Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am i still infected?


  • This topic is locked This topic is locked
11 replies to this topic

#1 pepsshelp

pepsshelp

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 04 December 2011 - 12:39 PM

Hi,

A couple of weeks ago I noticed that Google.com was getting redirected to other sites(most often down or domain had been shut down by ISP) and some of the websites that i tried visiting(random) returned the same "403 not allowed" (same htmlcode and with same textsizes so i know that they also was redirected becouse i could access them with my laptop on the same connection/IP)
Even though i was running malwarebytes,ESET and windows.. they didnt find anything as well as TDSSKiller and antizeroaccess. I started HiJackthis and the only suspect item i could find was two lines where wlidnsp.dll (Windows Live?) was injected into winsock, but ít looked pretty OK.

I tried superantispywere and it flagged WSQL.exe(WSQL is a SQL tool that can be used to access Mimer SQL databases) as a infected file by an variation of Trojan.Agent/Gen-Falprod. I had this program on my computer for like a year so i got very surpised that it was flagged, maybe some rootkit injected malwarecode to it?
Anyway i removed it wit SAS and restarted computer.

Still same problem after restart, Google.com awell as alot more sites showed some error message in spannish. I ran defrogger to disable the emulation and then tried running DDS after restart - Fail, it freezed at about 3/4.
Shut down computer, restarted, removed the wlidnsp.dll from winsock with LSPFix, restarted and to my surpise everything was OK. No redirections or error messages in Spannish like before.
Tried running DDS again, still same thing freezed at 3/4.

Now my question, am I Still infected? Posting log from GMER, if someone want to see hijackthis log i can upload it too, but its nothing out of the ordinary.

Thanks in advance, i would be very happy if someone could shed some light on what kind of virus i had/have.

Edit; HiJackthis log at: http://pastebin.com/NHNjYNZi

Attached Files

  • Attached File  ark.txt   19.38KB   2 downloads

Edited by pepsshelp, 04 December 2011 - 12:44 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 AM

Posted 09 December 2011 - 12:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430704 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 pepsshelp

pepsshelp
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 10 December 2011 - 08:45 AM

Hi,

Still cant create DDS log, computer still locks up at about 3/4. Have disabled cd emu with defogger and afik I have also disabled and terminated ESET before i launched it.

Posting hjt, GMER, MiniToolBox and aswMBR log

Edit:
OS: Windows 7 Pro, 32bit, and yes i have Win7 dvd.

Attached Files


Edited by pepsshelp, 10 December 2011 - 08:48 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,480 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:59 AM

Posted 10 December 2011 - 02:01 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Please post the logs and let me know what issues persists with this computer.

#5 pepsshelp

pepsshelp
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 11 December 2011 - 07:18 AM

