 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{DFF4CB0F-33ED-4262-937B-499AE2531910}

[2012/05/22 06:14:43 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{A3B71060-FE5B-4E56-8CD2-1FDD93B6CF11}

[2012/05/22 06:14:32 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{0BC81C66-07D3-484D-BB22-F3B067FDA546}

[2012/05/21 18:14:07 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{0725E74A-5CAC-4B37-AD39-91DF3C2FC5E2}

[2012/05/21 18:13:56 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{FC1B5D96-9CDD-4AA1-910B-42F1A5A01253}

[2012/05/21 18:13:45 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{4FB162A3-4A08-4F48-8071-9B44CB6A92C1}

[2012/05/21 06:13:22 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{2A834925-768F-4CD4-A02C-9987EE041311}

[2012/05/21 06:13:11 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{E5CBAEF8-24AE-45F6-B34B-AEDFC807881B}

[2012/05/21 06:13:00 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{818C98E9-9163-4B63-B675-722F1DCECFD0}

[2012/05/20 18:12:37 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{0C345EE1-50F9-44C7-95E8-083BF8A750FA}

[2012/05/20 18:12:26 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{06FDC4DD-6927-4D69-8FAA-7480FCE5B919}

[2012/05/20 18:12:15 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{4861B13B-017C-4762-92BA-83A060CE4493}

[2012/05/20 18:12:03 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{F5F22E01-72C6-4821-B57A-16C520790922}

[2012/05/20 15:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync

[2012/05/20 15:17:27 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

[2012/05/20 15:06:58 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\Htc

[2012/05/20 14:34:34 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Roaming\HTC

[2012/05/20 14:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC

[2012/05/20 14:25:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications

[2012/05/20 14:24:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC

[2012/05/20 14:24:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

[2012/05/20 14:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2012/05/20 06:11:38 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{9128DA31-E64E-48AE-9E2A-666174BD5079}

[2012/05/20 06:11:27 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{3FFE2030-FAE3-4586-B0E6-7BFAB44945C4}

[2012/05/19 18:11:14 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{EBA008BE-DD9F-433A-9156-E8BF4EB4AF9D}

[2012/05/19 18:11:03 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{BFB54227-D70C-42BA-BB2B-BB25E5BB5F32}

[2012/05/18 04:26:57 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{7B96D8CA-5D60-4F96-A5EA-9DA19D646AB7}

[2012/05/18 04:26:46 | 000,000,000 | ---D | C] -- C:\Users\Kkthnx\AppData\Local\{D26AA30E-BCAE-4E23-A98D-5140AF3E413A}

[2 C:\Users\Kkthnx\Documents\*.tmp files -> C:\Users\Kkthnx\Documents\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/16 19:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/16 19:27:07 | 000,000,512 | ---- | M] () -- C:\Users\Kkthnx\Desktop\MBR.dat

[2012/06/16 19:25:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kkthnx\Desktop\OTL.exe

[2012/06/16 19:21:57 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kkthnx\Desktop\tdsskiller.exe

[2012/06/16 19:21:57 | 000,014,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/16 19:21:57 | 000,014,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/16 19:20:13 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Kkthnx\Desktop\aswMBR.exe

[2012/06/16 19:14:46 | 000,001,104 | ---- | M] () -- C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2012/06/16 19:14:37 | 000,000,924 | ---- | M] () -- C:\Users\Kkthnx\Desktop\NTREGOPT.lnk

[2012/06/16 19:14:37 | 000,000,905 | ---- | M] () -- C:\Users\Kkthnx\Desktop\ERUNT.lnk

[2012/06/16 19:14:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1779838713-1673122979-475417329-1001UA.job

[2012/06/16 18:57:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/06/16 18:57:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/06/16 18:13:54 | 000,213,050 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

[2012/06/16 17:06:55 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/06/16 17:06:55 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/06/16 17:06:55 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/06/16 16:56:48 | 000,416,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/06/16 16:56:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/16 16:56:14 | 4287,930,366 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/16 12:04:33 | 000,014,848 | ---- | M] () -- C:\Users\Kkthnx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/06/16 09:49:52 | 100,503,311 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2012/06/15 16:14:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1779838713-1673122979-475417329-1001Core.job

[2012/06/13 18:03:28 | 003,618,206 | ---- | M] () -- C:\Users\Kkthnx\Desktop\DSC01213.JPG

[2012/06/12 09:20:22 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk

[2012/06/10 17:40:33 | 000,034,764 | ---- | M] () -- C:\Users\Kkthnx\AppData\Local\dt.dat

[2012/06/10 16:16:20 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\Legends of Norrath.lnk

[2012/06/06 20:51:21 | 000,001,166 | ---- | M] () -- C:\Users\Kkthnx\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk

[2012/06/03 18:10:45 | 000,000,335 | ---- | M] () -- C:\Windows\mozregistry.dat

[2012/06/02 06:17:21 | 000,059,329 | ---- | M] () -- C:\Users\Kkthnx\Desktop\Safe.2012.RC.BDRip.XviD.AC3.5-1.HQ.Hive-CM8(1).torrent

[2012/06/01 18:46:30 | 000,006,952 | ---- | M] () -- C:\Users\Kkthnx\Desktop\fortescue-coat-of-arms-98fix.jpg

[2012/06/01 18:45:53 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk

[2012/06/01 18:44:29 | 000,028,427 | ---- | M] () -- C:\Users\Kkthnx\Desktop\fortescue-coat-of-arms-98.jpg

[2012/06/01 18:42:34 | 000,043,191 | ---- | M] () -- C:\Users\Kkthnx\Desktop\fortescue_family_crest_speckcase-p176286186643536524vu1z1_400.jpg

[2012/06/01 18:42:27 | 000,008,006 | ---- | M] () -- C:\Users\Kkthnx\Desktop\fortescue2.jpg

[2012/06/01 18:37:13 | 000,001,908 | ---- | M] () -- C:\Users\Kkthnx\Desktop\Albelli Photo books.lnk

[2012/06/01 16:05:20 | 000,033,385 | ---- | M] () -- C:\Users\Kkthnx\Desktop\random.jpg

[2012/05/31 19:52:43 | 000,050,336 | ---- | M] () -- C:\Users\Kkthnx\Desktop\Bang.Bus.37.2012.XXX.DVDRip.XviD-CiCXXX.torrent

[2012/05/31 17:58:45 | 000,002,398 | ---- | M] () -- C:\Users\Kkthnx\Desktop\Men In Black 3 2012 PROPER TS Xvid New Video UnKnOwN.torrent

[2012/05/30 21:10:07 | 000,064,795 | ---- | M] () -- C:\Users\Kkthnx\Desktop\Man.on.a.Ledge.2012.BDRip.XVID.AC3.HQ.Hive-CM8.torrent

[2012/05/30 20:39:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs

[2012/05/30 20:34:45 | 000,007,600 | ---- | M] () -- C:\Users\Kkthnx\AppData\Local\resmon.resmoncfg

[2012/05/30 20:23:19 | 1138,312,663 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/05/27 14:09:06 | 000,000,107 | ---- | M] () -- C:\Windows\Zones.ini

[2012/05/20 15:39:08 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk

[2012/05/20 15:05:02 | 000,001,437 | ---- | M] () -- C:\Users\Kkthnx\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/05/18 03:06:48 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/05/18 02:58:39 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/05/18 02:58:15 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/05/18 02:55:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/05/18 02:55:06 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/05/18 02:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/05/18 02:47:42 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/05/17 23:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/05/17 23:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/05/17 23:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/05/17 23:29:30 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/05/17 23:25:17 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/05/17 23:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2 C:\Users\Kkthnx\Documents\*.tmp files -> C:\Users\Kkthnx\Documents\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/16 19:27:07 | 000,000,512 | ---- | C] () -- C:\Users\Kkthnx\Desktop\MBR.dat

[2012/06/16 19:14:46 | 000,001,104 | ---- | C] () -- C:\Users\Kkthnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2012/06/16 19:14:37 | 000,000,924 | ---- | C] () -- C:\Users\Kkthnx\Desktop\NTREGOPT.lnk

