Jump to content

Fairly sure i'm still infected with something.


Recommended Posts

My computer has been slower than usual lately when it comes to my internet connection. Frequent latency spikes and when i ran speed tests, upload were around 1-4mbs when my usual is 10mbs. Ventrilo would constantly freeze due to lag and I'd have todisconnect and reconnect constantly. Also experienced lag spikes while gaming.

I had planned to run a scan in safe mode but realized i couldnt get into safe mode through normal means....though i might have just been hitting f8 at the wrong time because i can get in safe mode easily now....but i ended up following a guide to find whatever might have been stop me from getting in safe mode. I can't remember most of them but it included Malwarebytes, HitmanPro, and combofix. Malwarebyte found nothing but others detected things and removed things. I dont have the original log from ComboFix either because the guide told me to uninstall it after.

After realizing i could access safe mode i ran a few different scans in safe mode. Main one i'm concerned about now was one i did with ViperRescue. ViperRescue came up with 3 trojans in 3 game files. "trojan.win32.generic bt" was the trojan in each file. ViperRescue said it cured it...i think by quarantining the file..but i looked the trojan up anyway. The first few sites on google about the trojan say it alters things in my computer though they all had different methods of removing it through regedit and other things. I later found a thread on here about someone with the same trojan and the person on there suggested ComboFix and posting the logs so i did that, in safe mode(not sure if that matters) and now here i am writing this post.

Not sure if this matters but i did the dds after already running th combofix.

Also, i noticed in all of these Window Defender is there...but i never installed it and it isn't in my control panel like it is on my Windows 8 laptop.

Any help would be greatly appreciated :)

DDS BELOW

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16483

Run by Stefan at 21:42:09 on 2013-05-28

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6142.4506 [GMT -4:00]

.

AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\HitmanPro\hmpsched.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Windows\SysWOW64\XSrvSetup.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe

C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\msiexec.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = about:blank

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: ATLAS Toolbar: {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL

BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: ATLAS Toolbar: {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONTEN~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:60

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files (x86)\ATLAS V14\Atlscript.html

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://tera.hangame.com/common/activex/HanSetup1040.cab

DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

TCP: Interfaces\{01A80F9A-3591-479F-926E-078D948B6B9A} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{4944E631-A946-47F0-9BB6-97F1867BBA78} : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{F079B80C-782F-407C-91DC-B8FAD14490DC} : NameServer = 192.168.1.1

TCP: Interfaces\{F079B80C-782F-407C-91DC-B8FAD14490DC}\B4962796E6F6 : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = about:blank

x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [Linksys Wireless Manager] "C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033

x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\1kc28apw.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-05-22 21:55; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com

FF - ExtSQL: 2013-05-22 21:55; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com

FF - ExtSQL: 2013-05-22 21:55; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

FF - ExtSQL: 2013-05-22 21:55; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com

FF - ExtSQL: 2013-05-22 21:55; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com

FF - ExtSQL: !HIDDEN! 2011-03-10 16:46; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

============= SERVICES / DRIVERS ===============

.

R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-2-5 21544]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]

R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-1-14 55056]

R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]

R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2012-2-20 57976]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-5-15 2467664]

R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-5-27 109352]

R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2011-2-5 72304]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]

R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-1-14 29016]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-1-14 29528]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-11-20 75776]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-11-20 177152]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2013-1-14 356376]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 JRSKD24;JRSKD24;C:\Windows\System32\JRSKD24.SYS [2011-6-20 12824]

S3 JRSUKD25;JRSUKD25;C:\Windows\System32\JRSUKD25.SYS [2011-6-20 15768]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2013-2-25 2426672]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-19 19456]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-2-5 346144]

S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2011-8-19 30720]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-19 57856]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-24 1255736]

.

=============== Created Last 30 ================

.

2013-05-29 01:06:25 -------- d-sh--w- C:\$RECYCLE.BIN

2013-05-29 00:51:50 98816 ----a-w- C:\Windows\sed.exe

2013-05-29 00:51:50 256000 ----a-w- C:\Windows\PEV.exe

2013-05-29 00:51:50 208896 ----a-w- C:\Windows\MBR.exe

2013-05-28 05:41:48 -------- d-----w- C:\Users\Stefan\AppData\Roaming\Auslogics

2013-05-28 05:41:43 -------- d-----w- C:\Program Files (x86)\Auslogics

2013-05-28 05:32:49 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat

2013-05-28 05:32:49 -------- d-----w- C:\ProgramData\iolo

2013-05-28 04:54:40 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2013-05-28 04:04:50 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-05-28 04:04:49 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-05-28 03:46:03 12872 ----a-w- C:\Windows\System32\bootdelete.exe

2013-05-28 03:26:07 -------- d-----w- C:\Program Files\HitmanPro

2013-05-28 03:25:14 -------- d-----w- C:\ProgramData\HitmanPro

2013-05-28 00:34:19 -------- d-----w- C:\Program Files\Ventrilo

2013-05-27 16:45:10 -------- d-----w- C:\Users\Stefan\AppData\Roaming\ParetoLogic

2013-05-27 16:45:10 -------- d-----w- C:\Users\Stefan\AppData\Roaming\DriverCure

2013-05-27 16:45:03 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic

2013-05-27 16:45:01 -------- d-----w- C:\ProgramData\ParetoLogic

2013-05-27 16:45:01 -------- d-----w- C:\Program Files (x86)\ParetoLogic

2013-05-27 16:36:00 -------- d-----w- C:\TDSSKiller_Quarantine

2013-05-27 12:28:35 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3FCAF943-633A-4AE5-91F3-205612751269}\mpengine.dll

2013-05-23 01:37:57 64856 ----a-w- C:\Windows\System32\klfphc.dll

2013-05-23 01:36:35 -------- d-----w- C:\Windows\ELAMBKUP

2013-05-23 01:36:33 -------- d-----w- C:\ProgramData\Kaspersky Lab

2013-05-23 01:36:33 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab

2013-05-23 01:36:26 90208 ----a-w- C:\Windows\System32\drivers\klflt.sys

2013-05-22 18:05:11 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2013-05-21 12:14:37 49152 ----a-r- C:\Users\Stefan\AppData\Roaming\Microsoft\Installer\{C109AF5B-69D0-4C93-B360-F28D9FAB6084}\NewShortcut1_C109AF5B69D04C93B360F28D9FAB6084.exe

2013-05-21 12:11:18 49152 ----a-r- C:\Users\Stefan\AppData\Roaming\Microsoft\Installer\{502499DC-2EDB-45A2-8F7C-83E6E5DE067E}\NewShortcut1_502499DC2EDB45A28F7C83E6E5DE067E.exe

2013-05-21 12:10:50 -------- d-----w- C:\illusion

2013-05-16 23:24:18 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll

2013-05-11 23:38:14 1092512 ----a-w- C:\Windows\System32\npDeployJava1.dll

2013-05-11 23:38:09 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2013-05-10 07:57:26 187456 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2013-05-10 07:57:26 187456 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-05-03 23:52:54 -------- d-----w- C:\gravity

.

==================== Find3M ====================

.

2013-05-23 01:55:46 55056 ----a-w- C:\Windows\System32\drivers\kltdi.sys

2013-05-23 01:55:46 178448 ----a-w- C:\Windows\System32\drivers\kneps.sys

2013-05-21 21:27:44 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-21 21:27:44 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-11 23:37:56 971680 ----a-w- C:\Windows\System32\deployJava1.dll

2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

.

============= FINISH: 21:42:56.78 ===============

ATTACH BELOW

attach.txt

LOG FROM THE SECOND COMBOFIX I RAN

ComboFix 13-05-28.02 - Stefan 05/28/2013 20:53:17.2.8 - x64 MINIMAL

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6142.4803 [GMT -4:00]

Running from: c:\users\Stefan\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\wininit.ini

F:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-29 )))))))))))))))))))))))))))))))

.

.

2013-05-28 05:41 . 2013-05-28 05:43 -------- d-----w- c:\users\Stefan\AppData\Roaming\Auslogics

2013-05-28 05:41 . 2013-05-28 05:41 -------- d-----w- c:\program files (x86)\Auslogics

2013-05-28 05:32 . 2013-05-28 05:39 -------- d-----w- c:\programdata\iolo

2013-05-28 05:32 . 2013-05-28 05:32 74703 ----a-w- c:\windows\SysWow64\mfc45.dat

2013-05-28 04:54 . 2013-05-28 04:55 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2013-05-28 04:04 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll

2013-05-28 04:04 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-05-28 04:04 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-05-28 04:02 . 2013-05-28 04:02 -------- d-----w- c:\program files\Microsoft Silverlight

2013-05-28 04:02 . 2013-05-28 04:02 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2013-05-28 03:46 . 2013-05-28 03:46 12872 ----a-w- c:\windows\system32\bootdelete.exe

2013-05-28 03:26 . 2013-05-28 03:26 -------- d-----w- c:\program files\HitmanPro

2013-05-28 03:25 . 2013-05-28 03:35 -------- d-----w- c:\programdata\HitmanPro

2013-05-28 00:34 . 2013-05-28 00:34 -------- d-----w- c:\program files\Ventrilo

2013-05-27 16:45 . 2013-05-27 16:45 -------- d-----w- c:\users\Stefan\AppData\Roaming\ParetoLogic

2013-05-27 16:45 . 2013-05-27 16:45 -------- d-----w- c:\users\Stefan\AppData\Roaming\DriverCure

2013-05-27 16:45 . 2013-05-27 16:45 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic

2013-05-27 16:45 . 2013-05-27 16:45 -------- d-----w- c:\programdata\ParetoLogic

2013-05-27 16:45 . 2013-05-27 16:45 -------- d-----w- c:\program files (x86)\ParetoLogic

2013-05-27 16:36 . 2013-05-27 16:36 -------- d-----w- C:\TDSSKiller_Quarantine

2013-05-27 12:28 . 2013-05-14 05:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FCAF943-633A-4AE5-91F3-205612751269}\mpengine.dll

2013-05-23 01:37 . 2013-01-14 18:55 64856 ----a-w- c:\windows\system32\klfphc.dll

2013-05-23 01:36 . 2013-05-23 01:36 -------- d-----w- c:\windows\ELAMBKUP

2013-05-23 01:36 . 2013-05-29 00:48 -------- d-----w- c:\programdata\Kaspersky Lab

2013-05-23 01:36 . 2013-05-23 01:36 -------- d-----w- c:\program files (x86)\Kaspersky Lab

2013-05-23 01:36 . 2013-05-23 01:55 620128 ----a-w- c:\windows\system32\drivers\klif.sys

2013-05-23 01:36 . 2013-05-23 01:55 90208 ----a-w- c:\windows\system32\drivers\klflt.sys

2013-05-22 18:05 . 2013-05-22 18:05 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2013-05-21 12:14 . 2013-05-21 12:14 49152 ----a-r- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{C109AF5B-69D0-4C93-B360-F28D9FAB6084}\NewShortcut1_C109AF5B69D04C93B360F28D9FAB6084.exe

2013-05-21 12:11 . 2013-05-21 12:11 49152 ----a-r- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{502499DC-2EDB-45A2-8F7C-83E6E5DE067E}\NewShortcut1_502499DC2EDB45A28F7C83E6E5DE067E.exe

2013-05-21 12:10 . 2013-05-21 12:11 -------- d-----w- C:\illusion

2013-05-11 23:38 . 2013-05-11 23:37 311200 ----a-w- c:\windows\system32\javaws.exe

2013-05-11 23:38 . 2013-05-11 23:37 1092512 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-05-11 23:38 . 2013-05-11 23:38 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-05-11 23:38 . 2013-05-11 23:37 188832 ----a-w- c:\windows\system32\javaw.exe

2013-05-11 23:38 . 2013-05-11 23:37 188320 ----a-w- c:\windows\system32\java.exe

2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-05-03 23:52 . 2013-05-03 23:52 -------- d-----w- C:\gravity

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-23 01:55 . 2013-01-14 18:55 55056 ----a-w- c:\windows\system32\drivers\kltdi.sys

2013-05-23 01:55 . 2012-08-13 20:49 178448 ----a-w- c:\windows\system32\drivers\kneps.sys

2013-05-21 21:27 . 2012-03-30 16:31 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-21 21:27 . 2011-05-19 17:47 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-11 23:37 . 2011-09-17 02:37 971680 ----a-w- c:\windows\system32\deployJava1.dll

2013-05-09 10:17 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-03 20:15 . 2010-05-24 21:32 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-02 06:06 . 2010-05-24 21:23 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-13 05:49 . 2013-05-28 04:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-28 04:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-28 04:00 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-28 04:00 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-28 04:00 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-28 04:00 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-04 18:50 . 2011-11-09 11:53 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-01-14 356376]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2013-3-13 3458968]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-22 21544]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]

R1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-05-23 55056]

R1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2013-05-23 178448]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-05-25 57976]

R2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-05-15 2467664]

R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-05-28 109352]

R2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]

R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-07 31272]

R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2011-06-20 12824]

R3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [2011-06-20 15768]

R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2013-01-14 29016]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-01-14 29528]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2013-02-25 2426672]

R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2013-01-05 50800]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]

R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1255736]

R3 X6va005;X6va005;c:\users\Stefan\AppData\Local\Temp\0052CA5.tmp [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3652652649-1025549001-1711070373-1000Core.job

- c:\users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 20:32]

.

2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3652652649-1025549001-1711070373-1000UA.job

- c:\users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 20:32]

.

2013-05-27 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2013-05-28 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job

- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-05-07 22:47]

.

2013-05-28 c:\windows\Tasks\ParetoLogic Update Version3.job

- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-05-07 22:47]

.

2013-05-27 c:\windows\Tasks\RegCure Pro.job

- c:\program files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2013-05-07 22:47]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]

"Linksys Wireless Manager"="c:\program files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{4944E631-A946-47F0-9BB6-97F1867BBA78}: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{F079B80C-782F-407C-91DC-B8FAD14490DC}: NameServer = 192.168.1.1

DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://tera.hangame.com/common/activex/HanSetup1040.cab

FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\1kc28apw.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=

FF - ExtSQL: 2013-05-22 21:55; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com

FF - ExtSQL: 2013-05-22 21:55; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com

FF - ExtSQL: 2013-05-22 21:55; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

FF - ExtSQL: 2013-05-22 21:55; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com

FF - ExtSQL: 2013-05-22 21:55; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com

FF - ExtSQL: !HIDDEN! 2011-03-10 16:46; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]

"ImagePath"="\??\c:\users\Stefan\AppData\Local\Temp\0052CA5.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-3652652649-1025549001-1711070373-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3652652649-1025549001-1711070373-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-3652652649-1025549001-1711070373-1000\Software\SecuROM\License information*]

"datasecu"=hex:fa,f1,62,c8,ea,cc,2a,4b,5f,a0,8c,cf,a7,53,22,4f,4d,01,37,de,8c,

0f,58,ee,c9,57,03,1b,42,dd,ba,8c,0c,f5,e7,db,19,ab,cf,17,fd,d9,c3,b1,37,d4,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-05-28 21:01:18

ComboFix-quarantined-files.txt 2013-05-29 01:01

.

Pre-Run: 291,398,799,360 bytes free

Post-Run: 291,320,528,896 bytes free

.

- - End Of File - - 2CA50A5F345856AE02C4A790B2A9A1B3

Link to post
Share on other sites

Hello Shaku and welcome to MalwareBytes forum.

I will be helping you. Please follow my guidance and do not run tools or fixes nor do changes on your own.

Please confirm for me that you are the owner of this system.

If it is owned by someone else, or if it belongs to a company or an organization, please Stop and tell me that.

As a reminder, please just only Copy & Paste all log contents directly into main-body of reply box.

Use 1 reply per each log as needed. IF you hit some log that is way too huge, then you may attach.

Please do a backup of any documents/personal files that you cannot afford to lose.

Malware cleanups can sometimes be unpredictable. So do a backup to Offline media as a precaution.

That said, I must advise you to never, ever run Combofix on your own --- not without expert guided help.

That is one tool that if run by yourself, might result in a un-bootable pc.

Also, do NOT use posts of others as a template to self-medicate your pc, on your own.

What people -can do- is run their antivirus & MBAM & some selected (reputable) online scans (Eset, Trendmicro, Bitdefender) and do some initial scans.

But then stop and NOT run specialized tools on their own.

I will focus here on hunting for malwares onboard the pc. Any other issue, especially such as slow speeds from your internet service provider, will be left for you to pursue later.

Once we get started here, make no changes or fixes nor run any tools on your own.

Given you suspect an infection, treat this machine as if it were in isolation & in quarantine.

Do NOT do any websurfing, online banking, online games, online shopping, or any general surfing.

Only go to this forum and the sites I guide you to for tools.