13:13:50.0635 4604 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
13:13:52.0638 4604 ============================================================
13:13:52.0638 4604 Current date / time: 2011/12/11 13:13:52.0638
13:13:52.0638 4604 SystemInfo:
13:13:52.0638 4604
13:13:52.0638 4604 OS Version: 6.1.7601 ServicePack: 1.0
13:13:52.0638 4604 Product type: Workstation
13:13:52.0638 4604 ComputerName: MEDIA-PC
13:13:52.0639 4604 UserName: NyMedia
13:13:52.0639 4604 Windows directory: C:\Windows
13:13:52.0639 4604 System windows directory: C:\Windows
13:13:52.0639 4604 Processor architecture: Intel x86
13:13:52.0639 4604 Number of processors: 2
13:13:52.0639 4604 Page size: 0x1000
13:13:52.0639 4604 Boot type: Normal boot
13:13:52.0639 4604 ============================================================
13:13:55.0997 4604 Initialize success
13:14:01.0150 4752 ============================================================
13:14:01.0150 4752 Scan started
13:14:01.0150 4752 Mode: Manual; SigCheck; TDLFS;
13:14:01.0150 4752 ============================================================
13:14:04.0076 4752 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:14:04.0241 4752 1394ohci - ok
13:14:04.0293 4752 77966004 - ok
13:14:04.0349 4752 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:14:04.0370 4752 ACPI - ok
13:14:04.0539 4752 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:14:04.0635 4752 AcpiPmi - ok
13:14:04.0781 4752 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:14:04.0847 4752 adp94xx - ok
13:14:04.0869 4752 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:14:04.0908 4752 adpahci - ok
13:14:04.0932 4752 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:14:04.0962 4752 adpu320 - ok
13:14:05.0045 4752 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:14:05.0117 4752 AFD - ok
13:14:05.0170 4752 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:14:05.0199 4752 agp440 - ok
13:14:05.0227 4752 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:14:05.0256 4752 aic78xx - ok
13:14:05.0541 4752 ALCXWDM (7997b6f02cbda0e31fa18cc85871b938) C:\Windows\system32\drivers\RTKVAC.SYS
13:14:05.0649 4752 ALCXWDM - ok
13:14:05.0833 4752 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:14:05.0860 4752 aliide - ok
13:14:05.0960 4752 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:14:05.0990 4752 amdagp - ok
13:14:06.0016 4752 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:14:06.0045 4752 amdide - ok
13:14:06.0090 4752 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
13:14:06.0119 4752 amdiox86 - ok
13:14:06.0174 4752 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:14:06.0269 4752 AmdK8 - ok
13:14:06.0632 4752 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
13:14:06.0809 4752 amdkmdag - ok
13:14:06.0952 4752 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
13:14:07.0008 4752 amdkmdap - ok
13:14:07.0080 4752 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:14:07.0163 4752 AmdPPM - ok
13:14:07.0237 4752 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
13:14:07.0266 4752 amdsata - ok
13:14:07.0292 4752 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:14:07.0330 4752 amdsbs - ok
13:14:07.0348 4752 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
13:14:07.0378 4752 amdxata - ok
13:14:07.0491 4752 AODDriver4.0 - ok
13:14:07.0591 4752 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:14:07.0750 4752 AppID - ok
13:14:07.0964 4752 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:14:07.0994 4752 arc - ok
13:14:08.0010 4752 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:14:08.0040 4752 arcsas - ok
13:14:08.0081 4752 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:14:08.0325 4752 AsyncMac - ok
13:14:08.0356 4752 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:14:08.0368 4752 atapi - ok
13:14:08.0417 4752 AtiHDAudioService (45fe74599fba4070e7c7dac928896474) C:\Windows\system32\drivers\AtihdW73.sys
13:14:08.0446 4752 AtiHDAudioService - ok
13:14:08.0500 4752 AtiHdmiService (40a07e6916ac098e31a9e39ac202b8a1) C:\Windows\system32\drivers\AtiHdmi.sys
13:14:08.0529 4752 AtiHdmiService - ok
13:14:08.0807 4752 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:14:08.0875 4752 b06bdrv - ok
13:14:08.0939 4752 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:14:09.0023 4752 b57nd60x - ok
13:14:09.0063 4752 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:14:09.0124 4752 Beep - ok