[2012/06/16 19:14:37 | 000,000,905 | ---- | C] () -- C:\Users\Kkthnx\Desktop\ERUNT.lnk

[2012/06/13 18:04:49 | 003,618,206 | ---- | C] () -- C:\Users\Kkthnx\Desktop\DSC01213.JPG

[2012/06/10 17:40:33 | 000,034,764 | ---- | C] () -- C:\Users\Kkthnx\AppData\Local\dt.dat

[2012/06/10 15:39:22 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\Legends of Norrath.lnk

[2012/06/06 20:51:21 | 000,001,166 | ---- | C] () -- C:\Users\Kkthnx\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk

[2012/06/03 18:10:45 | 000,000,335 | ---- | C] () -- C:\Windows\mozregistry.dat

[2012/06/02 06:17:21 | 000,059,329 | ---- | C] () -- C:\Users\Kkthnx\Desktop\Safe.2012.RC.BDRip.XviD.AC3.5-1.HQ.Hive-CM8(1).torrent

[2012/06/01 18:50:02 | 000,008,006 | ---- | C] () -- C:\Users\Kkthnx\Desktop\fortescue2.jpg

[2012/06/01 18:46:30 | 000,006,952 | ---- | C] () -- C:\Users\Kkthnx\Desktop\fortescue-coat-of-arms-98fix.jpg

[2012/06/01 18:44:57 | 000,028,427 | ---- | C] () -- C:\Users\Kkthnx\Desktop\fortescue-coat-of-arms-98.jpg

[2012/06/01 18:42:45 | 000,043,191 | ---- | C] () -- C:\Users\Kkthnx\Desktop\fortescue_family_crest_speckcase-p176286186643536524vu1z1_400.jpg

[2012/06/01 18:37:13 | 000,001,908 | ---- | C] () -- C:\Users\Kkthnx\Desktop\Albelli Photo books.lnk

[2012/06/01 16:02:08 | 000,033,385 | ---- | C] () -- C:\Users\Kkthnx\Desktop\random.jpg

[2012/05/31 19:52:43 | 000,050,336 | ---- | C] () -- C:\Users\Kkthnx\Desktop\Bang.Bus.37.2012.XXX.DVDRip.XviD-CiCXXX.torrent

[2012/05/31 17:58:45 | 000,002,398 | ---- | C] () -- C:\Users\Kkthnx\Desktop\Men In Black 3 2012 PROPER TS Xvid New Video UnKnOwN.torrent

[2012/05/30 21:10:07 | 000,064,795 | ---- | C] () -- C:\Users\Kkthnx\Desktop\Man.on.a.Ledge.2012.BDRip.XVID.AC3.HQ.Hive-CM8.torrent

[2012/05/30 20:23:19 | 1138,312,663 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/05/27 14:08:51 | 000,000,107 | ---- | C] () -- C:\Windows\Zones.ini

[2012/05/25 16:09:19 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1779838713-1673122979-475417329-1001UA.job

[2012/05/25 16:09:18 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1779838713-1673122979-475417329-1001Core.job

[2012/05/21 20:53:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs

[2012/05/20 15:39:08 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk

[2012/05/08 21:50:23 | 000,007,600 | ---- | C] () -- C:\Users\Kkthnx\AppData\Local\resmon.resmoncfg

[2012/04/27 19:48:55 | 000,186,844 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2012/04/22 19:57:28 | 000,014,848 | ---- | C] () -- C:\Users\Kkthnx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/04/21 18:25:12 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2012/04/21 17:20:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012/04/21 17:07:34 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/03/09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/03/09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/03/02 07:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2011/03/02 07:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2011/03/02 07:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2011/03/02 07:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2011/03/02 07:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

========== LOP Check ==========

[2012/06/06 20:53:31 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\AVG

[2012/04/21 19:38:50 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\AVG2012

[2012/05/20 15:07:05 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\HTC

[2012/05/20 15:17:27 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

[2012/04/21 18:54:02 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\Leadertech

[2012/05/09 00:00:25 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\NASNaviator2

[2012/04/22 19:57:08 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\Research In Motion

[2012/05/16 17:36:45 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\Samsung

[2012/04/28 16:14:30 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\TeamViewer

[2012/05/16 18:37:56 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\Temp

[2012/04/28 14:34:43 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\ts3overlay

[2012/05/06 14:43:48 | 000,000,000 | ---D | M] -- C:\Users\Kkthnx\AppData\Roaming\Windows Live Writer

[2009/07/14 06:08:49 | 000,009,046 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

OTL Extras logfile created on: 16/06/2012 19:39:21 - Run 1

OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Kkthnx\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

15.99 Gb Total Physical Memory | 11.15 Gb Available Physical Memory | 69.74% Memory free

31.98 Gb Paging File | 26.26 Gb Available in Paging File | 82.12% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 251.92 Gb Free Space | 54.10% Space Free | Partition Type: NTFS

Drive D: | 233.76 Gb Total Space | 11.62 Gb Free Space | 4.97% Space Free | Partition Type: NTFS

Drive E: | 1.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive F: | 917.07 Gb Total Space | 467.70 Gb Free Space | 51.00% Space Free | Partition Type: NTFS

Drive G: | 917.07 Gb Total Space | 625.00 Gb Free Space | 68.15% Space Free | Partition Type: NTFS

Drive H: | 451.41 Gb Total Space | 398.90 Gb Free Space | 88.37% Space Free | Partition Type: NTFS

Drive I: | 358.28 Gb Total Space | 234.73 Gb Free Space | 65.52% Space Free | Partition Type: NTFS

Drive J: | 3696.91 Gb Total Space | 3621.68 Gb Free Space | 97.97% Space Free | Partition Type: NTFS

Drive K: | 358.28 Gb Total Space | 234.73 Gb Free Space | 65.52% Space Free | Partition Type: NTFS

Drive L: | 1.83 Gb Total Space | 1.82 Gb Free Space | 99.40% Space Free | Partition Type: FAT

Link to post
Share on other sites

Computer Name: KKTHNX-PC | User Name: Kkthnx | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03109532-3286-422B-9A73-1294BF173E77}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{20CC0F94-7B1D-4212-81D9-EA2BDF4F662B}" = rport=137 | protocol=17 | dir=out | app=system |

"{3741FD20-DC92-4E62-96F0-8819FDD75218}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

"{4012471E-29FD-4B3B-AB8A-9E480358EDA5}" = lport=138 | protocol=17 | dir=in | app=system |

"{410C722F-9605-4ABD-9C3B-2DADEA631629}" = lport=19540 | protocol=17 | dir=in | name=sxuptp |

"{44C03FE9-0316-410F-B72F-1C1DE3B6EBBE}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

"{4C082241-69E1-47ED-A4F0-1A14C97DD9FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |

"{4E8D6D3F-8BB3-40F0-B7FC-3F492C8FAFF7}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

"{582CCFA8-A1B1-4393-BE2F-E9CA4FAE7C4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6BAD3854-AAE7-40C2-918B-A2B35D22F163}" = lport=139 | protocol=6 | dir=in | app=system |

"{72E23BC5-2C04-4104-87BD-6F621682F101}" = rport=139 | protocol=6 | dir=out | app=system |

"{77CC0975-F4A6-4FFA-8995-FCE80157378B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |

"{8256EC3C-243A-4330-B197-14D68155B679}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{8E67BC46-9DE7-49E4-8926-5E0574AD72E8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |

"{8ED5DC53-3976-45BF-AAF7-1EFEFB6BC7D3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{972AF833-0BA9-4855-9C4A-1741680F84D5}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

"{AFCCC138-E95C-49EA-B0FE-CD79C97516BF}" = rport=445 | protocol=6 | dir=out | app=system |

"{B65CD66D-E89B-4986-B850-342F29C04929}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{BC318D12-A6DA-47C8-B1BB-DAF02BD63CF7}" = lport=137 | protocol=17 | dir=in | app=system |