As you go down this list, if you already have a prior copy of the tool, delete it and download a new copy.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Press Windows-key +R key on your keyboard to get RUN option.
  • Type in
    explorer.exe

    and press Enter to start Windows Explorer.

  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program. excl.png

Then copy/paste the following into your post (in order):

  • the contents of C:\AdwCleaner[R1].txt;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

AdwCleaner

# AdwCleaner v2.301 - Logfile created 05/29/2013 at 15:53:09

# Updated 16/05/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Stefan - STEFAN-GAMINPC

# Boot Mode : Normal

# Running from : C:\Users\Stefan\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

Found : BCUService

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Common Files\ParetoLogic

Folder Found : C:\Program Files (x86)\DeviceVM

Folder Found : C:\Program Files (x86)\ParetoLogic

Folder Found : C:\ProgramData\ParetoLogic

Folder Found : C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic

Folder Found : C:\Users\Stefan\AppData\Roaming\ParetoLogic

***** [Registry] *****

Key Found : HKCU\Software\DeviceVM

Key Found : HKCU\Software\YahooPartnerToolbar

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\Software\DeviceVM

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [bCU]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\1kc28apw.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.31] : keyword = "blekko",

Found [l.35] : search_url = "hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=733F7C70A60A067ED90DDB5025E8AC9D&q={searchTerms}",

*************************

AdwCleaner[R1].txt - [12312 octets] - [16/12/2012 17:22:21]

AdwCleaner[R2].txt - [1097 octets] - [23/12/2012 19:38:22]

AdwCleaner[R3].txt - [2476 octets] - [29/05/2013 15:53:09]

AdwCleaner[s2].txt - [11719 octets] - [16/12/2012 17:23:13]

AdwCleaner[s3].txt - [1158 octets] - [23/12/2012 19:38:35]

AdwCleaner[s4].txt - [1218 octets] - [31/12/2012 17:12:25]

########## EOF - C:\AdwCleaner[R3].txt - [2717 octets] ##########

Link to post
Share on other sites

TDSSKILLER log

15:55:45.0251 3288 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

15:55:45.0556 3288 ============================================================

15:55:45.0556 3288 Current date / time: 2013/05/29 15:55:45.0556

15:55:45.0556 3288 SystemInfo:

15:55:45.0556 3288

15:55:45.0556 3288 OS Version: 6.1.7601 ServicePack: 1.0

15:55:45.0556 3288 Product type: Workstation

15:55:45.0556 3288 ComputerName: STEFAN-GAMINPC

15:55:45.0556 3288 UserName: Stefan

15:55:45.0556 3288 Windows directory: C:\Windows

15:55:45.0556 3288 System windows directory: C:\Windows

15:55:45.0556 3288 Running under WOW64

15:55:45.0556 3288 Processor architecture: Intel x64

15:55:45.0556 3288 Number of processors: 8

15:55:45.0556 3288 Page size: 0x1000

15:55:45.0556 3288 Boot type: Normal boot

15:55:45.0556 3288 ============================================================

15:55:46.0280 3288 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

15:55:46.0282 3288 ============================================================

15:55:46.0282 3288 \Device\Harddisk0\DR0:

15:55:46.0282 3288 MBR partitions:

15:55:46.0283 3288 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

15:55:46.0283 3288 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800

15:55:46.0283 3288 ============================================================

15:55:46.0304 3288 C: <-> \Device\Harddisk0\DR0\Partition2

15:55:46.0304 3288 ============================================================

15:55:46.0305 3288 Initialize success

15:55:46.0305 3288 ============================================================

15:55:56.0802 5880 ============================================================

15:55:56.0802 5880 Scan started

15:55:56.0802 5880 Mode: Manual;

15:55:56.0802 5880 ============================================================

15:55:57.0115 5880 ================ Scan system memory ========================

15:55:57.0115 5880 System memory - ok

15:55:57.0115 5880 ================ Scan services =============================

15:55:57.0223 5880 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

15:55:57.0224 5880 1394ohci - ok

15:55:57.0252 5880 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

15:55:57.0254 5880 ACPI - ok

15:55:57.0272 5880 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

15:55:57.0273 5880 AcpiPmi - ok

15:55:57.0334 5880 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

15:55:57.0335 5880 AdobeARMservice - ok

15:55:57.0349 5880 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

15:55:57.0353 5880 adp94xx - ok

15:55:57.0364 5880 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

15:55:57.0366 5880 adpahci - ok

15:55:57.0374 5880 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

15:55:57.0376 5880 adpu320 - ok

15:55:57.0387 5880 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

15:55:57.0388 5880 AeLookupSvc - ok

15:55:57.0419 5880 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

15:55:57.0421 5880 AFD - ok

15:55:57.0439 5880 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

15:55:57.0440 5880 agp440 - ok

15:55:57.0447 5880 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

15:55:57.0447 5880 ALG - ok

15:55:57.0453 5880 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

15:55:57.0454 5880 aliide - ok

15:55:57.0465 5880 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

15:55:57.0465 5880 amdide - ok

15:55:57.0477 5880 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

15:55:57.0477 5880 AmdK8 - ok

15:55:57.0486 5880 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

15:55:57.0487 5880 AmdPPM - ok

15:55:57.0503 5880 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

15:55:57.0504 5880 amdsata - ok

15:55:57.0513 5880 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

15:55:57.0514 5880 amdsbs - ok

15:55:57.0522 5880 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

15:55:57.0523 5880 amdxata - ok

15:55:57.0537 5880 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

15:55:57.0538 5880 AppID - ok

15:55:57.0540 5880 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

15:55:57.0540 5880 AppIDSvc - ok

15:55:57.0561 5880 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll

15:55:57.0562 5880 Appinfo - ok

15:55:57.0612 5880 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

15:55:57.0612 5880 Apple Mobile Device - ok

15:55:57.0619 5880 [ A632D9EA15F37D2605A7FCAF3892EC96 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys

15:55:57.0619 5880 AppleCharger - ok

15:55:57.0630 5880 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe

15:55:57.0630 5880 AppleChargerSrv - ok

15:55:57.0644 5880 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

15:55:57.0645 5880 arc - ok

15:55:57.0655 5880 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

15:55:57.0656 5880 arcsas - ok

15:55:57.0714 5880 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

15:55:57.0766 5880 aspnet_state - ok

15:55:57.0802 5880 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

15:55:57.0803 5880 AsyncMac - ok

15:55:57.0826 5880 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

15:55:57.0827 5880 atapi - ok

15:55:57.0929 5880 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

15:55:57.0980 5880 atikmdag - ok

15:55:58.0013 5880 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

15:55:58.0017 5880 AudioEndpointBuilder - ok

15:55:58.0024 5880 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

15:55:58.0026 5880 AudioSrv - ok

15:55:58.0068 5880 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

15:55:58.0069 5880 AVP - ok

15:55:58.0085 5880 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

15:55:58.0085 5880 AxInstSV - ok

15:55:58.0099 5880 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

15:55:58.0103 5880 b06bdrv - ok

15:55:58.0123 5880 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

15:55:58.0126 5880 b57nd60a - ok

15:55:58.0168 5880 [ 382B151DAFFE4A9CE9DA9F564B66761E ] BCUService C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

15:55:58.0169 5880 BCUService - ok

15:55:58.0177 5880 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

15:55:58.0178 5880 BDESVC - ok

15:55:58.0184 5880 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

15:55:58.0184 5880 Beep - ok

15:55:58.0230 5880 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

15:55:58.0235 5880 BFE - ok

15:55:58.0261 5880 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

15:55:58.0267 5880 BITS - ok

15:55:58.0270 5880 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

15:55:58.0270 5880 blbdrive - ok

15:55:58.0306 5880 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

15:55:58.0307 5880 Bonjour Service - ok

15:55:58.0328 5880 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

15:55:58.0328 5880 bowser - ok

15:55:58.0336 5880 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:55:58.0337 5880 BrFiltLo - ok

15:55:58.0348 5880 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:55:58.0348 5880 BrFiltUp - ok

15:55:58.0354 5880 [ 5C2F352A4E961D72518261257AAE204B ] Bridge C:\Windows\system32\DRIVERS\bridge.sys

15:55:58.0354 5880 Bridge - ok

15:55:58.0356 5880 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

15:55:58.0357 5880 BridgeMP - ok

15:55:58.0380 5880 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

15:55:58.0381 5880 Browser - ok

15:55:58.0384 5880 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

15:55:58.0387 5880 Brserid - ok

15:55:58.0396 5880 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

15:55:58.0396 5880 BrSerWdm - ok

15:55:58.0402 5880 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

15:55:58.0403 5880 BrUsbMdm - ok

15:55:58.0405 5880 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

15:55:58.0405 5880 BrUsbSer - ok

15:55:58.0410 5880 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

15:55:58.0411 5880 BTHMODEM - ok

15:55:58.0422 5880 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

15:55:58.0423 5880 bthserv - ok

15:55:58.0424 5880 catchme - ok

15:55:58.0433 5880 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

15:55:58.0434 5880 cdfs - ok

15:55:58.0465 5880 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

15:55:58.0466 5880 cdrom - ok

15:55:58.0482 5880 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

15:55:58.0483 5880 CertPropSvc - ok

15:55:58.0494 5880 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

15:55:58.0495 5880 circlass - ok

15:55:58.0510 5880 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

15:55:58.0512 5880 CLFS - ok

15:55:58.0549 5880 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:55:58.0550 5880 clr_optimization_v2.0.50727_32 - ok

15:55:58.0570 5880 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:55:58.0572 5880 clr_optimization_v2.0.50727_64 - ok

15:55:58.0610 5880 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:55:58.0610 5880 clr_optimization_v4.0.30319_32 - ok

15:55:58.0638 5880 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:55:58.0671 5880 clr_optimization_v4.0.30319_64 - ok

15:55:58.0676 5880 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

15:55:58.0677 5880 CmBatt - ok

15:55:58.0684 5880 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

15:55:58.0684 5880 cmdide - ok

15:55:58.0708 5880 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys

15:55:58.0710 5880 CNG - ok

15:55:58.0719 5880 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

15:55:58.0719 5880 Compbatt - ok

15:55:58.0736 5880 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

15:55:58.0736 5880 CompositeBus - ok

15:55:58.0738 5880 COMSysApp - ok

15:55:58.0746 5880 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

15:55:58.0747 5880 crcdisk - ok

15:55:58.0779 5880 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

15:55:58.0780 5880 CryptSvc - ok

15:55:58.0834 5880 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

15:55:58.0837 5880 cvhsvc - ok

15:55:58.0869 5880 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

15:55:58.0873 5880 DcomLaunch - ok

15:55:58.0898 5880 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

15:55:58.0900 5880 defragsvc - ok

15:55:58.0929 5880 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

15:55:58.0930 5880 DfsC - ok

15:55:58.0959 5880 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

15:55:58.0961 5880 Dhcp - ok

15:55:58.0966 5880 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

15:55:58.0966 5880 discache - ok

15:55:58.0972 5880 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

15:55:58.0973 5880 Disk - ok

15:55:58.0993 5880 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

15:55:58.0994 5880 Dnscache - ok

15:55:59.0021 5880 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

15:55:59.0023 5880 dot3svc - ok

15:55:59.0049 5880 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

15:55:59.0050 5880 DPS - ok

15:55:59.0060 5880 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

15:55:59.0060 5880 drmkaud - ok

15:55:59.0076 5880 dump_wmimmc - ok

15:55:59.0121 5880 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

15:55:59.0125 5880 DXGKrnl - ok

15:55:59.0141 5880 EagleX64 - ok

15:55:59.0151 5880 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

15:55:59.0152 5880 EapHost - ok

15:55:59.0196 5880 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

15:55:59.0239 5880 ebdrv - ok

15:55:59.0274 5880 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

15:55:59.0275 5880 EFS - ok

15:55:59.0314 5880 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

15:55:59.0318 5880 ehRecvr - ok

15:55:59.0335 5880 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

15:55:59.0335 5880 ehSched - ok

15:55:59.0347 5880 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

15:55:59.0351 5880 elxstor - ok

15:55:59.0373 5880 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

15:55:59.0374 5880 ErrDev - ok

15:55:59.0385 5880 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

15:55:59.0388 5880 EventSystem - ok

15:55:59.0402 5880 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

15:55:59.0403 5880 exfat - ok

15:55:59.0411 5880 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

15:55:59.0413 5880 fastfat - ok

15:55:59.0444 5880 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

15:55:59.0449 5880 Fax - ok

15:55:59.0461 5880 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

15:55:59.0462 5880 fdc - ok

15:55:59.0468 5880 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

15:55:59.0469 5880 fdPHost - ok

15:55:59.0480 5880 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

15:55:59.0480 5880 FDResPub - ok

15:55:59.0483 5880 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

15:55:59.0483 5880 FileInfo - ok

15:55:59.0489 5880 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

15:55:59.0490 5880 Filetrace - ok

15:55:59.0501 5880 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

15:55:59.0502 5880 flpydisk - ok

15:55:59.0518 5880 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

15:55:59.0519 5880 FltMgr - ok

15:55:59.0550 5880 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

15:55:59.0558 5880 FontCache - ok

15:55:59.0587 5880 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:55:59.0588 5880 FontCache3.0.0.0 - ok

15:55:59.0607 5880 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

15:55:59.0607 5880 FsDepends - ok

15:55:59.0625 5880 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

15:55:59.0626 5880 Fs_Rec - ok

15:55:59.0639 5880 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

15:55:59.0640 5880 fvevol - ok

15:55:59.0649 5880 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

15:55:59.0650 5880 gagp30kx - ok

15:55:59.0656 5880 gdrv - ok

15:55:59.0672 5880 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

15:55:59.0672 5880 GEARAspiWDM - ok

15:55:59.0707 5880 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

15:55:59.0710 5880 gpsvc - ok

15:55:59.0723 5880 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys

15:55:59.0723 5880 hamachi - ok

15:55:59.0786 5880 [ DBCF8F2EA9111510B5B86E1EE9CD8816 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

15:55:59.0795 5880 Hamachi2Svc - ok

15:55:59.0804 5880 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

15:55:59.0805 5880 hcw85cir - ok

15:55:59.0830 5880 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

15:55:59.0832 5880 HdAudAddService - ok

15:55:59.0845 5880 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

15:55:59.0846 5880 HDAudBus - ok

15:55:59.0852 5880 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

15:55:59.0853 5880 HidBatt - ok

15:55:59.0866 5880 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

15:55:59.0867 5880 HidBth - ok

15:55:59.0879 5880 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

15:55:59.0879 5880 HidIr - ok

15:55:59.0885 5880 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

15:55:59.0886 5880 hidserv - ok

15:55:59.0912 5880 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

15:55:59.0913 5880 HidUsb - ok

15:55:59.0933 5880 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

15:55:59.0934 5880 hkmsvc - ok

15:55:59.0954 5880 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

15:55:59.0955 5880 HomeGroupListener - ok

15:55:59.0977 5880 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

15:55:59.0979 5880 HomeGroupProvider - ok

15:55:59.0998 5880 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

15:55:59.0999 5880 HpSAMD - ok

15:56:00.0039 5880 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

15:56:00.0042 5880 HTTP - ok

15:56:00.0062 5880 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

15:56:00.0062 5880 hwpolicy - ok

15:56:00.0097 5880 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

15:56:00.0098 5880 i8042prt - ok

15:56:00.0115 5880 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

15:56:00.0118 5880 iaStorV - ok

15:56:00.0164 5880 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:56:00.0171 5880 idsvc - ok

15:56:00.0183 5880 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

15:56:00.0184 5880 iirsp - ok

15:56:00.0197 5880 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

15:56:00.0204 5880 IKEEXT - ok

15:56:00.0254 5880 [ 163F94EBF8F8A98616A6B804AF08D736 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

15:56:00.0262 5880 IntcAzAudAddService - ok

15:56:00.0276 5880 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

15:56:00.0277 5880 intelide - ok

15:56:00.0288 5880 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

15:56:00.0288 5880 intelppm - ok

15:56:00.0298 5880 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

15:56:00.0298 5880 IPBusEnum - ok

15:56:00.0320 5880 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:56:00.0321 5880 IpFilterDriver - ok

15:56:00.0344 5880 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

15:56:00.0348 5880 iphlpsvc - ok

15:56:00.0363 5880 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

15:56:00.0364 5880 IPMIDRV - ok

15:56:00.0378 5880 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

15:56:00.0378 5880 IPNAT - ok

15:56:00.0412 5880 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

15:56:00.0414 5880 iPod Service - ok

15:56:00.0416 5880 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

15:56:00.0417 5880 IRENUM - ok

15:56:00.0432 5880 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

15:56:00.0433 5880 isapnp - ok

15:56:00.0455 5880 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

15:56:00.0457 5880 iScsiPrt - ok

15:56:00.0497 5880 [ F3A41EC4C6506E76E07A219B3A1DF8D2 ] JMB36X C:\Windows\SysWOW64\XSrvSetup.exe