13:14:09.0153 4752 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:14:09.0207 4752 blbdrive - ok
13:14:09.0267 4752 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:14:09.0309 4752 bowser - ok
13:14:09.0445 4752 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:14:09.0505 4752 BrFiltLo - ok
13:14:09.0530 4752 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:14:09.0577 4752 BrFiltUp - ok
13:14:09.0615 4752 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:14:09.0650 4752 Brserid - ok
13:14:09.0667 4752 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:14:09.0695 4752 BrSerWdm - ok
13:14:09.0734 4752 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:14:09.0772 4752 BrUsbMdm - ok
13:14:09.0803 4752 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:14:09.0858 4752 BrUsbSer - ok
13:14:09.0885 4752 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:14:09.0934 4752 BTHMODEM - ok
13:14:10.0111 4752 catchme (d94b86ad01a3cc323619d4ff512ed6fa) C:\Users\NyMedia\AppData\Local\Temp\catchme.sys
13:14:10.0160 4752 catchme ( UnsignedFile.Multi.Generic ) - warning
13:14:10.0160 4752 catchme - detected UnsignedFile.Multi.Generic (1)
13:14:10.0304 4752 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:14:10.0368 4752 cdfs - ok
13:14:10.0418 4752 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
13:14:10.0481 4752 cdrom - ok
13:14:10.0552 4752 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:14:10.0589 4752 circlass - ok
13:14:10.0633 4752 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:14:10.0651 4752 CLFS - ok
13:14:10.0707 4752 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:14:10.0752 4752 CmBatt - ok
13:14:10.0779 4752 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:14:10.0807 4752 cmdide - ok
13:14:10.0839 4752 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
13:14:10.0867 4752 CNG - ok
13:14:10.0881 4752 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:14:10.0910 4752 Compbatt - ok
13:14:10.0958 4752 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:14:10.0990 4752 CompositeBus - ok
13:14:11.0193 4752 Corsair_CAHS1 (a0384edc87aa8b632f2a03f8d261c4b4) C:\Windows\system32\drivers\CAHS1.sys
13:14:11.0270 4752 Corsair_CAHS1 - ok
13:14:11.0320 4752 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\Windows\system32\drivers\cpuz134_x32.sys
13:14:11.0333 4752 cpuz134 - ok
13:14:11.0351 4752 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:14:11.0378 4752 crcdisk - ok
13:14:11.0464 4752 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
13:14:11.0530 4752 CSC - ok
13:14:11.0605 4752 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:14:11.0675 4752 DfsC - ok
13:14:11.0702 4752 dgderdrv - ok
13:14:11.0757 4752 dg_ssudbus (aeb179b855161ec9c88172abc75ad0ef) C:\Windows\system32\DRIVERS\ssudbus.sys
13:14:11.0780 4752 dg_ssudbus - ok
13:14:11.0855 4752 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:14:11.0931 4752 discache - ok
13:14:11.0978 4752 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:14:12.0009 4752 Disk - ok
13:14:12.0148 4752 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:14:12.0207 4752 drmkaud - ok
13:14:12.0288 4752 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:14:12.0417 4752 DXGKrnl - ok
13:14:12.0462 4752 eamon (d4f94d45e25d764462a5b95bc426c8d0) C:\Windows\system32\DRIVERS\eamon.sys
13:14:12.0477 4752 eamon - ok
13:14:12.0600 4752 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:14:12.0770 4752 ebdrv - ok
13:14:12.0808 4752 ehdrv (9456462c1425d2bbf1616edabfaba5f4) C:\Windows\system32\DRIVERS\ehdrv.sys
13:14:12.0840 4752 ehdrv - ok
13:14:12.0893 4752 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:14:12.0961 4752 elxstor - ok
13:14:12.0987 4752 epfwwfpr (32102f2c07182523b1390c2d9341e397) C:\Windows\system32\DRIVERS\epfwwfpr.sys
13:14:13.0023 4752 epfwwfpr - ok
13:14:13.0064 4752 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
13:14:13.0092 4752 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
13:14:13.0092 4752 epmntdrv - detected UnsignedFile.Multi.Generic (1)
13:14:13.0123 4752 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:14:13.0172 4752 ErrDev - ok
13:14:13.0214 4752 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
13:14:13.0234 4752 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
13:14:13.0234 4752 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
13:14:13.0294 4752 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:14:13.0350 4752 exfat - ok