"{C05B5494-4084-4E08-A9A9-53E2EFC257C2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C099A85C-4C34-4C3F-8834-25FA01C27873}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C0E63225-511C-4F9A-AAAD-076CCCF10357}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D04D0E13-8B15-4268-BDD3-80E3DB8C6C26}" = rport=138 | protocol=17 | dir=out | app=system |

"{D19F0276-D63B-4B7B-B3BE-DA0406498B1C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D1A79A2F-4994-4143-AC9F-E6863E88E05C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{D39BF75F-68E8-4DCB-BBAF-A25320BDD41C}" = lport=445 | protocol=6 | dir=in | app=system |

"{EC092F9B-0F98-4673-930D-7F5365595E45}" = lport=2869 | protocol=6 | dir=in | app=system |

"{EC158EA4-E346-44E6-9794-9574663FB556}" = rport=10243 | protocol=6 | dir=out | app=system |

"{ECA757BA-EDFC-4DD7-9E86-69902A1484EF}" = lport=10243 | protocol=6 | dir=in | app=system |

"{F2C6D28C-2174-485D-969F-2D511D3395EA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |

"{F95E14EE-F161-405A-883A-0DB47B301246}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02FEC314-A7BD-42B7-850E-504DC481C40C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |

"{0FEB2194-413C-452E-B52D-D3C54E267351}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

"{1358B4AC-9753-4806-8727-47B7A871791C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{1554D3E8-4FFE-449C-A8C0-5483A62156BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{1686A5B4-F2CA-4910-AF5A-F0E7C2C866E8}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |

"{170D6F07-C1DC-4D94-9753-9F384CCAADFC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{2CDF6D17-E886-4AF9-95C2-DD6CEE7081D1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{2CFD2D13-2E2F-4943-9046-17DCAAA71A85}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{300C9D2D-C6C6-4E57-9965-88370BD9A8C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{317B2280-E508-4010-9F34-CEA533A9A5E1}" = protocol=6 | dir=out | app=system |

"{384052D1-C261-411B-A8C2-5957595EFB49}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |

"{398F2DD9-2812-41D3-9C14-C536A143511D}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |

"{3F806D0D-6F53-4509-B0EF-E2A6C057CEFB}" = protocol=58 | dir=in | app=system |

"{448BE999-5518-44A4-A816-2C575EAA8C04}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{4931A365-1C02-4B6B-9F9D-6C2A2480AF46}" = protocol=6 | dir=in | app=c:\program files (x86)\nectar search toolbar\troubleshooter.exe |

"{4CBAA2FF-CA00-4C97-A418-3EB3BDE9B36A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |

"{50370C14-5BFA-49A1-B602-45BCDEAC1F99}" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |

"{50C2923B-5EF3-45FB-94FB-45AE3C076962}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{54A63216-E579-4F31-B60B-0D0F07039B42}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{57713688-BC88-4BB7-9624-792A085BA560}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |

"{5C1B1455-EE7F-49F4-9B72-572EF7475672}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{5EF395D3-FCD8-41C9-B42E-ADC9F82D4D1C}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |

"{6245FE47-50A2-408C-B335-F9E90602DF9E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |

"{650EB11F-B11E-4910-A536-55E291C37176}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |

"{69CDD8B9-98BB-4038-8221-4324E7492267}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6B30ED58-9F48-4832-A9BC-3175A7FD32C7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{715C1227-AC07-46EF-AE22-635A2ADD8FFB}" = protocol=17 | dir=in | app=c:\program files (x86)\nectar search toolbar\troubleshooter.exe |

"{7314259B-D60D-43CF-B6C1-60A2FEE5C706}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{75A0B26F-091E-45AC-8CEB-535411DDAFC0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{7677FCFD-2AD0-4304-A98B-A80F287EC6CE}" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |

"{7BDB55D1-5BAE-4052-95B3-FB90FA09F5A0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{932CCB1B-CDE0-4B5F-A2EE-901E0A6C3D5C}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |

"{9806D792-21AF-462A-ABDC-278F1F0609F7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{9DDDD60C-B3C7-4579-8BA6-6D5BE33C8640}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

"{9E9BDC04-91BF-4816-B68E-D19A95213912}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |

"{9FD0586A-0D32-4816-9DB8-D19B0826DCE3}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |

"{9FE9CB4A-38FF-4DA1-9CCF-E147ACFD8D58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A12E3932-4669-4E74-8837-88D99E75FE4D}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |

"{A28A5AC7-5D44-47C7-86CF-D2E4099AFDEF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |

"{A9196B45-7B61-40A9-B6CE-03EE65AD7970}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{AB0A8F41-481D-4D61-9185-C53BE98D4958}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{AFFE5852-1873-4593-852F-45CC26E61214}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |

"{B230F118-D216-451D-BF4B-9ADF6C59000D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{B9C1AC3C-CAA8-4003-9AC8-646EC494A4CA}" = protocol=17 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |

"{B9E87AA2-BB12-4282-8924-91B55C02C1C4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |

"{BB5E386B-FEC9-45EA-9170-02E33360771E}" = protocol=6 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |

"{BF069F11-DBCA-48F4-A95B-F48B00389992}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |

"{C4DCBF26-262E-46A3-B8A8-F6CE7B00BB56}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |

"{C75169DF-1971-4B96-A2F8-D9FB1773B412}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{CD25B79B-4C18-4616-8DC0-8207D4EEF314}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{D0085A35-A6F5-4841-AAD4-55DA88EAE37F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D16C28DB-037C-4374-A01E-D659F5603924}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{DB170881-1BDD-423A-B99D-8BCA596F3F97}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{F3F500CA-91E9-46C9-9D6E-6B7137203542}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |

"{F5622474-F271-490C-81B6-EF404569E222}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |

"{F56953A7-6CFC-4780-A45B-14C9185CB3D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{F6C793E2-55A9-446B-8F9E-64F6A0D5FA35}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{FE95B263-4DCF-43EB-AD9D-45E1D4CD6D79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"TCP Query User{10E3E779-703B-4996-844D-2385D7C1409E}C:\program files\belkin\network usb hub control center\connect.exe" = protocol=6 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |

"TCP Query User{1F4954AD-A30B-43FC-A054-1DBAABAAF91B}D:\program files (x86)\sony\everquest\eqvoiceservice.exe" = protocol=6 | dir=in | app=d:\program files (x86)\sony\everquest\eqvoiceservice.exe |

"TCP Query User{35CA7747-2B06-4263-86CD-128B223C612E}C:\program files (x86)\research in motion\blackberry desktop\rim.desktophelper.exe" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktophelper.exe |

"TCP Query User{6461F739-4F35-4ADC-9673-7CA5092C092C}C:\users\kkthnx\desktop\link\tftpsrv.exe" = protocol=6 | dir=in | app=c:\users\kkthnx\desktop\link\tftpsrv.exe |

"TCP Query User{7C651FC0-DB49-4445-B618-AA56890E1485}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |

"TCP Query User{8A6D73B1-6D7C-45ED-BA68-C9104A804BF4}C:\macroquest2\mq2eqbcs.exe" = protocol=6 | dir=in | app=c:\macroquest2\mq2eqbcs.exe |

"TCP Query User{9616D85F-ECF5-42F4-BA45-D2452AAB9246}C:\macroquest2\mmoloader.exe" = protocol=6 | dir=in | app=c:\macroquest2\mmoloader.exe |

"TCP Query User{9D83F623-D0AD-4E19-98C4-88D6984A881C}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe |

"TCP Query User{CBB71A7E-29FA-411D-854B-DF67DB1D68AB}D:\program files (x86)\sony\legends of norrath\launchpad.exe" = protocol=6 | dir=in | app=d:\program files (x86)\sony\legends of norrath\launchpad.exe |

"TCP Query User{FF752B41-914C-4F9C-BC6E-25EB31F2A778}D:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\program files (x86)\mirc\mirc.exe |

"UDP Query User{155472E4-6380-445C-8C53-5CB8BA1F0E5F}C:\macroquest2\mq2eqbcs.exe" = protocol=17 | dir=in | app=c:\macroquest2\mq2eqbcs.exe |