15:56:00.0498 5880 JMB36X - ok

15:56:00.0509 5880 [ 1C368C1A2733DCC5B8E15420AA2B0F6D ] JRAID C:\Windows\system32\DRIVERS\jraid.sys

15:56:00.0510 5880 JRAID - ok

15:56:00.0551 5880 [ 2B9B87269B1D31F261990049A5F5BFA5 ] JRSKD24 C:\Windows\system32\JRSKD24.SYS

15:56:00.0552 5880 JRSKD24 - ok

15:56:00.0556 5880 [ 6D15A689C9EF15041CE876FF662DB6E1 ] JRSUKD25 C:\Windows\system32\JRSUKD25.SYS

15:56:00.0556 5880 JRSUKD25 - ok

15:56:00.0571 5880 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

15:56:00.0572 5880 kbdclass - ok

15:56:00.0579 5880 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

15:56:00.0580 5880 kbdhid - ok

15:56:00.0591 5880 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

15:56:00.0592 5880 KeyIso - ok

15:56:00.0628 5880 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\Windows\system32\DRIVERS\kl1.sys

15:56:00.0631 5880 kl1 - ok

15:56:00.0654 5880 [ 2CBD248370721DCAD632DB70D09C5A6D ] KLIF C:\Windows\system32\DRIVERS\klif.sys

15:56:00.0656 5880 KLIF - ok

15:56:00.0681 5880 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys

15:56:00.0681 5880 KLIM6 - ok

15:56:00.0691 5880 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys

15:56:00.0691 5880 klkbdflt - ok

15:56:00.0703 5880 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys

15:56:00.0703 5880 klmouflt - ok

15:56:00.0722 5880 [ 982974975E679276F0FA39EFA331A268 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys

15:56:00.0723 5880 kltdi - ok

15:56:00.0735 5880 [ 1FCB657B581CC4DF17FD6571F93602DE ] kneps C:\Windows\system32\DRIVERS\kneps.sys

15:56:00.0736 5880 kneps - ok

15:56:00.0764 5880 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

15:56:00.0765 5880 KSecDD - ok

15:56:00.0776 5880 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

15:56:00.0777 5880 KSecPkg - ok

15:56:00.0787 5880 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

15:56:00.0787 5880 ksthunk - ok

15:56:00.0800 5880 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

15:56:00.0803 5880 KtmRm - ok

15:56:00.0837 5880 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

15:56:00.0839 5880 LanmanServer - ok

15:56:00.0866 5880 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

15:56:00.0867 5880 LanmanWorkstation - ok

15:56:00.0883 5880 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

15:56:00.0884 5880 lltdio - ok

15:56:00.0892 5880 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

15:56:00.0895 5880 lltdsvc - ok

15:56:00.0901 5880 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

15:56:00.0902 5880 lmhosts - ok

15:56:00.0914 5880 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

15:56:00.0916 5880 LSI_FC - ok

15:56:00.0927 5880 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

15:56:00.0928 5880 LSI_SAS - ok

15:56:00.0933 5880 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:56:00.0934 5880 LSI_SAS2 - ok

15:56:00.0941 5880 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:56:00.0942 5880 LSI_SCSI - ok

15:56:00.0962 5880 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

15:56:00.0962 5880 luafv - ok

15:56:00.0991 5880 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

15:56:00.0992 5880 Mcx2Svc - ok

15:56:01.0004 5880 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

15:56:01.0005 5880 megasas - ok

15:56:01.0018 5880 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

15:56:01.0020 5880 MegaSR - ok

15:56:01.0028 5880 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

15:56:01.0029 5880 MMCSS - ok

15:56:01.0041 5880 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

15:56:01.0041 5880 Modem - ok

15:56:01.0061 5880 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

15:56:01.0062 5880 monitor - ok

15:56:01.0069 5880 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

15:56:01.0069 5880 mouclass - ok

15:56:01.0086 5880 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

15:56:01.0086 5880 mouhid - ok

15:56:01.0110 5880 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

15:56:01.0111 5880 mountmgr - ok

15:56:01.0171 5880 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

15:56:01.0172 5880 MozillaMaintenance - ok

15:56:01.0196 5880 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

15:56:01.0198 5880 mpio - ok

15:56:01.0213 5880 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

15:56:01.0214 5880 mpsdrv - ok

15:56:01.0234 5880 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

15:56:01.0240 5880 MpsSvc - ok

15:56:01.0262 5880 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

15:56:01.0264 5880 MRxDAV - ok

15:56:01.0285 5880 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

15:56:01.0286 5880 mrxsmb - ok

15:56:01.0308 5880 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:56:01.0309 5880 mrxsmb10 - ok

15:56:01.0321 5880 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:56:01.0321 5880 mrxsmb20 - ok

15:56:01.0335 5880 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

15:56:01.0336 5880 msahci - ok

15:56:01.0351 5880 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

15:56:01.0353 5880 msdsm - ok

15:56:01.0359 5880 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

15:56:01.0361 5880 MSDTC - ok

15:56:01.0374 5880 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

15:56:01.0374 5880 Msfs - ok

15:56:01.0385 5880 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

15:56:01.0385 5880 mshidkmdf - ok

15:56:01.0408 5880 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

15:56:01.0409 5880 msisadrv - ok

15:56:01.0418 5880 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

15:56:01.0420 5880 MSiSCSI - ok

15:56:01.0422 5880 msiserver - ok

15:56:01.0440 5880 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

15:56:01.0441 5880 MSKSSRV - ok

15:56:01.0454 5880 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

15:56:01.0455 5880 MSPCLOCK - ok

15:56:01.0459 5880 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

15:56:01.0459 5880 MSPQM - ok

15:56:01.0480 5880 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

15:56:01.0482 5880 MsRPC - ok

15:56:01.0493 5880 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

15:56:01.0494 5880 mssmbios - ok

15:56:01.0504 5880 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

15:56:01.0505 5880 MSTEE - ok

15:56:01.0518 5880 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

15:56:01.0518 5880 MTConfig - ok

15:56:01.0532 5880 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

15:56:01.0532 5880 Mup - ok

15:56:01.0563 5880 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

15:56:01.0566 5880 napagent - ok

15:56:01.0590 5880 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

15:56:01.0591 5880 NativeWifiP - ok

15:56:01.0622 5880 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

15:56:01.0626 5880 NDIS - ok

15:56:01.0631 5880 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

15:56:01.0632 5880 NdisCap - ok

15:56:01.0644 5880 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

15:56:01.0644 5880 NdisTapi - ok

15:56:01.0663 5880 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

15:56:01.0663 5880 Ndisuio - ok

15:56:01.0684 5880 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

15:56:01.0685 5880 NdisWan - ok

15:56:01.0706 5880 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

15:56:01.0707 5880 NDProxy - ok

15:56:01.0712 5880 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

15:56:01.0712 5880 NetBIOS - ok

15:56:01.0731 5880 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

15:56:01.0732 5880 NetBT - ok

15:56:01.0741 5880 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

15:56:01.0742 5880 Netlogon - ok

15:56:01.0763 5880 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

15:56:01.0766 5880 Netman - ok

15:56:01.0814 5880 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:56:01.0816 5880 NetMsmqActivator - ok

15:56:01.0835 5880 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:56:01.0836 5880 NetPipeActivator - ok

15:56:01.0847 5880 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

15:56:01.0851 5880 netprofm - ok

15:56:01.0890 5880 [ 8CE69B2C4934A1C0321F4C8E9C6C4A41 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys

15:56:01.0924 5880 netr28x - ok

15:56:01.0927 5880 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:56:01.0928 5880 NetTcpActivator - ok

15:56:01.0930 5880 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:56:01.0931 5880 NetTcpPortSharing - ok

15:56:01.0938 5880 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

15:56:01.0939 5880 nfrd960 - ok

15:56:01.0958 5880 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

15:56:01.0960 5880 NlaSvc - ok

15:56:01.0989 5880 [ CD2FE9C33CFD0FE0AF124E05907E5C3D ] nmservice C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

15:56:01.0991 5880 nmservice - ok

15:56:02.0003 5880 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

15:56:02.0004 5880 Npfs - ok

15:56:02.0012 5880 NPPTNT2 - ok

15:56:02.0026 5880 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

15:56:02.0027 5880 nsi - ok

15:56:02.0029 5880 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

15:56:02.0029 5880 nsiproxy - ok

15:56:02.0054 5880 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

15:56:02.0064 5880 Ntfs - ok

15:56:02.0075 5880 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

15:56:02.0075 5880 Null - ok

15:56:02.0087 5880 [ 785298579B5F9B4032152DFBB992FDB6 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys

15:56:02.0088 5880 nusb3hub - ok

15:56:02.0097 5880 [ DF2750481B4964814467C974F2B0EEF1 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys

15:56:02.0097 5880 nusb3xhc - ok

15:56:02.0108 5880 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys

15:56:02.0111 5880 NVENETFD - ok

15:56:02.0133 5880 NVHDA - ok

15:56:02.0267 5880 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

15:56:02.0305 5880 nvlddmkm - ok

15:56:02.0335 5880 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

15:56:02.0336 5880 nvraid - ok

15:56:02.0366 5880 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

15:56:02.0367 5880 nvstor - ok

15:56:02.0405 5880 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe

15:56:02.0409 5880 nvsvc - ok

15:56:02.0418 5880 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

15:56:02.0419 5880 nv_agp - ok

15:56:02.0437 5880 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

15:56:02.0438 5880 ohci1394 - ok

15:56:02.0467 5880 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:56:02.0469 5880 ose - ok

15:56:02.0538 5880 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

15:56:02.0589 5880 osppsvc - ok

15:56:02.0608 5880 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

15:56:02.0610 5880 p2pimsvc - ok

15:56:02.0620 5880 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

15:56:02.0623 5880 p2psvc - ok

15:56:02.0633 5880 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

15:56:02.0634 5880 Parport - ok

15:56:02.0656 5880 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

15:56:02.0657 5880 partmgr - ok

15:56:02.0668 5880 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

15:56:02.0669 5880 PcaSvc - ok

15:56:02.0696 5880 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

15:56:02.0697 5880 pci - ok

15:56:02.0699 5880 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

15:56:02.0700 5880 pciide - ok

15:56:02.0708 5880 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

15:56:02.0710 5880 pcmcia - ok

15:56:02.0718 5880 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

15:56:02.0718 5880 pcw - ok

15:56:02.0732 5880 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

15:56:02.0735 5880 PEAUTH - ok

15:56:02.0751 5880 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

15:56:02.0752 5880 PerfHost - ok

15:56:02.0786 5880 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

15:56:02.0796 5880 pla - ok

15:56:02.0821 5880 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

15:56:02.0824 5880 PlugPlay - ok

15:56:02.0840 5880 [ 4FF73A83A25D0EEAD4F5E6C841BB6704 ] pnarp C:\Windows\system32\DRIVERS\pnarp.sys

15:56:02.0840 5880 pnarp - ok

15:56:02.0842 5880 PnkBstrA - ok

15:56:02.0849 5880 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

15:56:02.0850 5880 PNRPAutoReg - ok

15:56:02.0854 5880 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

15:56:02.0856 5880 PNRPsvc - ok

15:56:02.0881 5880 [ 6F5DDC52A9103CC8E1ED5892C1D15613 ] Point64 C:\Windows\system32\DRIVERS\point64.sys

15:56:02.0983 5880 Point64 - ok

15:56:03.0023 5880 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

15:56:03.0043 5880 PolicyAgent - ok

15:56:03.0081 5880 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

15:56:03.0082 5880 Power - ok

15:56:03.0175 5880 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

15:56:03.0175 5880 PptpMiniport - ok

15:56:03.0192 5880 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

15:56:03.0192 5880 Processor - ok

15:56:03.0221 5880 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

15:56:03.0223 5880 ProfSvc - ok

15:56:03.0233 5880 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

15:56:03.0233 5880 ProtectedStorage - ok

15:56:03.0264 5880 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

15:56:03.0265 5880 Psched - ok

15:56:03.0276 5880 [ 9A68A89F10F283A23AFEE2A1BFE4BFFB ] purendis C:\Windows\system32\DRIVERS\purendis.sys

15:56:03.0277 5880 purendis - ok

15:56:03.0303 5880 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

15:56:03.0314 5880 ql2300 - ok

15:56:03.0327 5880 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

15:56:03.0328 5880 ql40xx - ok

15:56:03.0347 5880 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

15:56:03.0349 5880 QWAVE - ok

15:56:03.0354 5880 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

15:56:03.0354 5880 QWAVEdrv - ok

15:56:03.0362 5880 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

15:56:03.0362 5880 RasAcd - ok

15:56:03.0383 5880 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

15:56:03.0384 5880 RasAgileVpn - ok

15:56:03.0390 5880 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

15:56:03.0391 5880 RasAuto - ok

15:56:03.0407 5880 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

15:56:03.0407 5880 Rasl2tp - ok

15:56:03.0435 5880 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

15:56:03.0438 5880 RasMan - ok

15:56:03.0440 5880 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

15:56:03.0441 5880 RasPppoe - ok

15:56:03.0452 5880 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

15:56:03.0453 5880 RasSstp - ok

15:56:03.0460 5880 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

15:56:03.0462 5880 rdbss - ok

15:56:03.0472 5880 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

15:56:03.0472 5880 rdpbus - ok

15:56:03.0482 5880 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

15:56:03.0483 5880 RDPCDD - ok

15:56:03.0499 5880 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

15:56:03.0500 5880 RDPENCDD - ok

15:56:03.0504 5880 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

15:56:03.0504 5880 RDPREFMP - ok

15:56:03.0539 5880 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

15:56:03.0540 5880 RdpVideoMiniport - ok

15:56:03.0560 5880 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

15:56:03.0562 5880 RDPWD - ok

15:56:03.0591 5880 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

15:56:03.0592 5880 rdyboost - ok

15:56:03.0607 5880 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

15:56:03.0608 5880 RemoteAccess - ok

15:56:03.0618 5880 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

15:56:03.0619 5880 RemoteRegistry - ok

15:56:03.0622 5880 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

15:56:03.0623 5880 RpcEptMapper - ok

15:56:03.0637 5880 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

15:56:03.0638 5880 RpcLocator - ok

15:56:03.0661 5880 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

15:56:03.0663 5880 RpcSs - ok

15:56:03.0675 5880 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

15:56:03.0675 5880 rspndr - ok

15:56:03.0714 5880 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

15:56:03.0715 5880 RTL8167 - ok

15:56:03.0717 5880 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

15:56:03.0718 5880 SamSs - ok

15:56:03.0735 5880 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

15:56:03.0736 5880 sbp2port - ok

15:56:03.0761 5880 [ 9ACEB2A2362FC87A3825963E61BA9076 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys

15:56:03.0762 5880 SBRE - ok

15:56:03.0789 5880 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

15:56:03.0790 5880 SCardSvr - ok

15:56:03.0812 5880 [ E25632DF954CE70928946BB36F829CF4 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys

15:56:03.0813 5880 SCDEmu - ok

15:56:03.0832 5880 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

15:56:03.0832 5880 scfilter - ok

15:56:03.0869 5880 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

15:56:03.0877 5880 Schedule - ok

15:56:03.0898 5880 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

15:56:03.0899 5880 SCPolicySvc - ok

15:56:03.0918 5880 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

15:56:03.0920 5880 SDRSVC - ok

15:56:03.0931 5880 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

15:56:03.0932 5880 secdrv - ok

15:56:03.0954 5880 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

15:56:03.0955 5880 seclogon - ok

15:56:03.0962 5880 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

15:56:03.0963 5880 SENS - ok

15:56:03.0965 5880 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

15:56:03.0966 5880 SensrSvc - ok

15:56:03.0974 5880 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

15:56:03.0974 5880 Serenum - ok

15:56:03.0984 5880 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

15:56:03.0985 5880 Serial - ok

15:56:04.0002 5880 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

15:56:04.0003 5880 sermouse - ok

15:56:04.0030 5880 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

15:56:04.0031 5880 SessionEnv - ok

15:56:04.0057 5880 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

15:56:04.0057 5880 sffdisk - ok

15:56:04.0063 5880 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

15:56:04.0064 5880 sffp_mmc - ok

15:56:04.0072 5880 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

15:56:04.0072 5880 sffp_sd - ok

15:56:04.0074 5880 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

15:56:04.0075 5880 sfloppy - ok

15:56:04.0103 5880 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys

15:56:04.0106 5880 Sftfs - ok

15:56:04.0128 5880 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

15:56:04.0130 5880 sftlist - ok

15:56:04.0141 5880 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys

15:56:04.0142 5880 Sftplay - ok

15:56:04.0149 5880 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys

15:56:04.0149 5880 Sftredir - ok

15:56:04.0152 5880 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys

15:56:04.0153 5880 Sftvol - ok

15:56:04.0164 5880 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

15:56:04.0165 5880 sftvsa - ok

15:56:04.0188 5880 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

15:56:04.0191 5880 SharedAccess - ok

15:56:04.0213 5880 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

15:56:04.0216 5880 ShellHWDetection - ok

15:56:04.0224 5880 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:56:04.0225 5880 SiSRaid2 - ok