13:14:13.0485 4752 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:14:13.0548 4752 fastfat - ok
13:14:13.0591 4752 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:14:13.0652 4752 fdc - ok
13:14:13.0684 4752 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:14:13.0714 4752 FileInfo - ok
13:14:13.0728 4752 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:14:13.0821 4752 Filetrace - ok
13:14:13.0870 4752 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:14:13.0918 4752 flpydisk - ok
13:14:13.0960 4752 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:14:13.0991 4752 FltMgr - ok
13:14:14.0017 4752 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:14:14.0044 4752 FsDepends - ok
13:14:14.0099 4752 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS
13:14:14.0140 4752 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
13:14:14.0140 4752 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
13:14:14.0183 4752 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
13:14:14.0211 4752 Fs_Rec - ok
13:14:14.0272 4752 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:14:14.0290 4752 fvevol - ok
13:14:14.0350 4752 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:14:14.0382 4752 gagp30kx - ok
13:14:14.0477 4752 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
13:14:14.0514 4752 giveio ( UnsignedFile.Multi.Generic ) - warning
13:14:14.0514 4752 giveio - detected UnsignedFile.Multi.Generic (1)
13:14:14.0615 4752 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
13:14:14.0630 4752 hamachi - ok
13:14:14.0645 4752 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:14:14.0713 4752 hcw85cir - ok
13:14:14.0762 4752 HCW88AUD (fd81cd93209a0449670865a53f0e2b04) C:\Windows\system32\drivers\hcw88aud.sys
13:14:14.0809 4752 HCW88AUD - ok
13:14:14.0840 4752 HCW88BDA (d13afc144b6da99b7b487aafe7178db6) C:\Windows\system32\drivers\hcw88bda.sys
13:14:14.0902 4752 HCW88BDA - ok
13:14:14.0956 4752 HCW88TSE (89a64422c026265b59107607137044e6) C:\Windows\system32\drivers\hcw88tse.sys
13:14:15.0002 4752 HCW88TSE - ok
13:14:15.0032 4752 HCW88TUNE (55667fe68bd7b7b546f45f4bbbeec1ed) C:\Windows\system32\drivers\hcw88tun.sys
13:14:15.0059 4752 HCW88TUNE - ok
13:14:15.0122 4752 hcw88vid (927d846b8ffe449a98ec0f3c61c9a952) C:\Windows\system32\drivers\hcw88vid.sys
13:14:15.0144 4752 hcw88vid - ok
13:14:15.0167 4752 HCW88XBAR (d61bff053b0c99e6fb0006b77d638c93) C:\Windows\system32\drivers\HCW88BAR.sys
13:14:15.0183 4752 HCW88XBAR - ok
13:14:15.0217 4752 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
13:14:15.0253 4752 HDAudBus - ok
13:14:15.0405 4752 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:14:15.0435 4752 HidBatt - ok
13:14:15.0454 4752 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:14:15.0508 4752 HidBth - ok
13:14:15.0540 4752 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:14:15.0581 4752 HidIr - ok
13:14:15.0634 4752 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
13:14:15.0685 4752 HidUsb - ok
13:14:15.0727 4752 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:14:15.0768 4752 HpSAMD - ok
13:14:15.0825 4752 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:14:15.0880 4752 HTTP - ok
13:14:15.0920 4752 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:14:15.0931 4752 hwpolicy - ok
13:14:15.0969 4752 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:14:16.0000 4752 i8042prt - ok
13:14:16.0041 4752 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
13:14:16.0076 4752 iaStorV - ok
13:14:16.0106 4752 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:14:16.0133 4752 iirsp - ok
13:14:16.0155 4752 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:14:16.0181 4752 intelide - ok
13:14:16.0339 4752 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:14:16.0387 4752 intelppm - ok
13:14:16.0421 4752 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:14:16.0479 4752 IpFilterDriver - ok
13:14:16.0525 4752 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:14:16.0563 4752 IPMIDRV - ok
13:14:16.0586 4752 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:14:16.0667 4752 IPNAT - ok
13:14:16.0694 4752 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:14:16.0731 4752 IRENUM - ok
13:14:16.0750 4752 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:14:16.0790 4752 isapnp - ok
13:14:16.0812 4752 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:14:16.0848 4752 iScsiPrt - ok
13:14:16.0875 4752 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:14:16.0902 4752 kbdclass - ok