"UDP Query User{236FF75A-5F22-4096-8482-E7A587302132}C:\macroquest2\mmoloader.exe" = protocol=17 | dir=in | app=c:\macroquest2\mmoloader.exe |

"UDP Query User{30719585-1FE6-416B-8696-71D773F4C34D}C:\users\kkthnx\desktop\link\tftpsrv.exe" = protocol=17 | dir=in | app=c:\users\kkthnx\desktop\link\tftpsrv.exe |

"UDP Query User{4848C665-67B3-40EB-8364-5B6B447AA0D3}D:\program files (x86)\sony\everquest\eqvoiceservice.exe" = protocol=17 | dir=in | app=d:\program files (x86)\sony\everquest\eqvoiceservice.exe |

"UDP Query User{516D2956-9469-459C-A122-3DFA204BF57E}D:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\program files (x86)\mirc\mirc.exe |

"UDP Query User{7DA31594-A5A9-42AD-B7BC-EED7241C858F}C:\program files\belkin\network usb hub control center\connect.exe" = protocol=17 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |

"UDP Query User{C2296C0C-DAB1-45D5-9D9B-FEB9FB4286B7}D:\program files (x86)\sony\legends of norrath\launchpad.exe" = protocol=17 | dir=in | app=d:\program files (x86)\sony\legends of norrath\launchpad.exe |

"UDP Query User{CB4F8064-D52A-49FD-AE7A-740833F23448}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe |

"UDP Query User{D40B3E05-79BC-491F-BC3B-7CA81A79E498}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |

"UDP Query User{FEA0BB18-49AC-44CD-A3A3-8EFDB8D9F793}C:\program files (x86)\research in motion\blackberry desktop\rim.desktophelper.exe" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktophelper.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety

"{06DB2C4C-DC29-DA42-3B00-5581CBF545BB}" = AMD Drag and Drop Transcoding

"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety

"{13815D81-44B6-7ADA-2A41-FFFC64DD6FAB}" = ccc-utility64

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding

"{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7C5CAFD6-F51C-0011-410B-001EF3E342A7}" = AMD Media Foundation Decoders

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{90CB2C55-426D-0752-968D-9B0F1110202A}" = AMD Catalyst Install Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{BFF4A9FB-75F3-4162-84CD-16CE48C19173}" = AVG 2012

"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"AVG" = AVG 2012

"Belkin Network USB Hub Control Center" = Belkin Network USB Hub Control Center

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.60.1

"Logitech Gaming Software" = Logitech Gaming Software 8.20

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional

"{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian

"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater

"{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian

"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common

"{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish

"{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish

"{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai

"{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish

"{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR

"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid

"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean

"{7FB64E72-9B0E-4460-A821-040C341E414A}" = ASUS Ai Charger

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9739666-2235-42F8-85D6-9B4005DC7951}" = Bing Bar

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German

"{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English

"{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding

"{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish

"{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek

"{CC2BAF9A-926F-791D-772C-F582CD8A47B0}" = Catalyst Control Center InstallProxy

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1

"{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D7A89413-FB45-4ECE-A893-32DC87F45554}" = Legends of Norrath

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese

"{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = Catalyst Control Center

"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1

"ERUNT_is1" = ERUNT 1.1j

"ExtractNow_is1" = ExtractNow

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"mIRC" = mIRC

"Nectar Search Toolbar" = Nectar Search Toolbar

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"TeamViewer 7" = TeamViewer 7

"UN060501" = BUFFALO NAS Navigator2

"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{EE19063F-7048-4094-9A1D-D69D9C591119}_is1" = Albelli Photo books

"6f16172c295f43ac" = GamParse

"Google Chrome" = Google Chrome

"SOE-EverQuest" = EverQuest

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 08/05/2012 16:05:21 | Computer Name = Kkthnx-PC | Source = Application Hang | ID = 1002

Description = The program explorer.exe version 6.1.7601.17567 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: e28 Start

Time: 01cd2d53ecf9da13 Termination Time: 24252 Application Path: C:\Windows\explorer.exe

Report

Id: 0cb3574d-9949-11e1-8ae1-bcaec5b6be7c

Error - 08/05/2012 16:08:21 | Computer Name = Kkthnx-PC | Source = Application Hang | ID = 1002

Description = The program explorer.exe version 6.1.7601.17567 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: b34 Start

Time: 01cd2d55d7878733 Termination Time: 7000 Application Path: C:\Windows\explorer.exe

Report

Id: 88726629-9949-11e1-8ae1-bcaec5b6be7c

Error - 08/05/2012 17:24:32 | Computer Name = Kkthnx-PC | Source = Application Hang | ID = 1002

Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: dd4 Start

Time: 01cd2d5b02f5bb45 Termination Time: 60000 Application Path: C:\Windows\Explorer.EXE

Report

Id: 081d870f-9954-11e1-9db4-bcaec5b6be7c

Error - 09/05/2012 04:36:30 | Computer Name = Kkthnx-PC | Source = Application Hang | ID = 1002

Description = The program explorer.exe version 6.1.7601.17567 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: c4c Start

Time: 01cd2d60cfacb8e3 Termination Time: 22964 Application Path: C:\Windows\explorer.exe

Report

Id: 028fef2e-99b2-11e1-9db4-bcaec5b6be7c

Error - 11/05/2012 16:57:48 | Computer Name = Kkthnx-PC | Source = Application Error | ID = 1000

Description = Faulting application name: eqgame.exe, version: 0.0.0.0, time stamp:

0x4fa8cdbd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x77551264 Faulting process id: 0x850 Faulting application

start time: 0x01cd2f7f477024c3 Faulting application path: D:\Program Files (x86)\Sony\EverQuest\eqgame.exe

Faulting

module path: unknown Report Id: f6a3ca47-9bab-11e1-9db4-bcaec5b6be7c

Error - 20/05/2012 10:38:18 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-RestartManager | ID = 10006

Description = Application or service 'adb' could not be shut down.

Error - 27/05/2012 09:07:44 | Computer Name = Kkthnx-PC | Source = Application Error | ID = 1000

Description = Faulting application name: eqgame.exe, version: 0.0.0.0, time stamp:

0x4fad9db8 Faulting module name: MQ2Main.dll_unloaded, version: 0.0.0.0, time stamp:

0x4fb144e5 Exception code: 0xc0000005 Fault offset: 0x032001d8 Faulting process id:

0x1a10 Faulting application start time: 0x01cd3c08688c0b8a Faulting application path:

D:\Program Files (x86)\Sony\EverQuest\eqgame.exe Faulting module path: MQ2Main.dll

Report

Id: f212640f-a7fc-11e1-bd18-bcaec5b6be7c

Error - 27/05/2012 09:07:52 | Computer Name = Kkthnx-PC | Source = Application Error | ID = 1000

Description = Faulting application name: eqgame.exe, version: 0.0.0.0, time stamp:

0x4fad9db8 Faulting module name: MQ2Main.dll_unloaded, version: 0.0.0.0, time stamp:

0x4fb144e5 Exception code: 0xc0000005 Fault offset: 0x037901d8 Faulting process id:

0x1c90 Faulting application start time: 0x01cd3a90a596d80b Faulting application path:

D:\Program Files (x86)\Sony\EverQuest\eqgame.exe Faulting module path: MQ2Main.dll

Report

Id: f6b856dc-a7fc-11e1-bd18-bcaec5b6be7c

Error - 03/06/2012 13:06:04 | Computer Name = Kkthnx-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,

time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc0000005 Fault offset: 0xca62196b Faulting process id:

0x1e9c Faulting application start time: 0x01cd417026b3276d Faulting application path:

C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown

Report

Id: 6663e407-ad9e-11e1-b243-bcaec5b6be7c

Error - 04/06/2012 09:55:20 | Computer Name = Kkthnx-PC | Source = Application Hang | ID = 1002

Description = The program eqgame.exe version 0.0.0.0 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: 1c38 Start Time:

01cd424fc84ca0a3 Termination Time: 60000 Application Path: D:\Program Files (x86)\Sony\EverQuest\eqgame.exe

Report

Id: c0fe3200-ae4c-11e1-b243-bcaec5b6be7c

[ System Events ]

Error - 15/06/2012 08:51:23 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 15/06/2012 08:51:23 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 15/06/2012 09:22:36 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 15/06/2012 09:22:37 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 15/06/2012 10:52:39 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 15/06/2012 22:58:11 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 16/06/2012 11:56:46 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 16/06/2012 11:56:52 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 16/06/2012 11:56:57 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 16/06/2012 11:56:58 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 16/06/2012 19:39:21 - Run 1

OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Kkthnx\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

15.99 Gb Total Physical Memory | 11.15 Gb Available Physical Memory | 69.74% Memory free

31.98 Gb Paging File | 26.26 Gb Available in Paging File | 82.12% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 251.92 Gb Free Space | 54.10% Space Free | Partition Type: NTFS

Drive D: | 233.76 Gb Total Space | 11.62 Gb Free Space | 4.97% Space Free | Partition Type: NTFS

Drive E: | 1.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive F: | 917.07 Gb Total Space | 467.70 Gb Free Space | 51.00% Space Free | Partition Type: NTFS

Drive G: | 917.07 Gb Total Space | 625.00 Gb Free Space | 68.15% Space Free | Partition Type: NTFS

Drive H: | 451.41 Gb Total Space | 398.90 Gb Free Space | 88.37% Space Free | Partition Type: NTFS

Drive I: | 358.28 Gb Total Space | 234.73 Gb Free Space | 65.52% Space Free | Partition Type: NTFS

Drive J: | 3696.91 Gb Total Space | 3621.68 Gb Free Space | 97.97% Space Free | Partition Type: NTFS

Drive K: | 358.28 Gb Total Space | 234.73 Gb Free Space | 65.52% Space Free | Partition Type: NTFS

Drive L: | 1.83 Gb Total Space | 1.82 Gb Free Space | 99.40% Space Free | Partition Type: FAT

Computer Name: KKTHNX-PC | User Name: Kkthnx | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03109532-3286-422B-9A73-1294BF173E77}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{20CC0F94-7B1D-4212-81D9-EA2BDF4F662B}" = rport=137 | protocol=17 | dir=out | app=system |

"{3741FD20-DC92-4E62-96F0-8819FDD75218}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

"{4012471E-29FD-4B3B-AB8A-9E480358EDA5}" = lport=138 | protocol=17 | dir=in | app=system |

"{410C722F-9605-4ABD-9C3B-2DADEA631629}" = lport=19540 | protocol=17 | dir=in | name=sxuptp |

"{44C03FE9-0316-410F-B72F-1C1DE3B6EBBE}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

"{4C082241-69E1-47ED-A4F0-1A14C97DD9FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |

"{4E8D6D3F-8BB3-40F0-B7FC-3F492C8FAFF7}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

"{582CCFA8-A1B1-4393-BE2F-E9CA4FAE7C4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6BAD3854-AAE7-40C2-918B-A2B35D22F163}" = lport=139 | protocol=6 | dir=in | app=system |

"{72E23BC5-2C04-4104-87BD-6F621682F101}" = rport=139 | protocol=6 | dir=out | app=system |

"{77CC0975-F4A6-4FFA-8995-FCE80157378B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |

"{8256EC3C-243A-4330-B197-14D68155B679}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{8E67BC46-9DE7-49E4-8926-5E0574AD72E8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |

"{8ED5DC53-3976-45BF-AAF7-1EFEFB6BC7D3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{972AF833-0BA9-4855-9C4A-1741680F84D5}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

"{AFCCC138-E95C-49EA-B0FE-CD79C97516BF}" = rport=445 | protocol=6 | dir=out | app=system |

"{B65CD66D-E89B-4986-B850-342F29C04929}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{BC318D12-A6DA-47C8-B1BB-DAF02BD63CF7}" = lport=137 | protocol=17 | dir=in | app=system |

"{C05B5494-4084-4E08-A9A9-53E2EFC257C2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C099A85C-4C34-4C3F-8834-25FA01C27873}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C0E63225-511C-4F9A-AAAD-076CCCF10357}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D04D0E13-8B15-4268-BDD3-80E3DB8C6C26}" = rport=138 | protocol=17 | dir=out | app=system |

"{D19F0276-D63B-4B7B-B3BE-DA0406498B1C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D1A79A2F-4994-4143-AC9F-E6863E88E05C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{D39BF75F-68E8-4DCB-BBAF-A25320BDD41C}" = lport=445 | protocol=6 | dir=in | app=system |

"{EC092F9B-0F98-4673-930D-7F5365595E45}" = lport=2869 | protocol=6 | dir=in | app=system |

"{EC158EA4-E346-44E6-9794-9574663FB556}" = rport=10243 | protocol=6 | dir=out | app=system |

"{ECA757BA-EDFC-4DD7-9E86-69902A1484EF}" = lport=10243 | protocol=6 | dir=in | app=system |

"{F2C6D28C-2174-485D-969F-2D511D3395EA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |

"{F95E14EE-F161-405A-883A-0DB47B301246}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02FEC314-A7BD-42B7-850E-504DC481C40C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |

"{0FEB2194-413C-452E-B52D-D3C54E267351}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

"{1358B4AC-9753-4806-8727-47B7A871791C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{1554D3E8-4FFE-449C-A8C0-5483A62156BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{1686A5B4-F2CA-4910-AF5A-F0E7C2C866E8}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |

"{170D6F07-C1DC-4D94-9753-9F384CCAADFC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{2CDF6D17-E886-4AF9-95C2-DD6CEE7081D1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{2CFD2D13-2E2F-4943-9046-17DCAAA71A85}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{300C9D2D-C6C6-4E57-9965-88370BD9A8C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{317B2280-E508-4010-9F34-CEA533A9A5E1}" = protocol=6 | dir=out | app=system |

"{384052D1-C261-411B-A8C2-5957595EFB49}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |

"{398F2DD9-2812-41D3-9C14-C536A143511D}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |

"{3F806D0D-6F53-4509-B0EF-E2A6C057CEFB}" = protocol=58 | dir=in | app=system |

"{448BE999-5518-44A4-A816-2C575EAA8C04}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{4931A365-1C02-4B6B-9F9D-6C2A2480AF46}" = protocol=6 | dir=in | app=c:\program files (x86)\nectar search toolbar\troubleshooter.exe |

"{4CBAA2FF-CA00-4C97-A418-3EB3BDE9B36A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |

"{50370C14-5BFA-49A1-B602-45BCDEAC1F99}" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |

"{50C2923B-5EF3-45FB-94FB-45AE3C076962}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{54A63216-E579-4F31-B60B-0D0F07039B42}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{57713688-BC88-4BB7-9624-792A085BA560}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |

"{5C1B1455-EE7F-49F4-9B72-572EF7475672}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{5EF395D3-FCD8-41C9-B42E-ADC9F82D4D1C}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |

"{6245FE47-50A2-408C-B335-F9E90602DF9E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |

"{650EB11F-B11E-4910-A536-55E291C37176}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |

"{69CDD8B9-98BB-4038-8221-4324E7492267}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6B30ED58-9F48-4832-A9BC-3175A7FD32C7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{715C1227-AC07-46EF-AE22-635A2ADD8FFB}" = protocol=17 | dir=in | app=c:\program files (x86)\nectar search toolbar\troubleshooter.exe |

"{7314259B-D60D-43CF-B6C1-60A2FEE5C706}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{75A0B26F-091E-45AC-8CEB-535411DDAFC0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{7677FCFD-2AD0-4304-A98B-A80F287EC6CE}" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |

"{7BDB55D1-5BAE-4052-95B3-FB90FA09F5A0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{932CCB1B-CDE0-4B5F-A2EE-901E0A6C3D5C}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |

"{9806D792-21AF-462A-ABDC-278F1F0609F7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{9DDDD60C-B3C7-4579-8BA6-6D5BE33C8640}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