15:56:04.0237 5880 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

15:56:04.0238 5880 SiSRaid4 - ok

15:56:04.0278 5880 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

15:56:04.0279 5880 SkypeUpdate - ok

15:56:04.0291 5880 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

15:56:04.0292 5880 Smb - ok

15:56:04.0296 5880 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

15:56:04.0297 5880 SNMPTRAP - ok

15:56:04.0307 5880 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

15:56:04.0307 5880 spldr - ok

15:56:04.0330 5880 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

15:56:04.0333 5880 Spooler - ok

15:56:04.0387 5880 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

15:56:04.0428 5880 sppsvc - ok

15:56:04.0431 5880 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

15:56:04.0433 5880 sppuinotify - ok

15:56:04.0454 5880 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

15:56:04.0456 5880 srv - ok

15:56:04.0467 5880 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

15:56:04.0469 5880 srv2 - ok

15:56:04.0479 5880 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

15:56:04.0480 5880 srvnet - ok

15:56:04.0503 5880 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

15:56:04.0505 5880 SSDPSRV - ok

15:56:04.0518 5880 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

15:56:04.0519 5880 SstpSvc - ok

15:56:04.0541 5880 Steam Client Service - ok

15:56:04.0608 5880 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

15:56:04.0610 5880 Stereo Service - ok

15:56:04.0621 5880 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

15:56:04.0622 5880 stexstor - ok

15:56:04.0649 5880 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

15:56:04.0650 5880 StillCam - ok

15:56:04.0675 5880 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

15:56:04.0679 5880 stisvc - ok

15:56:04.0701 5880 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

15:56:04.0701 5880 swenum - ok

15:56:04.0711 5880 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

15:56:04.0715 5880 swprv - ok

15:56:04.0745 5880 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

15:56:04.0767 5880 SysMain - ok

15:56:04.0821 5880 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

15:56:04.0822 5880 TabletInputService - ok

15:56:04.0840 5880 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

15:56:04.0842 5880 TapiSrv - ok

15:56:04.0869 5880 [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas C:\Windows\system32\DRIVERS\tapoas.sys

15:56:04.0870 5880 tapoas - ok

15:56:04.0883 5880 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

15:56:04.0884 5880 TBS - ok

15:56:04.0919 5880 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

15:56:04.0944 5880 Tcpip - ok

15:56:04.0990 5880 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

15:56:04.0997 5880 TCPIP6 - ok

15:56:05.0014 5880 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

15:56:05.0015 5880 tcpipreg - ok

15:56:05.0024 5880 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

15:56:05.0025 5880 TDPIPE - ok

15:56:05.0044 5880 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

15:56:05.0045 5880 TDTCP - ok

15:56:05.0069 5880 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

15:56:05.0070 5880 tdx - ok

15:56:05.0082 5880 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

15:56:05.0082 5880 TermDD - ok

15:56:05.0120 5880 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

15:56:05.0125 5880 TermService - ok

15:56:05.0137 5880 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

15:56:05.0139 5880 Themes - ok

15:56:05.0153 5880 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

15:56:05.0154 5880 THREADORDER - ok

15:56:05.0167 5880 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

15:56:05.0168 5880 TrkWks - ok

15:56:05.0211 5880 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

15:56:05.0212 5880 TrustedInstaller - ok

15:56:05.0232 5880 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

15:56:05.0232 5880 tssecsrv - ok

15:56:05.0249 5880 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

15:56:05.0250 5880 TsUsbFlt - ok

15:56:05.0281 5880 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

15:56:05.0282 5880 tunnel - ok

15:56:05.0291 5880 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

15:56:05.0292 5880 uagp35 - ok

15:56:05.0311 5880 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

15:56:05.0314 5880 udfs - ok

15:56:05.0323 5880 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

15:56:05.0325 5880 UI0Detect - ok

15:56:05.0335 5880 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

15:56:05.0336 5880 uliagpkx - ok

15:56:05.0353 5880 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

15:56:05.0354 5880 umbus - ok

15:56:05.0366 5880 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

15:56:05.0366 5880 UmPass - ok

15:56:05.0387 5880 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

15:56:05.0390 5880 upnphost - ok

15:56:05.0410 5880 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

15:56:05.0411 5880 USBAAPL64 - ok

15:56:05.0432 5880 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

15:56:05.0433 5880 usbaudio - ok

15:56:05.0436 5880 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

15:56:05.0436 5880 usbccgp - ok

15:56:05.0466 5880 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

15:56:05.0467 5880 usbcir - ok

15:56:05.0476 5880 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

15:56:05.0477 5880 usbehci - ok

15:56:05.0487 5880 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

15:56:05.0488 5880 usbhub - ok

15:56:05.0497 5880 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

15:56:05.0498 5880 usbohci - ok

15:56:05.0503 5880 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

15:56:05.0504 5880 usbprint - ok

15:56:05.0517 5880 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

15:56:05.0518 5880 usbscan - ok

15:56:05.0524 5880 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:56:05.0525 5880 USBSTOR - ok

15:56:05.0534 5880 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

15:56:05.0534 5880 usbuhci - ok

15:56:05.0545 5880 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

15:56:05.0546 5880 UxSms - ok

15:56:05.0549 5880 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

15:56:05.0550 5880 VaultSvc - ok

15:56:05.0553 5880 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

15:56:05.0553 5880 vdrvroot - ok

15:56:05.0565 5880 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

15:56:05.0569 5880 vds - ok

15:56:05.0580 5880 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

15:56:05.0581 5880 vga - ok

15:56:05.0592 5880 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

15:56:05.0592 5880 VgaSave - ok

15:56:05.0617 5880 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

15:56:05.0619 5880 vhdmp - ok

15:56:05.0637 5880 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

15:56:05.0638 5880 viaide - ok

15:56:05.0658 5880 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

15:56:05.0658 5880 volmgr - ok

15:56:05.0683 5880 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

15:56:05.0684 5880 volmgrx - ok

15:56:05.0695 5880 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

15:56:05.0696 5880 volsnap - ok

15:56:05.0704 5880 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

15:56:05.0706 5880 vsmraid - ok

15:56:05.0728 5880 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

15:56:05.0740 5880 VSS - ok

15:56:05.0770 5880 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

15:56:05.0770 5880 vwifibus - ok

15:56:05.0784 5880 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

15:56:05.0784 5880 vwififlt - ok

15:56:05.0797 5880 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

15:56:05.0798 5880 vwifimp - ok

15:56:05.0820 5880 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

15:56:05.0824 5880 W32Time - ok

15:56:05.0832 5880 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

15:56:05.0833 5880 WacomPen - ok

15:56:05.0858 5880 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

15:56:05.0858 5880 WANARP - ok

15:56:05.0860 5880 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

15:56:05.0861 5880 Wanarpv6 - ok

15:56:05.0894 5880 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

15:56:05.0903 5880 WatAdminSvc - ok

15:56:05.0939 5880 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

15:56:05.0950 5880 wbengine - ok

15:56:05.0959 5880 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

15:56:05.0962 5880 WbioSrvc - ok

15:56:05.0989 5880 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

15:56:05.0992 5880 wcncsvc - ok

15:56:05.0994 5880 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

15:56:05.0995 5880 WcsPlugInService - ok

15:56:06.0003 5880 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

15:56:06.0003 5880 Wd - ok

15:56:06.0030 5880 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

15:56:06.0033 5880 Wdf01000 - ok

15:56:06.0042 5880 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

15:56:06.0043 5880 WdiServiceHost - ok

15:56:06.0045 5880 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

15:56:06.0046 5880 WdiSystemHost - ok

15:56:06.0072 5880 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

15:56:06.0074 5880 WebClient - ok

15:56:06.0077 5880 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

15:56:06.0080 5880 Wecsvc - ok

15:56:06.0086 5880 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

15:56:06.0087 5880 wercplsupport - ok

15:56:06.0105 5880 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

15:56:06.0107 5880 WerSvc - ok

15:56:06.0109 5880 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

15:56:06.0109 5880 WfpLwf - ok

15:56:06.0111 5880 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

15:56:06.0111 5880 WIMMount - ok

15:56:06.0116 5880 WinDefend - ok

15:56:06.0119 5880 WinHttpAutoProxySvc - ok

15:56:06.0140 5880 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

15:56:06.0141 5880 Winmgmt - ok

15:56:06.0180 5880 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

15:56:06.0204 5880 WinRM - ok

15:56:06.0252 5880 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

15:56:06.0253 5880 WinUsb - ok

15:56:06.0273 5880 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

15:56:06.0280 5880 Wlansvc - ok

15:56:06.0326 5880 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

15:56:06.0334 5880 wlidsvc - ok

15:56:06.0353 5880 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

15:56:06.0353 5880 WmiAcpi - ok

15:56:06.0362 5880 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

15:56:06.0363 5880 wmiApSrv - ok

15:56:06.0373 5880 WMPNetworkSvc - ok

15:56:06.0380 5880 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

15:56:06.0381 5880 WPCSvc - ok

15:56:06.0391 5880 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

15:56:06.0393 5880 WPDBusEnum - ok

15:56:06.0405 5880 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

15:56:06.0405 5880 ws2ifsl - ok

15:56:06.0414 5880 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

15:56:06.0416 5880 wscsvc - ok

15:56:06.0418 5880 WSearch - ok

15:56:06.0482 5880 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

15:56:06.0505 5880 wuauserv - ok

15:56:06.0530 5880 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

15:56:06.0531 5880 WudfPf - ok

15:56:06.0554 5880 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

15:56:06.0556 5880 WUDFRd - ok

15:56:06.0575 5880 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

15:56:06.0576 5880 wudfsvc - ok

15:56:06.0594 5880 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll

15:56:06.0596 5880 WwanSvc - ok

15:56:06.0686 5880 X6va005 - ok

15:56:06.0720 5880 [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys

15:56:06.0721 5880 xusb21 - ok

15:56:06.0733 5880 ================ Scan global ===============================

15:56:06.0749 5880 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

15:56:06.0767 5880 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

15:56:06.0772 5880 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

15:56:06.0782 5880 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

15:56:06.0802 5880 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

15:56:06.0804 5880 [Global] - ok

15:56:06.0804 5880 ================ Scan MBR ==================================

15:56:06.0813 5880 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

15:56:06.0945 5880 \Device\Harddisk0\DR0 - ok

15:56:06.0946 5880 ================ Scan VBR ==================================

15:56:06.0947 5880 [ 0AD326995329737566FB86FAD4F2EF30 ] \Device\Harddisk0\DR0\Partition1

15:56:06.0948 5880 \Device\Harddisk0\DR0\Partition1 - ok

15:56:06.0949 5880 [ 7976F350A389096CE5FE7FBBAFBFD11A ] \Device\Harddisk0\DR0\Partition2

15:56:06.0950 5880 \Device\Harddisk0\DR0\Partition2 - ok

15:56:06.0950 5880 ============================================================

15:56:06.0950 5880 Scan finished

15:56:06.0950 5880 ============================================================

15:56:06.0955 5148 Detected object count: 0

15:56:06.0955 5148 Actual detected object count: 0

15:56:19.0534 5440 ============================================================

Link to post
Share on other sites

RKReport log

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo...13-roguekiller/

Website : http://tigzy.geeksto...roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Stefan [Admin rights]

Mode : Scan -- Date : 05/29/2013 16:03:31

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1002FAEX-007BA0 ATA Device +++++

--- User ---

[MBR] 92be54dc7a5eb74989a00c5d7c2f4fbd

[bSP] ecc158fc3b740eea9585a226730000e6 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05292013_02d1603.txt >>

RKreport[1]_S_05292013_02d1603.txt

Link to post
Share on other sites

The Tdsskiller result is good.

Continue with the following.

Task 1

Download TFC by OldTimer and SAVE it to your desktop

  • Double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Task 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Task 3

Close any open work documents, if any, saving your work.

Make sure to close any other programs that you started before.

Please download Junkware Removal Tool by Thisisu to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7 or 8, right-mouse click JRT.exe and select Run as administrator.
  • The tool will open and display information and disclaimer in a Command prompt window.
  • I'd suggest you close all internet browsers at this point.
  • Press a key on keyboard to start scanning your system.
  • Please be very patient as this will take several minutes to complete, depending on your system's specifications.
  • There are approximatly 12 phases or so in this tool. You will see each phase listed in the Command prompt window.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open. And the command prompt will have been closed.
  • Please post the contents of JRT.txt into a new reply.
  • Re-enable your security software.

Task 4

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

If you have the PRO license, then do this too: Click the Protection tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

Link to post
Share on other sites

It doesnt give me the option to run Rkill as admin. If i open it with the only option it gives me it opens a black box and starts running something and adds "Rkill.txt" and rkill64. Should i just run it normally or is that not supposed to happen?

Link to post
Share on other sites

Rkill 2.5.0 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/29/2013 06:14:50 PM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 05/29/2013 06:15:39 PM

Execution time: 0 hours(s), 0 minute(s), and 48 seconds(s)

Link to post
Share on other sites

OS: Windows 7 Home Premium x64

Ran by Stefan on Wed 05/29/2013 at 18:27:39.75

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{67F80604-8DAF-029F-719E-CABE6D0C2800}

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Stefan\AppData\Roaming\drivercure"

Successfully deleted: [Folder] "C:\Users\Stefan\AppData\Roaming\startnow toolbar"

Successfully deleted: [Folder] "C:\Users\Stefan\appdata\local\blekkotb_031"

Successfully deleted: [Folder] "C:\ai_recyclebin"

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{BA26F43B-56E2-40D2-A1C5-E4B5BD994D58}

Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{E0FB336D-F91E-4CE4-8155-F0989539AF54}

Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{E9B85188-E89B-43BF-9E2B-C953C0C0DD55}

~~~ FireFox

Successfully deleted the following from C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\1kc28apw.default\prefs.js

user_pref("extensions.searchtoolbar@zugo.com.install-event-fired", true);

Emptied folder: C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\1kc28apw.default\minidumps [10 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 05/29/2013 at 18:30:02.46

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

alwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.29.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Stefan :: STEFAN-GAMINPC [administrator]

5/29/2013 6:40:01 PM

mbam-log-2013-05-29 (18-40-01).txt

Scan type: Full scan (C:\|D:\|Q:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 726953

Time elapsed: 1 hour(s), 35 minute(s), 35 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

As for how my pc is running. Seems the same as before. Still having the same issues, though those may not have had anything to do with malware.

Also, after i revealed the hidden files at the start of this i've been seeing alot of random "Album art" on my desktop and in downloads....

Link to post
Share on other sites

What do you mean "random album art"?

and in "downloads" ??

Have you been downloading anything besides the tools I had you get?

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Shaku only. If you are a casual viewer, do NOT try this on your system!

If you are not Shaku and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log

and tell me, How is the system now icon_question.gif

Re-enable your antivirus program.

Link to post
Share on other sites

What I meant was, as soon as you had me reveal hidden files on my computer, random album art files appeared on my desktop and in my downloads folder. The title of the file being "album art" with some seemingly random numbers and letters after. The files have pictures of actual albums or bands like "ace of base" which I certainly did not download onto my computer. They're also faded, so they were clearly amung the hidden files.

I'll be sure to follow the next step as soon as I get off work. Thanks for all the help so far.

Link to post
Share on other sites

ComboFix 13-05-30.02 - Stefan 05/30/2013 7:03.3.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6142.4480 [GMT -4:00]

Running from: c:\users\Stefan\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-30 )))))))))))))))))))))))))))))))

.

.

2013-05-30 11:12 . 2013-05-30 11:12 -------- d-----w- c:\users\hedev\AppData\Local\temp

2013-05-30 11:12 . 2013-05-30 11:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-29 22:27 . 2013-05-29 22:27 -------- d-----w- c:\windows\ERUNT

2013-05-29 22:27 . 2013-05-29 22:27 -------- d-----w- C:\JRT

2013-05-29 19:35 . 2013-05-29 19:35 -------- d-----w- c:\program files (x86)\ERUNT

2013-05-29 09:07 . 2013-05-14 05:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A28A4661-5763-4461-892C-E4E6247754F2}\mpengine.dll

2013-05-28 05:41 . 2013-05-28 05:43 -------- d-----w- c:\users\Stefan\AppData\Roaming\Auslogics

2013-05-28 05:41 . 2013-05-28 05:41 -------- d-----w- c:\program files (x86)\Auslogics

2013-05-28 05:32 . 2013-05-28 05:39 -------- d-----w- c:\programdata\iolo

2013-05-28 05:32 . 2013-05-28 05:32 74703 ----a-w- c:\windows\SysWow64\mfc45.dat

2013-05-28 04:54 . 2013-05-28 04:55 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2013-05-28 04:04 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll

2013-05-28 04:04 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-05-28 04:04 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-05-28 04:02 . 2013-05-28 04:02 -------- d-----w- c:\program files\Microsoft Silverlight

2013-05-28 04:02 . 2013-05-28 04:02 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2013-05-28 03:46 . 2013-05-28 03:46 12872 ----a-w- c:\windows\system32\bootdelete.exe

2013-05-28 03:26 . 2013-05-28 03:26 -------- d-----w- c:\program files\HitmanPro

2013-05-28 03:25 . 2013-05-28 03:35 -------- d-----w- c:\programdata\HitmanPro

2013-05-28 00:34 . 2013-05-28 00:34 -------- d-----w- c:\program files\Ventrilo

2013-05-27 16:45 . 2013-05-27 16:45 -------- d-----w- c:\users\Stefan\AppData\Roaming\ParetoLogic

2013-05-27 16:45 . 2013-05-27 16:45 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic

2013-05-27 16:45 . 2013-05-27 16:45 -------- d-----w- c:\programdata\ParetoLogic

2013-05-27 16:45 . 2013-05-27 16:45 -------- d-----w- c:\program files (x86)\ParetoLogic

2013-05-27 16:36 . 2013-05-27 16:36 -------- d-----w- C:\TDSSKiller_Quarantine

2013-05-23 01:37 . 2013-01-14 18:55 64856 ----a-w- c:\windows\system32\klfphc.dll

2013-05-23 01:36 . 2013-05-23 01:36 -------- d-----w- c:\windows\ELAMBKUP

2013-05-23 01:36 . 2013-05-30 10:32 -------- d-----w- c:\programdata\Kaspersky Lab

2013-05-23 01:36 . 2013-05-23 01:36 -------- d-----w- c:\program files (x86)\Kaspersky Lab

2013-05-23 01:36 . 2013-05-23 01:55 620128 ----a-w- c:\windows\system32\drivers\klif.sys

2013-05-23 01:36 . 2013-05-23 01:55 90208 ----a-w- c:\windows\system32\drivers\klflt.sys

2013-05-22 18:05 . 2013-05-22 18:05 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2013-05-21 12:14 . 2013-05-21 12:14 49152 ----a-r- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{C109AF5B-69D0-4C93-B360-F28D9FAB6084}\NewShortcut1_C109AF5B69D04C93B360F28D9FAB6084.exe

2013-05-21 12:11 . 2013-05-21 12:11 49152 ----a-r- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{502499DC-2EDB-45A2-8F7C-83E6E5DE067E}\NewShortcut1_502499DC2EDB45A28F7C83E6E5DE067E.exe

2013-05-21 12:10 . 2013-05-21 12:11 -------- d-----w- C:\illusion

2013-05-11 23:38 . 2013-05-11 23:37 311200 ----a-w- c:\windows\system32\javaws.exe

2013-05-11 23:38 . 2013-05-11 23:37 1092512 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-05-11 23:38 . 2013-05-11 23:38 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-05-11 23:38 . 2013-05-11 23:37 188832 ----a-w- c:\windows\system32\javaw.exe

2013-05-11 23:38 . 2013-05-11 23:37 188320 ----a-w- c:\windows\system32\java.exe

2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-05-03 23:52 . 2013-05-03 23:52 -------- d-----w- C:\gravity

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-23 01:55 . 2013-01-14 18:55 55056 ----a-w- c:\windows\system32\drivers\kltdi.sys

2013-05-23 01:55 . 2012-08-13 20:49 178448 ----a-w- c:\windows\system32\drivers\kneps.sys

2013-05-21 21:27 . 2012-03-30 16:31 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-21 21:27 . 2011-05-19 17:47 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-11 23:37 . 2011-09-17 02:37 971680 ----a-w- c:\windows\system32\deployJava1.dll

2013-05-09 10:17 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-03 20:15 . 2010-05-24 21:32 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-02 06:06 . 2010-05-24 21:23 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-13 05:49 . 2013-05-28 04:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-28 04:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-28 04:00 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-28 04:00 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-28 04:00 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-28 04:00 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-04 18:50 . 2011-11-09 11:53 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-01-14 356376]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2013-3-13 3458968]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-07 31272]

R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2011-06-20 12824]

R3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [2011-06-20 15768]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2013-02-25 2426672]

R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2013-01-05 50800]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1255736]

R3 X6va005;X6va005;c:\users\Stefan\AppData\Local\Temp\0052CA5.tmp [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-22 21544]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]

S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-05-23 55056]

S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2013-05-23 178448]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-05-25 57976]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-05-15 2467664]

S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]

S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2013-01-14 29016]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-01-14 29528]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3652652649-1025549001-1711070373-1000Core.job

- c:\users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 20:32]

.

2013-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3652652649-1025549001-1711070373-1000UA.job

- c:\users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 20:32]

.

2013-05-29 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2013-05-30 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job

- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-05-07 22:47]

.

2013-05-28 c:\windows\Tasks\ParetoLogic Update Version3.job

- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-05-07 22:47]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]

"Linksys Wireless Manager"="c:\program files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;<local>

IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

TCP: Interfaces\{4944E631-A946-47F0-9BB6-97F1867BBA78}: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F079B80C-782F-407C-91DC-B8FAD14490DC}: NameServer = 192.168.1.1

DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://tera.hangame.com/common/activex/HanSetup1040.cab

FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\1kc28apw.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=

FF - ExtSQL: 2013-05-22 21:55; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com

FF - ExtSQL: 2013-05-22 21:55; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com

FF - ExtSQL: 2013-05-22 21:55; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

FF - ExtSQL: 2013-05-22 21:55; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com

FF - ExtSQL: 2013-05-22 21:55; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com

FF - ExtSQL: !HIDDEN! 2011-03-10 16:46; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]

"ImagePath"="\??\c:\users\Stefan\AppData\Local\Temp\0052CA5.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-3652652649-1025549001-1711070373-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3652652649-1025549001-1711070373-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-3652652649-1025549001-1711070373-1000\Software\SecuROM\License information*]

"datasecu"=hex:fa,f1,62,c8,ea,cc,2a,4b,5f,a0,8c,cf,a7,53,22,4f,4d,01,37,de,8c,

0f,58,ee,c9,57,03,1b,42,dd,ba,8c,0c,f5,e7,db,19,ab,cf,17,fd,d9,c3,b1,37,d4,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-05-30 07:14:06

ComboFix-quarantined-files.txt 2013-05-30 11:14

ComboFix2.txt 2013-05-29 01:01

.

Pre-Run: 284,872,790,016 bytes free

Post-Run: 284,794,019,840 bytes free

.

- - End Of File - - A1A1469163DA7C8920CA0B5FF15E03EE

Link to post
Share on other sites

Next

Please download Windows Repair (all in one) from here.

  • Install the program.
  • Please proceed to run it. On Vista, Windows 7 or 8, Right-click the executable and select Run as Administrator.
  • Please go to Step 3 and allow it to run the System File Check by clicking on the Do It button:
    p22001646.gif
  • Go to Step 4 and under System Restore click on the Create button:
    p22001644.gif
  • Next, go to the Start Repairs tab and click the Start button.
    p22001166.gif
  • Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
    p22001647.gif
  • Click on the box next to the Restart System when Finished. Then click on Start.

Task 2

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Please close any of your open windows/programs and exit; saving any open work you have.

Go slow and careful. This is a Custom scan. Have infinite patience while it runs.

Temporarily turn OFF your antivirus program so that it does not interfere. Leave the firewall on

For a how-to-reference, see this How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %ALLUSERSPROFILE%\Application Data\*.dll /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    c:|crossride;true;true;true; /FP
    c:|conduit;true;true;true; /FP
    c:|Fun4IM;true;true;true; /FP
    c:|Bandoo;true;true;true; /FP
    c:|Searchn;true;true;true; /FP
    c:|Searchq;true;true;true; /FP
    c:|datamngr;true;true;true; /FP
    c:|iLivid;true;true;true; /FP
    c:|whitesmoke;true;true;true; /FP
    c:|services.ex;true;true;true; /FP
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %systemroot%\*. /mp /s
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • :excl: Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long. Have inifinite patience. OTL may appear to stall but it will finish.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please Attach the OTL log(s) .

Link to post
Share on other sites

OTL.TXT PART 1 (Couldn't fit the whole thing in one reply.)

OTL logfile created on: 5/30/2013 4:59:48 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stefan\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.43 Gb Available Physical Memory | 73.88% Memory free

14.99 Gb Paging File | 13.35 Gb Available in Paging File | 89.02% Paging File free

Paging file location(s): c:\pagefile.sys 9213 9213 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 265.80 Gb Free Space | 28.54% Space Free | Partition Type: NTFS

Computer Name: STEFAN-GAMINPC | User Name: Stefan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/30 16:56:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe

PRC - [2013/05/15 12:08:46 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/03/13 08:48:02 | 000,526,248 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe

PRC - [2013/03/13 08:48:00 | 003,458,968 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe

PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2013/01/14 14:55:16 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

PRC - [2012/12/06 19:09:34 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2010/01/18 22:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe

PRC - [2009/11/20 07:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2009/10/15 18:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

PRC - [2009/10/15 18:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009/06/27 14:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll

========== Services (SafeList) ==========

SRV:64bit: - [2010/04/06 20:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013/05/16 19:24:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/05/15 12:08:44 | 002,467,664 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/05/03 19:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2013/01/14 14:55:16 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)

SRV - [2012/12/06 19:09:34 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/18 22:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)

SRV - [2009/10/15 18:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/22 21:55:46 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)

DRV:64bit: - [2013/05/22 21:55:46 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)

DRV:64bit: - [2013/05/22 21:55:46 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)

DRV:64bit: - [2013/02/25 10:12:04 | 002,426,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)

DRV:64bit: - [2013/01/14 14:55:12 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)

DRV:64bit: - [2013/01/14 14:55:12 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)

DRV:64bit: - [2013/01/05 12:22:08 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/12/09 05:51:20 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)

DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)

DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)

DRV:64bit: - [2012/05/25 13:14:24 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/08/19 00:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)

DRV:64bit: - [2011/06/20 14:18:50 | 000,015,768 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\JRSUKD25.SYS -- (JRSUKD25)

DRV:64bit: - [2011/06/20 14:18:50 | 000,012,824 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\JRSKD24.SYS -- (JRSKD24)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/04/22 19:08:14 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)

DRV:64bit: - [2010/03/04 09:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/01/27 04:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2009/11/20 07:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2009/11/20 07:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/04/08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2008/12/12 19:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)

DRV:64bit: - [2008/12/12 19:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2004/12/30 08:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{050F6D2A-CD2C-4CCF-A95E-9A59CEE646C0}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{52A54A6E-3E27-4A22-A928-6755ADA9CFFC}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{47978916-9F89-4d86-A1C0-F29822316891}: "URL" = http://www.google.co...88%3A4067623346

IE - HKCU\..\SearchScopes\{A2D11E13-5104-400e-855C-4163C6E021E8}: "URL" = http://www.bing.com/...=SPLBR2&pc=SPLH

IE - HKCU\..\SearchScopes\{CCE0110A-0A66-45e1-9728-A25EAF647B2D}: "URL" = http://search.yahoo....cevm&type=STDVM

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.8.307

FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4307

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

FF - prefs.js..extensions.enabledItems: optout@dubfire.net:4.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/10 17:46:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013/05/22 21:55:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013/05/22 21:55:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013/05/22 21:55:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013/05/22 21:55:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013/05/22 21:55:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/16 19:24:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/27 13:22:19 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/10 17:46:26 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/16 19:24:18 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/27 13:22:19 | 000,000,000 | ---D | M]

[2011/02/15 00:58:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\Mozilla\Extensions

[2013/03/26 16:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\1kc28apw.default\extensions

[2013/03/26 16:36:55 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\1kc28apw.default\extensions\donottrackplus@abine.com

[2012/08/31 18:12:48 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\1kc28apw.default\extensions\optout@dubfire.net

[2013/03/06 20:06:18 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\1kc28apw.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js

[2013/05/16 19:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2013/05/16 19:24:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2013/05/22 21:55:47 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM

========== Chrome ==========

CHR - default_search_provider: Blekko (Enabled)

CHR - default_search_provider: search_url = http://blekko.com/ws...q={searchTerms}

CHR - default_search_provider: suggest_url =

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll

CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Kaspersky URL Advisor = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\

CHR - Extension: Safe Money = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\

CHR - Extension: Content Blocker = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\

CHR - Extension: Virtual Keyboard = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\

CHR - Extension: Gmail = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

CHR - Extension: Anti-Banner = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2013/05/28 20:59:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)

O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

O3 - HKLM\..\Toolbar: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [bCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()