13:14:16.0926 4752 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
13:14:16.0972 4752 kbdhid - ok
13:14:17.0016 4752 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
13:14:17.0030 4752 KSecDD - ok
13:14:17.0046 4752 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
13:14:17.0083 4752 KSecPkg - ok
13:14:17.0269 4752 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:14:17.0320 4752 lltdio - ok
13:14:17.0371 4752 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:14:17.0399 4752 LSI_FC - ok
13:14:17.0424 4752 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:14:17.0453 4752 LSI_SAS - ok
13:14:17.0470 4752 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:14:17.0511 4752 LSI_SAS2 - ok
13:14:17.0529 4752 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:14:17.0563 4752 LSI_SCSI - ok
13:14:17.0596 4752 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:14:17.0658 4752 luafv - ok
13:14:17.0738 4752 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
13:14:17.0749 4752 MBAMProtector - ok
13:14:17.0795 4752 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:14:17.0835 4752 megasas - ok
13:14:17.0879 4752 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:14:17.0934 4752 MegaSR - ok
13:14:17.0970 4752 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:14:18.0047 4752 Modem - ok
13:14:18.0176 4752 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:14:18.0238 4752 monitor - ok
13:14:18.0278 4752 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
13:14:18.0305 4752 mouclass - ok
13:14:18.0355 4752 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:14:18.0402 4752 mouhid - ok
13:14:18.0447 4752 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:14:18.0464 4752 mountmgr - ok
13:14:18.0501 4752 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:14:18.0546 4752 mpio - ok
13:14:18.0567 4752 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:14:18.0636 4752 mpsdrv - ok
13:14:18.0688 4752 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:14:18.0792 4752 MRxDAV - ok
13:14:18.0853 4752 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:14:18.0918 4752 mrxsmb - ok
13:14:18.0968 4752 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:14:19.0000 4752 mrxsmb10 - ok
13:14:19.0023 4752 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:14:19.0054 4752 mrxsmb20 - ok
13:14:19.0068 4752 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:14:19.0094 4752 msahci - ok
13:14:19.0117 4752 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:14:19.0147 4752 msdsm - ok
13:14:19.0287 4752 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:14:19.0331 4752 Msfs - ok
13:14:19.0348 4752 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:14:19.0418 4752 mshidkmdf - ok
13:14:19.0457 4752 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:14:19.0483 4752 msisadrv - ok
13:14:19.0547 4752 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:14:19.0590 4752 MSKSSRV - ok
13:14:19.0616 4752 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:14:19.0673 4752 MSPCLOCK - ok
13:14:19.0711 4752 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:14:19.0763 4752 MSPQM - ok
13:14:19.0791 4752 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:14:19.0807 4752 MsRPC - ok
13:14:19.0833 4752 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
13:14:19.0860 4752 mssmbios - ok
13:14:19.0871 4752 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:14:19.0927 4752 MSTEE - ok
13:14:19.0950 4752 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:14:19.0996 4752 MTConfig - ok
13:14:20.0025 4752 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:14:20.0039 4752 Mup - ok
13:14:20.0080 4752 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:14:20.0124 4752 NativeWifiP - ok
13:14:20.0200 4752 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:14:20.0222 4752 NDIS - ok
13:14:20.0349 4752 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:14:20.0406 4752 NdisCap - ok
13:14:20.0433 4752 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:14:20.0462 4752 NdisTapi - ok
13:14:20.0582 4752 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:14:20.0643 4752 Ndisuio - ok
13:14:20.0691 4752 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:14:20.0738 4752 NdisWan - ok
13:14:20.0790 4752 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:14:20.0876 4752 NDProxy - ok