"{9E9BDC04-91BF-4816-B68E-D19A95213912}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |

"{9FD0586A-0D32-4816-9DB8-D19B0826DCE3}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |

"{9FE9CB4A-38FF-4DA1-9CCF-E147ACFD8D58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A12E3932-4669-4E74-8837-88D99E75FE4D}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |

"{A28A5AC7-5D44-47C7-86CF-D2E4099AFDEF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |

"{A9196B45-7B61-40A9-B6CE-03EE65AD7970}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{AB0A8F41-481D-4D61-9185-C53BE98D4958}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{AFFE5852-1873-4593-852F-45CC26E61214}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |

"{B230F118-D216-451D-BF4B-9ADF6C59000D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{B9C1AC3C-CAA8-4003-9AC8-646EC494A4CA}" = protocol=17 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |

"{B9E87AA2-BB12-4282-8924-91B55C02C1C4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |

"{BB5E386B-FEC9-45EA-9170-02E33360771E}" = protocol=6 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |

"{BF069F11-DBCA-48F4-A95B-F48B00389992}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |

"{C4DCBF26-262E-46A3-B8A8-F6CE7B00BB56}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |

"{C75169DF-1971-4B96-A2F8-D9FB1773B412}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{CD25B79B-4C18-4616-8DC0-8207D4EEF314}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{D0085A35-A6F5-4841-AAD4-55DA88EAE37F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D16C28DB-037C-4374-A01E-D659F5603924}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{DB170881-1BDD-423A-B99D-8BCA596F3F97}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{F3F500CA-91E9-46C9-9D6E-6B7137203542}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |

"{F5622474-F271-490C-81B6-EF404569E222}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |

"{F56953A7-6CFC-4780-A45B-14C9185CB3D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{F6C793E2-55A9-446B-8F9E-64F6A0D5FA35}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{FE95B263-4DCF-43EB-AD9D-45E1D4CD6D79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"TCP Query User{10E3E779-703B-4996-844D-2385D7C1409E}C:\program files\belkin\network usb hub control center\connect.exe" = protocol=6 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |

"TCP Query User{1F4954AD-A30B-43FC-A054-1DBAABAAF91B}D:\program files (x86)\sony\everquest\eqvoiceservice.exe" = protocol=6 | dir=in | app=d:\program files (x86)\sony\everquest\eqvoiceservice.exe |

"TCP Query User{35CA7747-2B06-4263-86CD-128B223C612E}C:\program files (x86)\research in motion\blackberry desktop\rim.desktophelper.exe" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktophelper.exe |

"TCP Query User{6461F739-4F35-4ADC-9673-7CA5092C092C}C:\users\kkthnx\desktop\link\tftpsrv.exe" = protocol=6 | dir=in | app=c:\users\kkthnx\desktop\link\tftpsrv.exe |

"TCP Query User{7C651FC0-DB49-4445-B618-AA56890E1485}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |

"TCP Query User{8A6D73B1-6D7C-45ED-BA68-C9104A804BF4}C:\macroquest2\mq2eqbcs.exe" = protocol=6 | dir=in | app=c:\macroquest2\mq2eqbcs.exe |

"TCP Query User{9616D85F-ECF5-42F4-BA45-D2452AAB9246}C:\macroquest2\mmoloader.exe" = protocol=6 | dir=in | app=c:\macroquest2\mmoloader.exe |

"TCP Query User{9D83F623-D0AD-4E19-98C4-88D6984A881C}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe |

"TCP Query User{CBB71A7E-29FA-411D-854B-DF67DB1D68AB}D:\program files (x86)\sony\legends of norrath\launchpad.exe" = protocol=6 | dir=in | app=d:\program files (x86)\sony\legends of norrath\launchpad.exe |

"TCP Query User{FF752B41-914C-4F9C-BC6E-25EB31F2A778}D:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\program files (x86)\mirc\mirc.exe |

"UDP Query User{155472E4-6380-445C-8C53-5CB8BA1F0E5F}C:\macroquest2\mq2eqbcs.exe" = protocol=17 | dir=in | app=c:\macroquest2\mq2eqbcs.exe |

"UDP Query User{236FF75A-5F22-4096-8482-E7A587302132}C:\macroquest2\mmoloader.exe" = protocol=17 | dir=in | app=c:\macroquest2\mmoloader.exe |

"UDP Query User{30719585-1FE6-416B-8696-71D773F4C34D}C:\users\kkthnx\desktop\link\tftpsrv.exe" = protocol=17 | dir=in | app=c:\users\kkthnx\desktop\link\tftpsrv.exe |

"UDP Query User{4848C665-67B3-40EB-8364-5B6B447AA0D3}D:\program files (x86)\sony\everquest\eqvoiceservice.exe" = protocol=17 | dir=in | app=d:\program files (x86)\sony\everquest\eqvoiceservice.exe |

"UDP Query User{516D2956-9469-459C-A122-3DFA204BF57E}D:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\program files (x86)\mirc\mirc.exe |

"UDP Query User{7DA31594-A5A9-42AD-B7BC-EED7241C858F}C:\program files\belkin\network usb hub control center\connect.exe" = protocol=17 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |

"UDP Query User{C2296C0C-DAB1-45D5-9D9B-FEB9FB4286B7}D:\program files (x86)\sony\legends of norrath\launchpad.exe" = protocol=17 | dir=in | app=d:\program files (x86)\sony\legends of norrath\launchpad.exe |

"UDP Query User{CB4F8064-D52A-49FD-AE7A-740833F23448}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe |

"UDP Query User{D40B3E05-79BC-491F-BC3B-7CA81A79E498}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |

"UDP Query User{FEA0BB18-49AC-44CD-A3A3-8EFDB8D9F793}C:\program files (x86)\research in motion\blackberry desktop\rim.desktophelper.exe" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktophelper.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety

"{06DB2C4C-DC29-DA42-3B00-5581CBF545BB}" = AMD Drag and Drop Transcoding

"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety

"{13815D81-44B6-7ADA-2A41-FFFC64DD6FAB}" = ccc-utility64

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding

"{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7C5CAFD6-F51C-0011-410B-001EF3E342A7}" = AMD Media Foundation Decoders

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{90CB2C55-426D-0752-968D-9B0F1110202A}" = AMD Catalyst Install Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{BFF4A9FB-75F3-4162-84CD-16CE48C19173}" = AVG 2012

"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"AVG" = AVG 2012

"Belkin Network USB Hub Control Center" = Belkin Network USB Hub Control Center

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.60.1

"Logitech Gaming Software" = Logitech Gaming Software 8.20

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional

"{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian

"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater

"{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian

"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common

"{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish

"{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish

"{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai

"{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish

"{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR

"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid

"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean

"{7FB64E72-9B0E-4460-A821-040C341E414A}" = ASUS Ai Charger

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9739666-2235-42F8-85D6-9B4005DC7951}" = Bing Bar

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German

"{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English

"{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding

"{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish

"{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek

"{CC2BAF9A-926F-791D-772C-F582CD8A47B0}" = Catalyst Control Center InstallProxy

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1

"{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D7A89413-FB45-4ECE-A893-32DC87F45554}" = Legends of Norrath

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese

"{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = Catalyst Control Center

"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1

"ERUNT_is1" = ERUNT 1.1j

"ExtractNow_is1" = ExtractNow

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"mIRC" = mIRC

"Nectar Search Toolbar" = Nectar Search Toolbar

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"TeamViewer 7" = TeamViewer 7

"UN060501" = BUFFALO NAS Navigator2

"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{EE19063F-7048-4094-9A1D-D69D9C591119}_is1" = Albelli Photo books

"6f16172c295f43ac" = GamParse

"Google Chrome" = Google Chrome

"SOE-EverQuest" = EverQuest

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 08/05/2012 16:05:21 | Computer Name = Kkthnx-PC | Source = Application Hang | ID = 1002

Description = The program explorer.exe version 6.1.7601.17567 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: e28 Start