O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O9 - Extra Button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files (x86)\ATLAS V14\atlscript.html ()

O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16:64bit: - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} Reg Error: Key error. (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} http://tera.hangame....anSetup1040.cab (HanSetupCtrl1010 Class)

O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01A80F9A-3591-479F-926E-078D948B6B9A}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4944E631-A946-47F0-9BB6-97F1867BBA78}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F079B80C-782F-407C-91DC-B8FAD14490DC}: NameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: hitmanpro37 - Reg Error: Value error.

SafeBootMin:64bit: hitmanpro37.sys - Reg Error: Value error.

SafeBootMin:64bit: HitmanPro37Crusader - Reg Error: Value error.

SafeBootMin:64bit: HitmanPro37CrusaderBoot - Reg Error: Value error.

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: hitmanpro37 - Reg Error: Value error.

SafeBootMin: hitmanpro37.sys - Reg Error: Value error.

SafeBootMin: HitmanPro37Crusader - Reg Error: Value error.

SafeBootMin: HitmanPro37CrusaderBoot - Reg Error: Value error.

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: hitmanpro37 - Reg Error: Value error.

SafeBootNet:64bit: hitmanpro37.sys - Reg Error: Value error.

SafeBootNet:64bit: HitmanPro37Crusader - Reg Error: Value error.

SafeBootNet:64bit: HitmanPro37CrusaderBoot - Reg Error: Value error.

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SafeBootNet: HelpSvc - Service

SafeBootNet: hitmanpro37 - Reg Error: Value error.

SafeBootNet: hitmanpro37.sys - Reg Error: Value error.

SafeBootNet: HitmanPro37Crusader - Reg Error: Value error.

SafeBootNet: HitmanPro37CrusaderBoot - Reg Error: Value error.

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()

Drivers32:64bit: msacm.bdmpeg - bdmpega64.acm ()

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)

Drivers32:64bit: vidc.mjpg - bdmjpeg64.dll ()

Drivers32:64bit: vidc.mpeg - bdmpegv64.dll ()

Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()

Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FFDS - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()

Drivers32: VIDC.FPS1 - frapsvid.dll File not found

Drivers32: vidc.mjpg - C:\Windows\SysWow64\bdmjpeg.dll ()

Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()

Drivers32: VIDC.RTV1 - C:\Windows\SysWow64\rtvcvfw32.dll ()

Link to post
Share on other sites

OTL.TXT PART 2

========== Files/Folders - Created Within 30 Days ==========

[2013/05/30 16:55:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe

[2013/05/30 16:50:16 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2013/05/30 16:50:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2

[2013/05/30 16:26:09 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE

[2013/05/30 16:12:04 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com

[2013/05/30 16:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com

[2013/05/30 07:16:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/05/30 07:14:08 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/05/30 06:57:37 | 005,074,935 | R--- | C] (Swearware) -- C:\Users\Stefan\Desktop\ComboFix.exe

[2013/05/29 18:27:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/05/29 18:27:21 | 000,000,000 | ---D | C] -- C:\JRT

[2013/05/29 18:25:38 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Stefan\Desktop\JRT.exe

[2013/05/29 18:14:34 | 001,796,736 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Stefan\Desktop\rkill.com

[2013/05/29 17:22:50 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\TFC.exe

[2013/05/29 16:02:34 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\RK_Quarantine

[2013/05/29 15:54:41 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Stefan\Desktop\tdsskiller.exe

[2013/05/29 15:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2013/05/29 15:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2013/05/29 15:34:39 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Stefan\Desktop\erunt-setup.exe

[2013/05/28 21:34:01 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Stefan\Desktop\dds.com

[2013/05/28 20:51:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/05/28 20:51:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/05/28 20:51:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/05/28 20:48:21 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/05/28 01:41:48 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Auslogics

[2013/05/28 01:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2013/05/28 01:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics

[2013/05/28 01:41:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics

[2013/05/28 01:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo

[2013/05/28 01:22:45 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\New folder

[2013/05/28 00:54:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2013/05/28 00:54:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2013/05/28 00:03:54 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2013/05/28 00:03:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/05/28 00:03:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/05/28 00:03:52 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/05/28 00:03:52 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2013/05/28 00:03:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013/05/28 00:03:52 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/05/28 00:03:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/05/28 00:03:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2013/05/28 00:03:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/05/28 00:03:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2013/05/28 00:03:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/05/28 00:03:51 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/05/28 00:03:51 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/05/28 00:03:51 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2013/05/28 00:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2013/05/28 00:02:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2013/05/28 00:02:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2013/05/28 00:00:41 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll

[2013/05/28 00:00:41 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll

[2013/05/28 00:00:41 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll

[2013/05/28 00:00:41 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe

[2013/05/28 00:00:35 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys

[2013/05/28 00:00:35 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll

[2013/05/28 00:00:31 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013/05/28 00:00:31 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013/05/28 00:00:31 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013/05/28 00:00:30 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe

[2013/05/28 00:00:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2013/05/28 00:00:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll

[2013/05/28 00:00:20 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll

[2013/05/28 00:00:19 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys

[2013/05/27 23:46:03 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe

[2013/05/27 23:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

[2013/05/27 23:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro

[2013/05/27 23:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2013/05/27 20:48:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/05/27 20:34:20 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo

[2013/05/27 20:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo

[2013/05/27 12:45:10 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\ParetoLogic

[2013/05/27 12:45:08 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic

[2013/05/27 12:45:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic

[2013/05/27 12:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic

[2013/05/27 12:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic

[2013/05/27 12:36:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2013/05/26 21:51:57 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\th13.5

[2013/05/22 21:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013

[2013/05/22 21:37:57 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll

[2013/05/22 21:36:35 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP

[2013/05/22 21:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2013/05/22 21:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab

[2013/05/22 21:36:26 | 000,620,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys

[2013/05/22 21:36:26 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys

[2013/05/22 14:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

[2013/05/22 14:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi

[2013/05/21 08:10:50 | 000,000,000 | ---D | C] -- C:\illusion

[2013/05/16 19:23:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013/05/11 19:38:14 | 001,092,512 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll

[2013/05/11 19:38:14 | 000,311,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013/05/11 19:38:09 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013/05/11 19:38:09 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013/05/11 19:38:09 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2013/05/03 19:52:54 | 000,000,000 | ---D | C] -- C:\gravity

[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/30 16:57:09 | 000,794,556 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/05/30 16:57:09 | 000,670,096 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/05/30 16:57:09 | 000,125,920 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/05/30 16:56:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe

[2013/05/30 16:55:16 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/05/30 16:55:16 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/05/30 16:52:06 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job

[2013/05/30 16:50:07 | 000,375,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/05/30 16:50:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/05/30 16:49:55 | 535,633,919 | -HS- | M] () -- C:\hiberfil.sys

[2013/05/30 16:48:25 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE

[2013/05/30 16:46:23 | 000,794,556 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/05/30 16:44:07 | 000,000,442 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics

[2013/05/30 16:13:03 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3652652649-1025549001-1711070373-1000UA.job

[2013/05/30 16:13:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3652652649-1025549001-1711070373-1000Core.job

[2013/05/30 16:12:07 | 000,002,163 | ---- | M] () -- C:\Users\Stefan\Desktop\Tweaking.com - Windows Repair (All in One).lnk

[2013/05/30 16:11:28 | 005,555,190 | ---- | M] () -- C:\Users\Stefan\Desktop\tweaking.com_windows_repair_aio_setup.exe

[2013/05/30 16:09:14 | 000,057,475 | ---- | M] () -- C:\Users\Stefan\Desktop\windows_repair_all_in_one.html

[2013/05/30 06:57:42 | 005,074,935 | R--- | M] (Swearware) -- C:\Users\Stefan\Desktop\ComboFix.exe

[2013/05/29 18:25:42 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Stefan\Desktop\JRT.exe

[2013/05/29 18:14:44 | 001,796,736 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Stefan\Desktop\rkill.com

[2013/05/29 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job

[2013/05/29 17:22:51 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\TFC.exe

[2013/05/29 16:00:15 | 000,816,128 | ---- | M] () -- C:\Users\Stefan\Desktop\RogueKiller.exe

[2013/05/29 15:55:30 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Stefan\Desktop\tdsskiller.exe

[2013/05/29 15:50:40 | 000,632,031 | ---- | M] () -- C:\Users\Stefan\Desktop\adwcleaner.exe

[2013/05/29 15:35:39 | 000,000,928 | ---- | M] () -- C:\Users\Stefan\Desktop\NTREGOPT.lnk

[2013/05/29 15:35:39 | 000,000,909 | ---- | M] () -- C:\Users\Stefan\Desktop\ERUNT.lnk

[2013/05/29 15:34:42 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Stefan\Desktop\erunt-setup.exe

[2013/05/28 21:34:04 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Stefan\Desktop\dds.com

[2013/05/28 20:59:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/05/28 04:27:04 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job

[2013/05/28 01:41:45 | 000,001,267 | ---- | M] () -- C:\Users\Stefan\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk

[2013/05/28 01:32:49 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dat

[2013/05/28 00:54:43 | 000,001,286 | ---- | M] () -- C:\Users\Stefan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2013/05/27 23:46:03 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe

[2013/05/27 23:34:28 | 000,003,088 | ---- | M] () -- C:\Windows\SysNative\.crusader

[2013/05/27 20:34:20 | 000,000,917 | ---- | M] () -- C:\Users\Stefan\Desktop\Ventrilo.lnk

[2013/05/27 20:34:20 | 000,000,262 | ---- | M] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2013/05/26 21:15:20 | 000,002,379 | ---- | M] () -- C:\Users\Stefan\Desktop\Google Chrome.lnk

[2013/05/22 22:00:43 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2013/05/22 21:55:46 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys

[2013/05/22 21:55:46 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys

[2013/05/22 21:55:46 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys

[2013/05/22 21:55:45 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys

[2013/05/22 21:31:37 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013/05/21 17:27:44 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/05/21 17:27:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/05/16 20:04:19 | 000,002,048 | ---- | M] () -- C:\Users\Stefan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2013/05/11 19:38:00 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2013/05/11 19:37:57 | 000,311,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013/05/11 19:37:57 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013/05/11 19:37:57 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013/05/11 19:37:56 | 001,092,512 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll

[2013/05/11 19:37:56 | 000,971,680 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll

[2013/05/11 06:55:23 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013/05/08 14:43:57 | 000,001,244 | ---- | M] () -- C:\Users\Stefan\Desktop\Neverwinter.lnk

[2013/05/04 22:18:01 | 000,002,150 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk

[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/30 16:12:07 | 000,002,163 | ---- | C] () -- C:\Users\Stefan\Desktop\Tweaking.com - Windows Repair (All in One).lnk

[2013/05/30 16:11:25 | 005,555,190 | ---- | C] () -- C:\Users\Stefan\Desktop\tweaking.com_windows_repair_aio_setup.exe

[2013/05/30 16:09:12 | 000,057,475 | ---- | C] () -- C:\Users\Stefan\Desktop\windows_repair_all_in_one.html

[2013/05/29 16:00:10 | 000,816,128 | ---- | C] () -- C:\Users\Stefan\Desktop\RogueKiller.exe

[2013/05/29 15:50:36 | 000,632,031 | ---- | C] () -- C:\Users\Stefan\Desktop\adwcleaner.exe

[2013/05/29 15:35:39 | 000,000,928 | ---- | C] () -- C:\Users\Stefan\Desktop\NTREGOPT.lnk

[2013/05/29 15:35:39 | 000,000,909 | ---- | C] () -- C:\Users\Stefan\Desktop\ERUNT.lnk

[2013/05/28 20:51:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/05/28 20:51:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/05/28 20:51:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/05/28 20:51:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/05/28 20:51:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/05/28 01:41:45 | 000,001,267 | ---- | C] () -- C:\Users\Stefan\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk

[2013/05/28 01:32:49 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat

[2013/05/28 00:54:43 | 000,001,286 | ---- | C] () -- C:\Users\Stefan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2013/05/27 23:34:28 | 000,003,088 | ---- | C] () -- C:\Windows\SysNative\.crusader

[2013/05/27 20:34:20 | 000,000,917 | ---- | C] () -- C:\Users\Stefan\Desktop\Ventrilo.lnk

[2013/05/27 20:34:17 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2013/05/27 12:45:16 | 000,000,470 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job

[2013/05/27 12:45:07 | 000,000,496 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job

[2013/05/27 12:45:06 | 000,000,444 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job

[2013/05/08 14:43:57 | 000,001,244 | ---- | C] () -- C:\Users\Stefan\Desktop\Neverwinter.lnk

[2013/02/22 17:57:16 | 000,000,022 | ---- | C] () -- C:\Windows\GPU-Z.INI

[2013/02/21 11:31:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012/08/08 20:14:08 | 000,000,094 | ---- | C] () -- C:\Users\Stefan\AppData\Local\fusioncache.dat

[2012/04/19 16:44:49 | 000,000,432 | ---- | C] () -- C:\Users\Stefan\openvpn-connect.json

[2011/12/15 16:07:47 | 000,202,333 | ---- | C] () -- C:\Windows\hpoins18.dat

[2011/12/15 16:07:47 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat

[2011/10/27 00:32:46 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2011/10/26 01:02:48 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011/10/26 01:02:47 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011/09/19 09:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll

[2011/06/15 17:01:52 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

[2011/06/14 20:10:21 | 000,007,597 | ---- | C] () -- C:\Users\Stefan\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %ALLUSERSPROFILE%\Application Data\*.dll /s >

< %APPDATA%\*. >

[2013/05/27 12:55:02 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\.minecraft

[2012/11/21 08:14:02 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Abine

[2011/04/27 11:51:07 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Adobe

[2013/01/31 19:20:24 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ALCOT

[2012/01/10 21:28:20 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\AnnkakeSpa

[2011/02/20 00:47:05 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Apple Computer

[2013/05/28 01:43:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Auslogics

[2012/02/09 21:37:02 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\BigHugeEngine

[2011/06/20 14:18:46 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ClientKeeper

[2013/04/17 15:10:30 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Darkfall

[2012/09/23 17:35:50 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DigitalCute

[2011/06/12 21:42:35 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Downloaded Installations

[2012/02/10 16:08:33 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\EnMasse

[2011/07/12 17:18:49 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\fltk.org

[2009/01/01 19:17:20 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Fujitsu

[2012/08/11 01:27:09 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\GetRightToGo

[2011/05/17 01:30:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Hamachi

[2013/05/27 14:30:00 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\HandBrake

[2011/03/01 22:51:38 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Hi-Rez Studios

[2011/05/31 18:24:34 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\HP

[2013/05/27 19:26:04 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\HpUpdate

[2011/02/14 15:18:27 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Identities

[2011/12/06 19:23:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\InstallShield

[2011/03/05 14:42:04 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\LolClient

[2012/05/31 19:19:56 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\LolClient2

[2013/01/08 22:27:03 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\LPECommon

[2011/02/15 02:06:06 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Macromedia

[2011/11/09 07:53:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes

[2009/07/14 03:44:38 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Media Center Programs

[2013/05/11 06:58:11 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Media Player Classic