13:14:20.0925 4752 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:14:21.0000 4752 NetBIOS - ok
13:14:21.0045 4752 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:14:21.0083 4752 NetBT - ok
13:14:21.0159 4752 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:14:21.0189 4752 nfrd960 - ok
13:14:21.0210 4752 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:14:21.0271 4752 Npfs - ok
13:14:21.0299 4752 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:14:21.0343 4752 nsiproxy - ok
13:14:21.0512 4752 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
13:14:21.0559 4752 Ntfs - ok
13:14:21.0593 4752 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:14:21.0637 4752 Null - ok
13:14:21.0701 4752 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
13:14:21.0737 4752 NVENETFD - ok
13:14:21.0764 4752 NVR0Dev (61d6b1c71ad94f8485e966bebc36d092) C:\Windows\nvoclock.sys
13:14:21.0801 4752 NVR0Dev ( UnsignedFile.Multi.Generic ) - warning
13:14:21.0801 4752 NVR0Dev - detected UnsignedFile.Multi.Generic (1)
13:14:21.0852 4752 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
13:14:21.0881 4752 nvraid - ok
13:14:21.0909 4752 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
13:14:21.0952 4752 nvstor - ok
13:14:21.0990 4752 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:14:22.0018 4752 nv_agp - ok
13:14:22.0057 4752 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:14:22.0095 4752 ohci1394 - ok
13:14:22.0167 4752 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:14:22.0202 4752 Parport - ok
13:14:22.0366 4752 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
13:14:22.0393 4752 partmgr - ok
13:14:22.0409 4752 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:14:22.0458 4752 Parvdm - ok
13:14:22.0494 4752 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:14:22.0522 4752 pci - ok
13:14:22.0541 4752 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:14:22.0568 4752 pciide - ok
13:14:22.0590 4752 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:14:22.0627 4752 pcmcia - ok
13:14:22.0647 4752 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:14:22.0674 4752 pcw - ok
13:14:22.0709 4752 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:14:22.0777 4752 PEAUTH - ok
13:14:22.0865 4752 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:14:22.0931 4752 PptpMiniport - ok
13:14:22.0961 4752 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:14:23.0005 4752 Processor - ok
13:14:23.0058 4752 prwntdrv (5504b63dcc7f980eed7eff8f2593d60e) C:\Windows\system32\prwntdrv.sys
13:14:23.0097 4752 prwntdrv ( UnsignedFile.Multi.Generic ) - warning
13:14:23.0097 4752 prwntdrv - detected UnsignedFile.Multi.Generic (1)
13:14:23.0129 4752 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:14:23.0178 4752 Psched - ok
13:14:23.0258 4752 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:14:23.0341 4752 ql2300 - ok
13:14:23.0483 4752 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:14:23.0512 4752 ql40xx - ok
13:14:23.0535 4752 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:14:23.0567 4752 QWAVEdrv - ok
13:14:23.0583 4752 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:14:23.0648 4752 RasAcd - ok
13:14:23.0688 4752 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:14:23.0731 4752 RasAgileVpn - ok
13:14:23.0766 4752 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:14:23.0828 4752 Rasl2tp - ok
13:14:23.0868 4752 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:14:23.0926 4752 RasPppoe - ok
13:14:23.0956 4752 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:14:24.0016 4752 RasSstp - ok
13:14:24.0065 4752 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:14:24.0139 4752 rdbss - ok
13:14:24.0169 4752 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:14:24.0202 4752 rdpbus - ok
13:14:24.0246 4752 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:14:24.0272 4752 RDPCDD - ok
13:14:24.0325 4752 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
13:14:24.0365 4752 RDPDR - ok
13:14:24.0419 4752 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:14:24.0484 4752 RDPENCDD - ok
13:14:24.0603 4752 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:14:24.0641 4752 RDPREFMP - ok
13:14:24.0695 4752 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
13:14:24.0756 4752 RDPWD - ok
13:14:24.0820 4752 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:14:24.0851 4752 rdyboost - ok
13:14:24.0905 4752 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:14:24.0977 4752 rspndr - ok