Time: 01cd2d53ecf9da13 Termination Time: 24252 Application Path: C:\Windows\explorer.exe

Report

Id: 0cb3574d-9949-11e1-8ae1-bcaec5b6be7c

Error - 08/05/2012 16:08:21 | Computer Name = Kkthnx-PC | Source = Application Hang | ID = 1002

Description = The program explorer.exe version 6.1.7601.17567 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: b34 Start

Time: 01cd2d55d7878733 Termination Time: 7000 Application Path: C:\Windows\explorer.exe

Report

Id: 88726629-9949-11e1-8ae1-bcaec5b6be7c

Error - 08/05/2012 17:24:32 | Computer Name = Kkthnx-PC | Source = Application Hang | ID = 1002

Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: dd4 Start

Time: 01cd2d5b02f5bb45 Termination Time: 60000 Application Path: C:\Windows\Explorer.EXE

Report

Id: 081d870f-9954-11e1-9db4-bcaec5b6be7c

Error - 09/05/2012 04:36:30 | Computer Name = Kkthnx-PC | Source = Application Hang | ID = 1002

Description = The program explorer.exe version 6.1.7601.17567 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: c4c Start

Time: 01cd2d60cfacb8e3 Termination Time: 22964 Application Path: C:\Windows\explorer.exe

Report

Id: 028fef2e-99b2-11e1-9db4-bcaec5b6be7c

Error - 11/05/2012 16:57:48 | Computer Name = Kkthnx-PC | Source = Application Error | ID = 1000

Description = Faulting application name: eqgame.exe, version: 0.0.0.0, time stamp:

0x4fa8cdbd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x77551264 Faulting process id: 0x850 Faulting application

start time: 0x01cd2f7f477024c3 Faulting application path: D:\Program Files (x86)\Sony\EverQuest\eqgame.exe

Faulting

module path: unknown Report Id: f6a3ca47-9bab-11e1-9db4-bcaec5b6be7c

Error - 20/05/2012 10:38:18 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-RestartManager | ID = 10006

Description = Application or service 'adb' could not be shut down.

Error - 27/05/2012 09:07:44 | Computer Name = Kkthnx-PC | Source = Application Error | ID = 1000

Description = Faulting application name: eqgame.exe, version: 0.0.0.0, time stamp:

0x4fad9db8 Faulting module name: MQ2Main.dll_unloaded, version: 0.0.0.0, time stamp:

0x4fb144e5 Exception code: 0xc0000005 Fault offset: 0x032001d8 Faulting process id:

0x1a10 Faulting application start time: 0x01cd3c08688c0b8a Faulting application path:

D:\Program Files (x86)\Sony\EverQuest\eqgame.exe Faulting module path: MQ2Main.dll

Report

Id: f212640f-a7fc-11e1-bd18-bcaec5b6be7c

Error - 27/05/2012 09:07:52 | Computer Name = Kkthnx-PC | Source = Application Error | ID = 1000

Description = Faulting application name: eqgame.exe, version: 0.0.0.0, time stamp:

0x4fad9db8 Faulting module name: MQ2Main.dll_unloaded, version: 0.0.0.0, time stamp:

0x4fb144e5 Exception code: 0xc0000005 Fault offset: 0x037901d8 Faulting process id:

0x1c90 Faulting application start time: 0x01cd3a90a596d80b Faulting application path:

D:\Program Files (x86)\Sony\EverQuest\eqgame.exe Faulting module path: MQ2Main.dll

Report

Id: f6b856dc-a7fc-11e1-bd18-bcaec5b6be7c

Error - 03/06/2012 13:06:04 | Computer Name = Kkthnx-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,

time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc0000005 Fault offset: 0xca62196b Faulting process id:

0x1e9c Faulting application start time: 0x01cd417026b3276d Faulting application path:

C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown

Report

Id: 6663e407-ad9e-11e1-b243-bcaec5b6be7c

Error - 04/06/2012 09:55:20 | Computer Name = Kkthnx-PC | Source = Application Hang | ID = 1002

Description = The program eqgame.exe version 0.0.0.0 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: 1c38 Start Time:

01cd424fc84ca0a3 Termination Time: 60000 Application Path: D:\Program Files (x86)\Sony\EverQuest\eqgame.exe

Report

Id: c0fe3200-ae4c-11e1-b243-bcaec5b6be7c

[ System Events ]

Error - 15/06/2012 08:51:23 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 15/06/2012 08:51:23 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 15/06/2012 09:22:36 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 15/06/2012 09:22:37 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 15/06/2012 10:52:39 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 15/06/2012 22:58:11 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 16/06/2012 11:56:46 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 16/06/2012 11:56:52 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 16/06/2012 11:56:57 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 16/06/2012 11:56:58 | Computer Name = Kkthnx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

< End of report >

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.41

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG Anti-Virus Free Edition 2012

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

AVG PC Tuneup

Adobe Reader X (10.1.3)