[2011/12/06 19:24:16 | 000,000,000 | --SD | M] -- C:\Users\Stefan\AppData\Roaming\Microsoft

[2011/06/12 20:32:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\MotioninJoy

[2012/08/08 20:59:00 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Mozilla

[2012/12/22 19:32:03 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\NeopleLauncherDFO

[2012/07/29 23:36:36 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Nitroplus

[2011/11/03 16:56:18 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\NVIDIA

[2011/12/19 21:05:33 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ONScripter-EN

[2011/04/10 20:37:17 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ooVoo Details

[2011/09/26 11:48:35 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\OpenOffice.org

[2013/03/17 16:21:29 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Origin

[2013/05/27 12:45:10 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ParetoLogic

[2013/05/27 12:55:03 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PDF Software

[2012/01/30 15:11:23 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PFStaticIP

[2013/01/08 22:17:13 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PowerISO

[2012/01/04 23:24:20 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\RenPy

[2012/05/24 19:16:36 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\RIFT

[2012/02/22 22:55:56 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\RotMG.Production

[2011/05/15 00:57:00 | 000,000,000 | RH-D | M] -- C:\Users\Stefan\AppData\Roaming\SecuROM

[2012/06/19 18:50:29 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SEGA

[2012/10/09 18:36:33 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\six-updater

[2012/07/05 04:04:47 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\six-zsync

[2013/05/29 22:49:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Skype

[2011/04/29 03:02:26 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SoftGrid Client

[2012/07/29 23:37:13 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Software Defender

[2013/03/26 22:04:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Sony Corporation

[2013/04/02 15:27:33 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SplitMediaLabs

[2011/02/22 00:35:41 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SystemRequirementsLab

[2011/05/30 03:07:45 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\The Creative Assembly

[2011/03/01 14:02:18 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TP

[2012/12/06 23:45:47 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TuneUp Software

[2013/05/28 00:38:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Ventrilo

[2011/04/03 15:35:46 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Windows Live Writer

[2011/02/18 02:30:52 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >

[2011/11/01 08:08:38 | 003,597,824 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\ALCOT\osana.exe

[2013/01/31 19:16:39 | 000,730,910 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\ALCOT\unins000.exe

[2013/05/21 08:01:42 | 000,029,926 | R--- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_18be6784.exe

[2013/05/21 08:01:42 | 000,029,422 | R--- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_294823.exe

[2013/05/21 08:11:18 | 000,007,782 | R--- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Installer\{502499DC-2EDB-45A2-8F7C-83E6E5DE067E}\ARPPRODUCTICON.exe

[2013/05/21 08:11:18 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Stefan\AppData\Roaming\Microsoft\Installer\{502499DC-2EDB-45A2-8F7C-83E6E5DE067E}\NewShortcut1_502499DC2EDB45A28F7C83E6E5DE067E.exe

[2013/05/21 08:14:37 | 000,007,782 | R--- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Installer\{C109AF5B-69D0-4C93-B360-F28D9FAB6084}\ARPPRODUCTICON.exe

[2013/05/21 08:14:37 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Stefan\AppData\Roaming\Microsoft\Installer\{C109AF5B-69D0-4C93-B360-F28D9FAB6084}\NewShortcut1_C109AF5B69D04C93B360F28D9FAB6084.exe

[2012/02/20 03:50:20 | 000,148,992 | ---- | M] (SplitmediaLabs Limited) -- C:\Users\Stefan\AppData\Roaming\SplitMediaLabs\XSplit\install\6990E7D\VHMultiWriterExt.exe

[2013/03/01 02:50:39 | 000,310,600 | ---- | M] (SplitmediaLabs Limited) -- C:\Users\Stefan\AppData\Roaming\SplitMediaLabs\XSplit\install\6990E7D\VHMultiWriterExt2.exe

[2012/04/30 03:55:49 | 001,788,928 | ---- | M] (SplitMediaLabs Limited) -- C:\Users\Stefan\AppData\Roaming\SplitMediaLabs\XSplit\install\6990E7D\VHScrCapDlg32.exe

[2013/03/01 02:50:39 | 000,028,488 | ---- | M] (SplitMediaLabs) -- C:\Users\Stefan\AppData\Roaming\SplitMediaLabs\XSplit\install\6990E7D\XDS.exe

[2013/03/01 02:50:39 | 002,627,912 | ---- | M] (SplitMediaLabs) -- C:\Users\Stefan\AppData\Roaming\SplitMediaLabs\XSplit\install\6990E7D\XSplit.Core.exe

[2013/03/01 02:50:39 | 000,111,944 | ---- | M] (SplitmediaLabs Limited) -- C:\Users\Stefan\AppData\Roaming\SplitMediaLabs\XSplit\install\6990E7D\XSplitBroadcasterSrc.exe

[2013/03/01 02:50:39 | 000,036,168 | ---- | M] (SplitMediaLabs) -- C:\Users\Stefan\AppData\Roaming\SplitMediaLabs\XSplit\install\6990E7D\XSplitRegSrc.exe

[2013/03/01 02:50:39 | 000,053,576 | ---- | M] (SplitMediaLabs) -- C:\Users\Stefan\AppData\Roaming\SplitMediaLabs\XSplit\install\6990E7D\XSplit_Plugin_Installer.exe

[2013/03/01 03:08:14 | 000,212,992 | ---- | M] (Caphyon LTD) -- C:\Users\Stefan\AppData\Roaming\SplitMediaLabs\XSplit\install\6990E7D\xsplit_updater.exe

[2013/03/01 02:50:39 | 000,039,752 | ---- | M] (SplitMediaLabs) -- C:\Users\Stefan\AppData\Roaming\SplitMediaLabs\XSplit\install\6990E7D\x64\XGS64.exe

< %SYSTEMDRIVE%\*.exe >

< c:|crossride;true;true;true; /FP >

< c:|conduit;true;true;true; /FP >

< c:|Fun4IM;true;true;true; /FP >

< c:|Bandoo;true;true;true; /FP >

< c:|Searchn;true;true;true; /FP >

< c:|Searchq;true;true;true; /FP >

< c:|datamngr;true;true;true; /FP >

< c:|iLivid;true;true;true; /FP >

< c:|whitesmoke;true;true;true; /FP >

< c:|services.ex;true;true;true; /FP >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %systemroot%\*. /mp /s >

========== Files - Unicode (All) ==========

[2013/05/26 21:53:37 | 000,000,801 | ---- | M] ()(C:\Users\Stefan\Desktop\?????.lnk) -- C:\Users\Stefan\Desktop\東方心綺楼.lnk

[2013/05/26 21:53:37 | 000,000,801 | ---- | C] ()(C:\Users\Stefan\Desktop\?????.lnk) -- C:\Users\Stefan\Desktop\東方心綺楼.lnk

[2013/05/26 21:52:44 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\黄昏フロンティ

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >

Link to post
Share on other sites

Extras.txt

OTL Extras logfile created on: 5/30/2013 4:59:48 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stefan\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.43 Gb Available Physical Memory | 73.88% Memory free

14.99 Gb Paging File | 13.35 Gb Available in Paging File | 89.02% Paging File free

Paging file location(s): c:\pagefile.sys 9213 9213 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 265.80 Gb Free Space | 28.54% Space Free | Partition Type: NTFS

Computer Name: STEFAN-GAMINPC | User Name: Stefan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{31D6FFB2-15D4-4F6B-A1B3-EF4E6E1720E2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{369FFD65-4E1D-4BD7-AD2E-399B1FFD22C8}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{3D0CA5B2-4592-4F86-BB66-48B3FBCE529C}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{7C01693A-B2DD-4E06-8D32-67CA6F987DD5}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{88A63E45-50FB-4D78-9B73-6AABC34D5533}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{8C4C8858-A0F1-45F9-9F9F-9ADB95CD471E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{9F7B0923-B154-4720-8D1E-28F87FEC800A}" = rport=2869 | protocol=6 | dir=out | app=system |

"{B065964F-641F-44E6-95FA-98B4301514BF}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03441276-9400-48ED-A55D-BB653D69A16F}" = protocol=6 | dir=in | app=c:\users\stefan\desktop\other games\touhou\soku\th123e.exe |

"{039891E1-851E-4D2F-89C8-687C09258F77}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys origin\config.exe |

"{06409495-E9B3-452B-83B5-EF9D72893911}" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |

"{0D6E5BFE-CD8B-4A91-A432-EC876B7C1067}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ageofconan_us\conanpatcher.exe |

"{0F280B56-30E8-4E5F-B7B7-59927733A4F8}" = protocol=17 | dir=out | app=c:\program files (x86)\tera\tera-launcher.exe |

"{10837E2B-8D28-4EE1-A57D-1B7B0F42853B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anna\anna.exe |

"{1374A09C-2496-49A7-9078-2CE5796F0384}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |

"{13FC847A-08F7-4B9B-AB50-13EE2C137C8A}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivboot.exe |

"{1845C03F-9302-41D6-8B1B-9651E054822B}" = protocol=17 | dir=out | app=c:\program files (x86)\tera\client\tl.exe |

"{19587096-3E94-4961-A5DA-A6F651693CAE}" = protocol=17 | dir=in | app=c:\program files (x86)\tera\client\tl.exe |

"{1BEEF86A-81A9-48AC-99A3-9D2D7780AD57}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{1C715F2E-CB6B-48C4-A928-2E552B0DDF90}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{1DE7E8F7-D630-4A27-A75B-398172C3F783}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivlauncher.exe |

"{20F5DC01-89D1-462F-985C-4DD16C939827}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |

"{25E58B02-B134-4A2B-BA40-8EEED14A6896}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |

"{2907C064-649B-4578-BAA9-289A2F68384D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |

"{2B48FE47-EE4A-4548-A889-4C77F1D6743E}" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |

"{2DC38B3B-CCCF-49AA-9487-E991131FEE80}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ragnarok online 2\wplauncher.exe |

"{2DE997A7-0061-41BD-A2EF-A4899651DB6F}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{2E304567-592C-4C53-B800-E097D7561E14}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{30579430-5F1C-4E52-9CD7-5F736641FD24}" = protocol=6 | dir=out | app=c:\program files (x86)\tera\tera-launcher.exe |

"{30F156B6-9C5C-45A7-8A16-52B0C74889B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |

"{311D8BA7-3B14-46CF-8CD2-C09717EDBBE4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ragnarok online 2\wplauncher.exe |

"{3230295A-C32A-4BAE-A43D-15ADCDDD4C02}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |

"{38E174E9-BB96-447E-9E6E-1224F9734499}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ageofconan_us\ageofconan.exe |

"{3A0995CB-2468-4E5B-BBA5-DE96CD01A6A6}" = protocol=17 | dir=in | app=c:\program files (x86)\akaneiro launcher\launcher.exe |

"{3BE4B6C7-9D00-4ED5-9215-1363B66DF8CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe |

"{3F445680-DF63-4D28-A36D-9091FDC88C78}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{3F506F9B-45DB-4991-B873-183E9BA040FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |

"{40033A52-A2C6-49C3-A47B-20384840FBA6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys origin\config.exe |

"{4165B4FD-6E2B-4903-A84D-AD9D0364AEC6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys origin\yso_win.exe |

"{4182659C-83B2-4DC9-8AFA-F0DED25FCE81}" = protocol=17 | dir=in | app=c:\users\stefan\desktop\other games\touhou\soku\th123e.exe |

"{42C69208-BA98-43A6-BB51-15F56F532E94}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |

"{45765A6B-F521-41A8-8D87-E243405A5F30}" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |

"{4999CAC5-D37C-4B88-82E4-47EC028960E1}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{49A92580-144A-4C63-8CA0-04D3D7D5D982}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{4C0349AD-1A43-4A5F-8CF8-1D7C113798CB}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{4DC4FAA3-701F-4122-8ED3-3768187D31D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anna\anna.exe |

"{4FE5FCF1-67CB-44BB-BA59-804F05207C7D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{502D65AC-01CA-4A6E-A209-1451F57BA37F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |

"{50A281F3-07B1-4FC4-BCDD-E30C3D9CCC0B}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |

"{5154898F-265E-44D6-9925-FA28F3DBEB12}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ageofconan_us\conanpatcher.exe |

"{534CCEB9-D907-4D68-8137-BA115ED5BC4C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe |

"{548DA31F-C233-4F8C-BA63-3BDD65459D66}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |

"{54D49E80-E98D-47AA-9669-6BD08DB21974}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |

"{557F7773-1AE1-4E18-B4EB-D605C4D58C72}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |

"{5AEED1F5-6B7D-452F-90DC-62274D49F722}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe |

"{60B2F520-BBF6-4DFD-8A2E-CCEEA17D13F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ageofconan_us\ageofconan.exe |

"{63BC09BE-61C2-4B92-8B8F-0714CA3E2982}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forge\binaries\win32\forgegame.exe |

"{640C520A-A7D0-4464-85E5-8FDC1AD21789}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |

"{64701237-DCD0-4990-97DF-739FAEABABAD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{67BAFB72-80F4-432C-B2A5-779C33B2EFCF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe |

"{6A9DBCD5-6BAE-4649-9C76-5AE03032A633}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |

"{6B6CFE86-8A47-42BE-BA5C-7D97F63D9D74}" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |

"{723D0556-CD60-4E3C-A685-30A5DB0B5B18}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{72A0E882-6DEB-428F-905E-FC64B507EB58}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |

"{72D74B48-2841-4B22-940D-19B1A1F33AFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\diriptide\deadislandgame_x86_rwdi.exe |

"{73EED90C-E2E9-409E-95C6-8F8B0C24B722}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{784E91E7-90B1-4CE8-B58E-7458EA359951}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys origin\yso_win.exe |

"{79CBC497-003E-45A1-AFCD-19DE28FF263B}" = protocol=6 | dir=in | app=c:\program files (x86)\akaneiro launcher\launcher.exe |

"{7F17C5BC-2484-4B65-BF12-30DE842B2E26}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{7FEF0215-76D4-4BB4-A350-2300134D30C1}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |

"{84287F42-611D-4ADA-995A-C849B0B3C623}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{846AFEC5-8495-4938-8A20-091D2ECF116D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |

"{84898355-7CA5-463E-9B44-60293E56EF6C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |

"{87014C44-07FA-4EA6-8B84-320539CF6997}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{886033BD-1BB8-4A23-8D41-38826E00A26A}" = protocol=6 | dir=in | app=c:\program files (x86)\tera\client\tl.exe |

"{8A35644C-E05C-453A-8FA4-7F418DBCF7EA}" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |

"{92F636C1-216B-4C46-B3F4-8947B2BBC935}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |

"{93FF96D9-F7DF-4F22-A89A-CB5915B09735}" = protocol=6 | dir=in | app=c:\users\stefan\desktop\other games\touhou\soku\th123.exe |

"{948E5528-E3C8-4937-81F9-029154BA1576}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |

"{94979981-C557-4BE0-996D-DC8FE7E50E59}" = protocol=6 | dir=in | app=c:\users\stefan\desktop\other games\mbaacc\mbaacc\mbaa.exe |

"{94BA425E-06F2-4EC1-9438-6560E0D0A7E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nza\bin\nza.exe |

"{976CA5B5-1CA7-4672-BC76-0725405338A8}" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |

"{97BCDB9A-BFCB-4583-B6CB-01823689A35D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |

"{98190E91-A10A-4C1E-93BB-0A772B1D3E32}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |

"{9BC08B9C-2C17-4C8C-929B-D07EF725BAC4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |

"{9CF475F6-C353-4E04-ABEE-C97B4EABA21B}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

"{A01111EF-886D-4074-8855-1D5CCCD45B1A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |

"{A738532F-9CA4-4FF6-A633-8AFD9F324B94}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe |

"{A8E02D8C-2A7C-466C-8A14-17EE1E11E7A4}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivlauncher.exe |

"{ABEE467A-4B76-4C7D-A422-842C093AE09C}" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |

"{AFCF2C77-D8ED-4056-AEEE-0EA43B588FDB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |

"{B0CF0472-D0F6-427C-9BC6-DEF6DA2ABFFE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |

"{B35FF5CC-6C97-4BDF-8756-8236CB7DCF4E}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |

"{B9F7ADAA-9838-46F8-AEA5-8F99839D0382}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

"{BC2FEB5A-1162-434B-ADD5-E2DDD15F7FBC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{BC3DC680-5CF7-429B-B302-9ACF07B99C87}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivboot.exe |

"{BCC22388-6085-49FC-8735-70CC1532976C}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{BF0DBD68-629F-44A0-ADEF-081BCE65E7B9}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{BF569F41-89B9-4A9E-B435-B8FB615AF71F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nza\bin\nza.exe |

"{C596FF5B-DAD0-4B32-8AAF-C555547C38A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forge\binaries\win32\forgegame.exe |

"{C73EDC98-3189-4028-8042-2D3E0D1E29BB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{D0BB0326-4A4E-45DB-93BB-7D92914F6809}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |

"{D2E9D163-776D-4C82-85F2-7635E51C9F2E}" = protocol=17 | dir=in | app=c:\users\stefan\desktop\other games\touhou\soku\th123.exe |

"{D3CE46F2-F9E0-4385-A29A-103DB69442D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe |

"{D3ED6F2E-8429-4DEE-9793-D687E12CAA79}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |

"{D9AE031F-378E-4D4A-95CE-07D9DE65F845}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |

"{E02D787D-7A0F-4BB0-B3C1-6B8D366C494D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E0817B9A-619A-4A71-832A-D2326E9F6BCF}" = protocol=6 | dir=out | app=c:\program files (x86)\tera\client\tl.exe |

"{E5676588-47A2-4F2A-814E-BE32E4CFE4A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\diriptide\deadislandgame_x86_rwdi.exe |

"{E850B73A-22B2-439F-9833-0982E60B3008}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |

"{ECE3234F-BDE2-46B0-B316-9003B3D9AB81}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |

"{EE03FFF9-BD97-46E1-BBEC-9B15CC1582B4}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe |

"{EFAF679D-6BFB-4DE0-86B0-C26DDE81B936}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |

"{F1EFBD18-A2A7-44B1-9E4F-8B0FEF677672}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |

"{F215B124-ECA1-4F56-9B8A-5345BB541B19}" = protocol=17 | dir=in | app=c:\users\stefan\desktop\other games\mbaacc\mbaacc\mbaa.exe |

"{F5233227-CD92-41EA-BB30-D09099E2EF25}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe |

"{F842FC43-3323-49D8-9D44-C4D8FEFDCE7D}" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |

"{F984E96D-B958-41B8-92D8-914C808958B4}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{FCA13C7E-4B5C-4F9E-B26E-2FBC75537835}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{FEB47CD1-59A0-417A-B395-1EAF317E1947}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe |

"{FF8D4DF5-202B-4CC3-B65B-26E4B814DFC8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe |

"TCP Query User{01267A83-C58B-4475-A439-0A1C65A38A9D}C:\users\stefan\desktop\other games\mbaacc\mbaacc\mbaa.exe" = protocol=6 | dir=in | app=c:\users\stefan\desktop\other games\mbaacc\mbaacc\mbaa.exe |

"TCP Query User{1BD936AF-C331-496F-95C8-5D68F0AF934A}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |

"TCP Query User{409A99F3-6E01-4704-88AD-067ABCAE9282}C:\users\stefan\desktop\other games\touhou\soku\th123.exe" = protocol=6 | dir=in | app=c:\users\stefan\desktop\other games\touhou\soku\th123.exe |

"TCP Query User{5322686E-8E92-4352-8C15-618E4B1FB721}C:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |

"TCP Query User{544230AB-290C-413F-97C1-2EA34FA99ADF}C:\program files (x86)\steam\steamapps\common\ageofconan_us\ageofconan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ageofconan_us\ageofconan.exe |

"TCP Query User{6FE038A9-1976-4178-A740-2AB3BA273D52}C:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe |

"TCP Query User{763C26B3-9059-4A3B-9A12-36C587CAF35F}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"TCP Query User{7C590BEB-0A3B-49E4-82B9-B40BB81A1201}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"TCP Query User{A68CBC2B-D48A-450C-8429-8767C5585BB4}C:\program files (x86)\akaneiro launcher\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\akaneiro launcher\launcher.exe |