13:14:25.0007 4752 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
13:14:25.0070 4752 s3cap - ok
13:14:25.0169 4752 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:14:25.0194 4752 SASDIFSV - ok
13:14:25.0257 4752 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:14:25.0283 4752 SASKUTIL - ok
13:14:25.0311 4752 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:14:25.0338 4752 sbp2port - ok
13:14:25.0502 4752 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:14:25.0532 4752 scfilter - ok
13:14:25.0611 4752 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:14:25.0669 4752 secdrv - ok
13:14:25.0753 4752 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:14:25.0802 4752 Serenum - ok
13:14:25.0833 4752 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:14:25.0888 4752 Serial - ok
13:14:25.0923 4752 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:14:25.0953 4752 sermouse - ok
13:14:26.0005 4752 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:14:26.0044 4752 sffdisk - ok
13:14:26.0068 4752 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:14:26.0099 4752 sffp_mmc - ok
13:14:26.0109 4752 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:14:26.0161 4752 sffp_sd - ok
13:14:26.0188 4752 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:14:26.0237 4752 sfloppy - ok
13:14:26.0271 4752 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:14:26.0299 4752 sisagp - ok
13:14:26.0313 4752 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:14:26.0354 4752 SiSRaid2 - ok
13:14:26.0369 4752 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:14:26.0411 4752 SiSRaid4 - ok
13:14:26.0530 4752 SliceDisk5 (903b5b4caa9a85b85ba57e411f7235fa) C:\Program Files\A-FF Find and Mount\slicedisk.sys
13:14:26.0546 4752 SliceDisk5 ( UnsignedFile.Multi.Generic ) - warning
13:14:26.0546 4752 SliceDisk5 - detected UnsignedFile.Multi.Generic (1)
13:14:26.0712 4752 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:14:26.0757 4752 Smb - ok
13:14:26.0824 4752 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\Windows\system32\speedfan.sys
13:14:26.0836 4752 speedfan - ok
13:14:26.0857 4752 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:14:26.0877 4752 spldr - ok
13:14:26.0923 4752 sptd - ok
13:14:26.0986 4752 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:14:27.0056 4752 srv - ok
13:14:27.0081 4752 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:14:27.0130 4752 srv2 - ok
13:14:27.0160 4752 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:14:27.0220 4752 srvnet - ok
13:14:27.0290 4752 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\Windows\system32\DRIVERS\ssadbus.sys
13:14:27.0303 4752 ssadbus - ok
13:14:27.0328 4752 ssadmdfl (9630b486b62cc0adb0a89152ed0218d7) C:\Windows\system32\DRIVERS\ssadmdfl.sys
13:14:27.0351 4752 ssadmdfl - ok
13:14:27.0377 4752 ssadmdm (9afaa23421622c392b55508fa9613949) C:\Windows\system32\DRIVERS\ssadmdm.sys
13:14:27.0405 4752 ssadmdm - ok
13:14:27.0472 4752 ssudmdm (6c0cc5868f99064516fb9f82563a02ea) C:\Windows\system32\DRIVERS\ssudmdm.sys
13:14:27.0500 4752 ssudmdm - ok
13:14:27.0659 4752 ssudnflt (0e550d3ddac4cfc48602c262889590d9) C:\Windows\system32\DRIVERS\ssudnflt.sys
13:14:27.0684 4752 ssudnflt - ok
13:14:27.0745 4752 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:14:27.0771 4752 stexstor - ok
13:14:27.0819 4752 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
13:14:27.0847 4752 storflt - ok
13:14:27.0868 4752 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
13:14:27.0895 4752 storvsc - ok
13:14:27.0914 4752 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:14:27.0926 4752 swenum - ok
13:14:28.0033 4752 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
13:14:28.0082 4752 Tcpip - ok
13:14:28.0140 4752 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
13:14:28.0173 4752 TCPIP6 - ok
13:14:28.0224 4752 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:14:28.0297 4752 tcpipreg - ok
13:14:28.0342 4752 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:14:28.0402 4752 TDPIPE - ok
13:14:28.0430 4752 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
13:14:28.0488 4752 TDTCP - ok
13:14:28.0535 4752 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:14:28.0608 4752 tdx - ok
13:14:28.0639 4752 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:14:28.0666 4752 TermDD - ok
13:14:28.0747 4752 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:14:28.0817 4752 tssecsrv - ok