Google Chrome 19.0.1084.52

Google Chrome 19.0.1084.56

````````Process Check: objlist.exe by Laurent````````

AVG avgwdsvc.exe

AVG avgtray.exe

Trend Micro HiJackThis HiJackThis.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member kkthnx only. If you are a casual viewer, do NOT try this on your system!

If you are not kkthnx and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1

Turn off your AVG2012 antivirus so that it does not interfere

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :files
    recycler /alldrives
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the customFix.png window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button runFixbutton.png.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Turn off your AVG2012 antivirus so that it does not interfere

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Re-enable your antivirus.

Reply with copy of OTL MovedFiles log and C:\Combofix.txt

Link to post
Share on other sites

All processes killed

========== PROCESSES ==========

========== FILES ==========

recycler not found in C:\

recycler not found in D:\

recycler not found in E:\

recycler not found in F:\

recycler not found in G:\

recycler not found in H:\

recycler not found in I:\

recycler not found in J:\

recycler not found in K:\

recycler not found in L:\

========== COMMANDS ==========

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Kkthnx

->Temp folder emptied: 49045747 bytes

->Temporary Internet Files folder emptied: 269407165 bytes

->Google Chrome cache emptied: 62881985 bytes

->Apple Safari cache emptied: 14817280 bytes

->Flash cache emptied: 1408 bytes

User: Lisa

->Temp folder emptied: 539787 bytes

->Temporary Internet Files folder emptied: 114768487 bytes

->Flash cache emptied: 901 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 242596 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 17049005024 bytes

Total Files Cleaned = 16,747.00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Kkthnx

->Flash cache emptied: 0 bytes

User: Lisa

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.49.0 log created on 06172012_155824

Files\Folders moved on Reboot...

C:\Users\Kkthnx\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Link to post
Share on other sites

ComboFix 12-06-16.02 - Kkthnx 17/06/2012 16:08:16.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16375.14199 [GMT 1:00]

Running from: c:\users\Kkthnx\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\Kkthnx\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll

c:\users\Kkthnx\Desktop\Setup.exe

c:\users\Kkthnx\Documents\~WRL0001.tmp

c:\users\Kkthnx\Documents\~WRL0002.tmp

c:\windows\security\Database\tmp.edb

c:\windows\SysWow64\muzapp.exe

c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete

c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete

.

.

((((((((((((((((((((((((( Files Created from 2012-05-17 to 2012-06-17 )))))))))))))))))))))))))))))))

.

.

2012-06-17 15:14 . 2012-06-17 15:14 -------- d-----w- c:\users\Lisa\AppData\Local\temp

2012-06-17 15:14 . 2012-06-17 15:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-17 14:58 . 2012-06-17 14:58 -------- d-----w- C:\_OTL

2012-06-16 18:23 . 2012-06-16 22:55 -------- d-----w- C:\ARK

2012-06-16 18:14 . 2012-06-16 18:14 -------- d-----w- c:\program files (x86)\ERUNT

2012-06-15 04:54 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-15 04:53 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-15 04:53 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-12 12:49 . 2012-06-12 12:49 -------- d-----w- c:\program files (x86)\Nectar Search Toolbar

2012-06-06 19:52 . 2012-06-06 19:53 -------- d-----w- c:\users\Kkthnx\AppData\Roaming\AVG

2012-06-01 17:37 . 2012-06-01 17:37 -------- d-----w- c:\users\Kkthnx\AppData\Local\Albelli Photo books

2012-05-30 16:03 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-30 16:03 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-30 16:03 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-30 16:02 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-30 16:01 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-30 16:01 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-30 16:01 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-30 16:01 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-30 16:01 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-28 08:43 . 2012-05-28 08:43 -------- d-----w- c:\users\Lisa\AppData\Local\Htc

2012-05-28 08:43 . 2012-05-28 08:43 -------- d-----w- c:\users\Lisa\AppData\Roaming\HTC

2012-05-20 14:06 . 2012-06-17 15:04 -------- d-----w- c:\users\Kkthnx\AppData\Local\Htc

2012-05-20 13:34 . 2012-05-20 14:07 -------- d-----w- c:\users\Kkthnx\AppData\Roaming\HTC

2012-05-20 13:25 . 2012-05-20 13:25 -------- d-----w- c:\program files (x86)\Spirent Communications

2012-05-20 13:24 . 2012-05-20 13:34 -------- d-----w- c:\program files (x86)\HTC

2012-05-20 13:24 . 2012-05-20 13:24 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2012-05-20 13:24 . 2012-05-20 13:24 -------- d-----w- c:\program files (x86)\MSXML 4.0

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-12 15:19 . 2012-05-12 15:19 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-05-12 15:19 . 2012-05-12 15:19 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-05-12 15:19 . 2012-05-12 15:19 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-05-12 15:19 . 2012-05-12 15:19 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-05-12 15:19 . 2012-05-12 15:19 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-05-12 15:19 . 2012-05-12 15:19 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-05-12 15:19 . 2012-05-12 15:19 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-05-12 15:19 . 2012-05-12 15:19 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-05-12 15:19 . 2012-05-12 15:19 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-05-12 15:19 . 2012-05-12 15:19 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-05-12 15:19 . 2012-05-12 15:19 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-05-12 15:19 . 2012-05-12 15:19 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-05-12 15:19 . 2012-05-12 15:19 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-05-12 15:19 . 2012-05-12 15:19 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-05-12 15:19 . 2012-05-12 15:19 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-05-12 15:19 . 2012-05-12 15:19 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-05-12 15:19 . 2012-05-12 15:19 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-05-12 15:19 . 2012-05-12 15:19 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-05-12 15:19 . 2012-05-12 15:19 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-05-12 15:19 . 2012-05-12 15:19 448512 ----a-w- c:\windows\system32\html.iec

2012-05-12 15:19 . 2012-05-12 15:19 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-05-12 15:19 . 2012-05-12 15:19 222208 ----a-w- c:\windows\system32\msls31.dll

2012-05-12 15:19 . 2012-05-12 15:19 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-05-12 15:19 . 2012-05-12 15:19 12288 ----a-w- c:\windows\system32\mshta.exe

2012-05-12 15:19 . 2012-05-12 15:19 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-05-12 15:19 . 2012-05-12 15:19 114176 ----a-w- c:\windows\system32\admparse.dll

2012-05-12 15:19 . 2012-05-12 15:19 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-05-12 15:19 . 2012-05-12 15:19 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-05-12 15:19 . 2012-05-12 15:19 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-05-12 15:19 . 2012-05-12 15:19 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-12 15:19 . 2012-05-12 15:19 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-05-12 15:19 . 2012-05-12 15:19 160256 ----a-w- c:\windows\system32\wextract.exe

2012-05-11 20:08 . 2012-05-11 20:08 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-05-11 20:08 . 2012-05-11 20:08 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll

2012-05-11 20:08 . 2012-05-11 20:08 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll

2012-05-08 13:07 . 2012-05-08 13:07 8072272 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.382.0oemBingBarSetup-Partner.EXE

2012-05-05 09:38 . 2012-05-05 09:38 388096 ----a-r- c:\users\Kkthnx\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-05 09:37 . 2012-04-21 19:56 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-05 09:37 . 2012-04-21 19:56 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 09:37 . 2012-05-05 09:37 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-22 21:30 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-04-22 21:30 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-04-22 19:09 . 2012-04-22 19:09 53248 ----a-r- c:\users\Kkthnx\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe

2012-04-21 18:12 . 2011-03-28 17:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-04-21 17:25 . 2011-03-29 09:04 27760 ----a-w- c:\windows\system32\ViakaraokeSrv.exe

2012-04-21 17:25 . 2011-03-29 09:04 116848 ----a-w- c:\windows\system32\ViaKaraokePropPageExt.dll

2012-04-21 17:25 . 2011-03-29 09:04 1161328 ----a-w- c:\windows\system32\ViaKaraokeApo.dll

2012-04-21 17:25 . 2007-12-04 10:28 86016 ----a-w- c:\windows\system32\nQPropPageExt.dll

2012-04-21 17:25 . 2007-12-04 10:28 82432 ----a-w- c:\windows\system32\nQAPO.dll

2012-04-21 17:25 . 2012-04-21 17:26 414632 ------w- c:\windows\difxapi.dll

2012-04-19 03:50 . 2012-04-19 03:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-04-18 02:03 . 2012-04-21 14:56 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBFDAF5D-CD80-43A9-B85E-60A9D4A2674F}\mpengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d}"= "c:\program files (x86)\Nectar Search Toolbar\Helper.dll" [2012-06-12 360960]

.

[HKEY_CLASSES_ROOT\clsid\{ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d}]

[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{8021825B-2FBA-43AA-8FC9-1289DCD80B76}]

[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B7C2F0D8-2209-4693-A15D-5A537211D48B}]

2012-06-12 12:49 1624576 ----a-w- c:\program files (x86)\Nectar Search Toolbar\Toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{8020143D-5926-4394-A04D-DD0B649DA121}"= "c:\program files (x86)\Nectar Search Toolbar\Toolbar.dll" [2012-06-12 1624576]

.

[HKEY_CLASSES_ROOT\clsid\{8020143d-5926-4394-a04d-dd0b649da121}]

[HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{22466F1F-0B10-41B0-A971-3A28599AA7C7}]

[HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-21 39408]

"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-27 955280]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-16 21416]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]

"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-27 3521424]

"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]

.

c:\users\Kkthnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Belkin Network USB Hub Control Center.lnk - c:\program files\Belkin\Network USB Hub Control Center\Connect.exe [2012-4-21 790651]

BUFFALO NAS Navigator2.lnk - c:\program files (x86)\BUFFALO\NASNAVI\NasNavi.exe [2011-10-27 1927120]

ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

NAS Scheduler.lnk - c:\program files (x86)\BUFFALO\NASNAVI\nassche.exe [2009-5-15 206128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-21 116648]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.382.0\SeaPort.exe [2012-04-16 240208]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-21 116648]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.382.0\BBSvc.exe [2012-04-16 193616]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]

S2 NasPmService;NAS PM Service;c:\program files (x86)\BUFFALO\NASNAVI\nassvc.exe [2011-10-31 251760]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]

S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]

S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

S3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 09:37]

.

2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-21 17:52]

.

2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-21 17:52]

.

2012-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1779838713-1673122979-475417329-1001Core.job

- c:\users\Kkthnx\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-25 17:52]

.

2012-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1779838713-1673122979-475417329-1001UA.job

- c:\users\Kkthnx\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-25 17:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{8020143D-5926-4394-A04D-DD0B649DA121} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe

c:\program files (x86)\TeamViewer\Version7\tv_w32.exe

c:\program files\Logitech Gaming Software\Applets\LCDMedia.exe

.

**************************************************************************

.

Completion time: 2012-06-17 16:22:50 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-17 15:22

.

Pre-Run: 288,396,566,528 bytes free

Post-Run: 287,872,425,984 bytes free

.

- - End Of File - - B243040802F8DD43A4E7AB7D3DC5659F

Link to post
Share on other sites

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Copy & Paste the log from DrWeb Cure-it and also tell me, How is your system now ?

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.