"TCP Query User{AA15F203-6AF6-49CD-8E7A-9B861BA5AC69}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"TCP Query User{AE494597-1121-4084-AABC-D59AD1598059}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |

"TCP Query User{B02F1F59-5E39-470C-924E-213194A34DF6}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |

"TCP Query User{B6C9D284-9713-436B-8EF8-35C78A2F6D51}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"TCP Query User{ED1132B6-5216-48FE-914C-B497A82899E5}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |

"TCP Query User{EEAB6D0F-F9C7-470F-B85A-26C2BC8A6889}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |

"UDP Query User{07E3EB92-5D48-4F4D-AE89-22460F138AFA}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"UDP Query User{11553E2A-CDDC-4F8B-BE3A-AB47AF44D365}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"UDP Query User{20B8F345-0A29-4057-86A2-C918E21A7848}C:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |

"UDP Query User{2D94582E-53CD-4F92-8039-8C57D40B247C}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |

"UDP Query User{535254A6-FC46-4B1A-A962-61561DAB1BA0}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |

"UDP Query User{77DFFC26-C5D0-422B-9EB9-21D24BCBA97C}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |

"UDP Query User{7B4C7AE4-BF16-4F74-879F-2B262BAE7EBC}C:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe |

"UDP Query User{7D57EEA3-AD09-4302-B849-D5D2EC5FCFC1}C:\users\stefan\desktop\other games\mbaacc\mbaacc\mbaa.exe" = protocol=17 | dir=in | app=c:\users\stefan\desktop\other games\mbaacc\mbaacc\mbaa.exe |

"UDP Query User{972352BD-C577-4AE5-92CB-B7374D8BD70F}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |

"UDP Query User{A6A2C3DA-6681-46AD-8BA3-87453EA1ED42}C:\program files (x86)\steam\steamapps\common\ageofconan_us\ageofconan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ageofconan_us\ageofconan.exe |

"UDP Query User{C3973BEE-3964-49E8-84AA-6D67EBD96B6B}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |

"UDP Query User{CAD5D738-0CB7-4933-97D3-7DC23FA5BA26}C:\users\stefan\desktop\other games\touhou\soku\th123.exe" = protocol=17 | dir=in | app=c:\users\stefan\desktop\other games\touhou\soku\th123.exe |

"UDP Query User{D14BFC3F-E96E-48D6-9BA6-C483A036A7C0}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"UDP Query User{F5F7D36A-93BA-48D0-BAAF-344AF85EC205}C:\program files (x86)\akaneiro launcher\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\akaneiro launcher\launcher.exe |

"UDP Query User{F9C238E5-0DFA-46CB-A99F-B744108725B4}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes

"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database

"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer

"CCleaner" = CCleaner

"HitmanPro37" = HitmanPro 3.7

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Photosmart Essential" = HP Photosmart Essential 3.5

"HP Smart Web Printing" = HP Smart Web Printing 4.51

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"HPOCR" = OCR Software by I.R.I.S. 13.0

"Linksys Wireless Manager" = Linksys Wireless Manager

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Shop for HP Supplies" = Shop for HP Supplies

"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{03ABC33C-10B1-400E-B1FA-E817FE98D11C}" = YUME MIRU KUSURI

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}" = TERA

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FE7434B-8921-41EA-87C0-01075F8AB499}_is1" = My Girlfriend is the President 1.0

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc

"{23721B6E-ECD8-4753-A3EF-C4AD01420678}" = 黄金夢想曲†CROSS

"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = piaip AppLocale

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer

"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic

"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF001}" = Global Agenda Live

"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service

"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy

"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0422.2

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax

"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4AC85673-668B-4CC4-8800-D28E29B77A90}" = Content Manager Assistant for PlayStation®

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3

"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport

"{502499DC-2EDB-45A2-8F7C-83E6E5DE067E}" = ILLUSION ジンコウガクエン きゃらめいく

"{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak

"{54F6C98F-94A0-421C-B90E-0B6A2A96A9CF}" = Pure Networks Platform

"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013

"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{6652750B-AA69-49B7-9D09-C0A28B6FFC9F}" = ATLAS Translation Standard V14.0 Trial Version

"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed

"{722AF0E9-9BAB-4556-9AA6-B5240D46E4B3}" = Global Agenda Launcher

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{88038160-9BCB-47BE-A5C3-5CE2DC115509}" = Star Wars Galaxies

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX

"{8C8816ED-E050-4E20-8CDD-26D29F5C9EDF}" = ATLAS V14.0 L10 Update Pack U003

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile

"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}" = FINAL FANTASY XIV - A Realm Reborn (Beta Version)

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0AFB64E-79E1-45BF-BA6C-18C21E007D8E}" = Age of Wushu

"{a1f89c34-f061-447d-ac10-b5f1896a5923}" = C4380_Help

"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext

"{B641E348-377C-4819-B92F-03F1D35A7EE3}_is1" = 東方心綺楼 Ver1.01

"{B7BF6CE2-74EF-4B40-B27D-D831FA1E7442}_is1" = Demonbane USA 1.0

"{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends

"{BAA11826-70EF-4E44-9E97-8476793E022F}" = Launchpad Enhanced

"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version alpha

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C109AF5B-69D0-4C93-B360-F28D9FAB6084}" = ILLUSION ジンコウガクエン

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C547F361-5750-4CD1-9FB6-BC93827CB6C1}" = RegCure Pro

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D16815B2-6E89-4DDC-B1A9-2A0CAB030AEB}" = Four Winds Mah Jong 2.10

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential

"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan

"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel

"{DAA18A0D-A57C-4611-B135-46EA06990E7D}" = XSplit

"{DB8FCBE8-B9AE-455D-B9FE-55BB06F165CF}" = C4380

"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DEADC0DE-0936-4042-812C-CD05FB45B8E0}_is1" = Darkfall Unholy Wars 2.0.0.5

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1

"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F139C955-376C-45CA-9C34-C77000AB73BC}" = 黄金夢想曲

"{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV

"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™

"{F8511A0F-D91D-4E3D-A59C-3CA8FB8EAFE8}" = MechWarrior Online

"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 9.20

"AC3Filter_is1" = AC3Filter 1.63b

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Afterburner" = MSI Afterburner 2.2.2

"AIM_7" = AIM 7

"AkaneiroLauncher" = Akaneiro Launcher

"BandiMPEG1" = Bandisoft MPEG-1 Decoder

"Bass Audio Decoder" = Bass Audio Decoder (remove only)

"BattlEye for OA" = BattlEye for OA Uninstall

"Brass Restoration English_is1" = Brass Restoration English v1.0

"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)

"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30

"CosmicBreak_eng" = CosmicBreak_eng

"DCoder Image Source" = DCoder Image Source (remove only)

"DEARDROPS" = DEARDROPS

"DFO" = DFOLauncher

"DirectVobSub" = DirectVobSub (remove only)

"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders

"Eden Eternal" = Eden Eternal

"ERUNT_is1" = ERUNT 1.1j

"ESN Sonar-0.70.4" = ESN Sonar

"ffdshow_is1" = ffdshow v1.1.3760 [2011-02-18]

"FFMPEG Core Files" = FFMPEG Core Files (remove only)

"Fraps" = Fraps

"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)

"Guild Wars 2" = Guild Wars 2

"HaaliMkx" = Haali Media Splitter

"HandBrake" = HandBrake 0.9.6

"InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak

"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013

"Katawa Shoujo" = Katawa Shoujo

"LogMeIn Hamachi" = LogMeIn Hamachi

"Mabinogi" = Mabinogi

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)

"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Neverwinter" = Neverwinter

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Office14.SingleImage" = Microsoft Office Home and Business 2010

"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)

"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)

"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)

"Origin" = Origin

"Portforward Static IP Address" = Portforward Static IP Address 1.0.45

"PowerISO" = PowerISO

"PunkBusterSvc" = PunkBuster Services

"RealMedia" = RealMedia (remove only)

"Rose Guns Days English" = Rose Guns Days English v1.0

"SCHOOLDAYS HQ" = SCHOOLDAYS HQ

"Steam App 200510" = XCOM: Enemy Unknown

"Steam App 200710" = Torchlight II

"Steam App 203140" = Hitman: Absolution

"Steam App 203160" = Tomb Raider

"Steam App 203810" = Dear Esther

"Steam App 205100" = Dishonored

"Steam App 207350" = Ys Origin

"Steam App 209080" = Guns of Icarus Online

"Steam App 209370" = Analogue: A Hate Story

"Steam App 211260" = They Bleed Pixels

"Steam App 216250" = Dead Island Riptide

"Steam App 217690" = Anna

"Steam App 218170" = Age of Conan: Unchained - US version

"Steam App 218230" = PlanetSide 2

"Steam App 219540" = Arma 2: Operation Arrowhead Beta

"Steam App 219640" = Chivalry: Medieval Warfare

"Steam App 219740" = Don't Starve

"Steam App 220240" = Far Cry® 3

"Steam App 223390" = Forge

"Steam App 224580" = Arma 2: DayZ Mod

"Steam App 227100" = Sniper Elite: Nazi Zombie Army

"Steam App 231060" = Ragnarok Online 2

"Steam App 33900" = ARMA 2

"Steam App 33930" = ARMA 2: Operation Arrowhead

"Steam App 35420" = Killing Floor Mod: Defence Alliance 2

"Steam App 50650" = Darksiders II

"Steam App 70400" = Recettear: An Item Shop's Tale

"Steam App 8870" = BioShock Infinite

"The Secret World_is1" = The Secret World

"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)

"Umineko no Naku Koro ni English" = Umineko no Naku Koro ni English v4.4

"Umineko no Naku Koro ni EP8 English" = Umineko no Naku Koro ni EP8 English v4.1

"Uplay" = Uplay

"Vindictus" = Vindictus

"Wanko to Kurasou English_is1" = Wanko to Kurasou English v1.0

"WinLiveSuite" = Windows Live Essentials

"ZoomPlayer" = Zoom Player (remove only)

"むすめーかー_is1" = むすめーかー

"むすめとごはん_is1" = むすめとごはん

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{74d11f91-05cc-44f6-8e49-94fe7f33c79b}" = MechWarrior Online

"AIM" = AIM for Windows

"Google Chrome" = Google Chrome

"Yume Nikki 0.10 English v3" = Yume Nikki 0.10 English v3

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 5/29/2013 9:07:09 PM | Computer Name = Stefan-GaminPC | Source = MsiInstaller | ID = 11706

Description = Product: TrayApp -- Error 1706. An installation package for the product

TrayApp cannot be found. Try the installation again using a valid copy of the installation

package 'TrayApp.msi'.

Error - 5/29/2013 9:07:16 PM | Computer Name = Stefan-GaminPC | Source = MsiInstaller | ID = 11706

Description = Product: TrayApp -- Error 1706. An installation package for the product

TrayApp cannot be found. Try the installation again using a valid copy of the installation

package 'TrayApp.msi'.

Error - 5/30/2013 7:17:03 AM | Computer Name = Stefan-GaminPC | Source = MsiInstaller | ID = 11706

Description = Product: TrayApp -- Error 1706. An installation package for the product

TrayApp cannot be found. Try the installation again using a valid copy of the installation

package 'TrayApp.msi'.

Error - 5/30/2013 4:20:41 PM | Computer Name = Stefan-GaminPC | Source = MsiInstaller | ID = 11706

Description = Product: TrayApp -- Error 1706. An installation package for the product

TrayApp cannot be found. Try the installation again using a valid copy of the installation

package 'TrayApp.msi'.

Error - 5/30/2013 4:20:45 PM | Computer Name = Stefan-GaminPC | Source = MsiInstaller | ID = 11706

Description = Product: TrayApp -- Error 1706. An installation package for the product

TrayApp cannot be found. Try the installation again using a valid copy of the installation

package 'TrayApp.msi'.

Error - 5/30/2013 4:53:10 PM | Computer Name = Stefan-GaminPC | Source = MsiInstaller | ID = 11706

Description = Product: TrayApp -- Error 1706. An installation package for the product

TrayApp cannot be found. Try the installation again using a valid copy of the installation

package 'TrayApp.msi'.

Error - 5/30/2013 4:53:23 PM | Computer Name = Stefan-GaminPC | Source = MsiInstaller | ID = 11706

Description = Product: TrayApp -- Error 1706. An installation package for the product

TrayApp cannot be found. Try the installation again using a valid copy of the installation

package 'TrayApp.msi'.

[ System Events ]

Error - 5/30/2013 4:04:52 PM | Computer Name = Stefan-GaminPC | Source = ipnathlp | ID = 30013

Description =

Error - 5/30/2013 4:20:36 PM | Computer Name = Stefan-GaminPC | Source = ipnathlp | ID = 34001

Description =

Error - 5/30/2013 4:20:36 PM | Computer Name = Stefan-GaminPC | Source = ipnathlp | ID = 30013

Description =

Error - 5/30/2013 4:44:07 PM | Computer Name = Stefan-GaminPC | Source = ipnathlp | ID = 34001

Description =

Error - 5/30/2013 4:50:10 PM | Computer Name = Stefan-GaminPC | Source = Service Control Manager | ID = 7003

Description = The Net.Msmq Listener Adapter service depends the following service:

msmq. This service might not be installed.

Error - 5/30/2013 4:50:10 PM | Computer Name = Stefan-GaminPC | Source = Service Control Manager | ID = 7003

Description = The Net.Pipe Listener Adapter service depends the following service:

was. This service might not be installed.

Error - 5/30/2013 4:50:10 PM | Computer Name = Stefan-GaminPC | Source = Service Control Manager | ID = 7001

Description = The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing

Service service which failed to start because of the following error: %%1058

Error - 5/30/2013 4:50:47 PM | Computer Name = Stefan-GaminPC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Pure

Networks Platform Service service to connect.

Error - 5/30/2013 4:50:47 PM | Computer Name = Stefan-GaminPC | Source = Service Control Manager | ID = 7000

Description = The Pure Networks Platform Service service failed to start due to

the following error: %%1053

Error - 5/30/2013 4:55:48 PM | Computer Name = Stefan-GaminPC | Source = Service Control Manager | ID = 7022

Description = The Windows Update service hung on starting.

< End of report >

Link to post
Share on other sites

Proceed next to do some cleanups using the OTL utility.

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Shaku only. If you are a casual viewer, do NOT try this on your system!

If you are not Shaku and have a similar problem, do NOT post here; start your own topic

  • Temporarily disable your antivirus program and close any programs that you started.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Download the attached file ShakuOTL.txt and SAVE to your DESKTOP
  • Start NOTEPAD
    Start NOTEPAD. Check and make sure "word wrap" is off.
    From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.
    IF it -is- checkmarked, click that one time so that it is un-checked.
  • Open the ShakuOTL.txt that you saved
  • Copy ALL the lines to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Right click in the customFix.png window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button runFixbutton.png.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Task 2

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Turn off any other add-on security app {if you have them} like MBAM File System Protection.
  • If this system is Windows 8/7 or VISTA, then Right-click on drweb-cureit.exe and select Run as Administrator.
  • Otherwise, on Windows XP, doubleclick on drweb-cureit.exe file to start the tool.
  • You will see a screen similar to this:
    Drweb-cureit-1_zps34a2f747.gif
    Click the checkbox to participate, and then click on Continue button.
  • Next
    Drweb-cureit-2_zpsee7bdcb6.gif
    Click on Select onjects for scanning
  • Next
    Drweb-cureit-3_zps137b4332.gif
    Put a checkmark by clicking on the boxes as shown.
    Do not select Temporary files or System Restore points.
    Then click on Start scanning button
  • The scan in progress will be shown like this
    Drweb-cureit-4_zps211037d0.gif
  • IF something is detected, you will see a screen similar to this
    Drweb-cureit-5_zpsd7be6acf.gif
    For each item "detected", click on the Action column down arrow, like this
    Drweb-cureit-8_zpsb099f9d5.gif
    Your options will be Cure or Ignore
    IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
    Typically, you will keep the Cure default.
    Then click on the Neutralize button.
  • When the actions are completed, you will see this
    Drweb-cureit-7_zpsd290a127.gif
  • Click on the green Open Report line. It will pop-up the report in NOTEPAD.
    Save the report to your desktop. The report will be called Cureit.log
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, attach the log Cureit.log you saved previously in your next reply.

Re-Enable your antivirus program when all done.

ShakuOTL.txt

Link to post
Share on other sites

OTL

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

========== FILES ==========

File\Folder C:\Users\Stefan\Desktop\?????.lnk) -- C:\Users\Stefan\Desktop\東方心綺楼.lnk not found.

File\Folder C:\Users\Stefan\Desktop\?????.lnk) -- C:\Users\Stefan\Desktop\東方心綺楼.lnk not found.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\黄昏フロンティ folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: hedev

->Temp folder emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: Stefan

->Temp folder emptied: 600859 bytes

->Temporary Internet Files folder emptied: 65810 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 3820590 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 51349 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.00 mb

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: hedev

User: Public

User: Stefan

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: hedev

User: Public

User: Stefan

->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 05302013_182143

Files\Folders moved on Reboot...

C:\Users\Stefan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

After all of this i certainly feel like something was fixed. Vent isn't crashing anymore and the internet loads faster. As for whether there is any malware issues still here, i'm not sure. I haven't run any scan besides what you told me to since we started this. After all, the main reason i was concerned is because game files kept getting infected with trojan.win32.generic bt and i read somethings about it going into my system and changing things to make my system vulnerable to remote access or something along those lines...so i thought there was something in here spreading trojan.win32.generic bt everytime a scan found it and "cured" it. I honestly wouldnt even know where to start when it comes to confirming that it's all out of my system....besides running VipreRescue again and hoping for a clean scan. Though, i don't even know if Viprerescue is the best thing to run in these situations, it's just helped me get some bad trojans out in the past.

Right now what i'm concerned about is my new laptop. Before i realized i was infected i had brought a lot of game files over to my laptop from my desktop (the system you've been helping me with). I ran Viprerescue on there as well and it had "trojan.win32.generic bt" in the files i had copied over. Shoud i be concerned? I really don't know much about how trojan.win32.generic bt works. Is the laptop safe? Or was it comprimised as soon as i brought the files over?

Also, if those files are comprimised. What's the safest way to clean the portable harddrive i have the infected game files on? Is plugging it in to any computer at all risky?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.