13:14:28.0988 4752 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:14:29.0022 4752 TsUsbFlt - ok
13:14:29.0077 4752 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:14:29.0140 4752 tunnel - ok
13:14:29.0188 4752 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:14:29.0215 4752 uagp35 - ok
13:14:29.0269 4752 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:14:29.0347 4752 udfs - ok
13:14:29.0445 4752 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:14:29.0472 4752 uliagpkx - ok
13:14:29.0509 4752 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
13:14:29.0562 4752 umbus - ok
13:14:29.0591 4752 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:14:29.0637 4752 UmPass - ok
13:14:29.0839 4752 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
13:14:29.0936 4752 usbccgp - ok
13:14:30.0068 4752 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:14:30.0105 4752 usbcir - ok
13:14:30.0146 4752 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
13:14:30.0192 4752 usbehci - ok
13:14:30.0344 4752 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
13:14:30.0376 4752 usbhub - ok
13:14:30.0419 4752 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
13:14:30.0464 4752 usbohci - ok
13:14:30.0504 4752 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:14:30.0549 4752 usbprint - ok
13:14:30.0584 4752 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:14:30.0628 4752 USBSTOR - ok
13:14:30.0641 4752 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
13:14:30.0682 4752 usbuhci - ok
13:14:30.0738 4752 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
13:14:30.0785 4752 usb_rndisx - ok
13:14:30.0835 4752 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:14:30.0864 4752 vdrvroot - ok
13:14:30.0895 4752 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:14:30.0947 4752 vga - ok
13:14:30.0971 4752 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:14:31.0030 4752 VgaSave - ok
13:14:31.0068 4752 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:14:31.0096 4752 vhdmp - ok
13:14:31.0128 4752 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:14:31.0156 4752 viaagp - ok
13:14:31.0280 4752 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:14:31.0328 4752 ViaC7 - ok
13:14:31.0358 4752 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:14:31.0384 4752 viaide - ok
13:14:31.0405 4752 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
13:14:31.0420 4752 vmbus - ok
13:14:31.0446 4752 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
13:14:31.0477 4752 VMBusHID - ok
13:14:31.0505 4752 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:14:31.0545 4752 volmgr - ok
13:14:31.0606 4752 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:14:31.0624 4752 volmgrx - ok
13:14:31.0651 4752 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:14:31.0697 4752 volsnap - ok
13:14:31.0733 4752 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:14:31.0761 4752 vsmraid - ok
13:14:31.0951 4752 VSPerfDrv100 (5a2ddc5411a092bedb1a07755e087784) D:\Program\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
13:14:31.0999 4752 VSPerfDrv100 ( UnsignedFile.Multi.Generic ) - warning
13:14:31.0999 4752 VSPerfDrv100 - detected UnsignedFile.Multi.Generic (1)
13:14:32.0037 4752 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
13:14:32.0096 4752 vwifibus - ok
13:14:32.0128 4752 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:14:32.0175 4752 WacomPen - ok
13:14:32.0238 4752 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:14:32.0296 4752 WANARP - ok
13:14:32.0301 4752 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:14:32.0331 4752 Wanarpv6 - ok
13:14:32.0469 4752 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:14:32.0495 4752 Wd - ok
13:14:32.0529 4752 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:14:32.0593 4752 Wdf01000 - ok
13:14:32.0657 4752 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:14:32.0702 4752 WfpLwf - ok
13:14:32.0751 4752 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:14:32.0777 4752 WIMMount - ok
13:14:32.0850 4752 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
13:14:32.0893 4752 WinUsb - ok
13:14:32.0925 4752 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:14:32.0976 4752 WmiAcpi - ok
13:14:33.0019 4752 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:14:33.0081 4752 ws2ifsl - ok
13:14:33.0142 4752 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:14:33.0203 4752 WudfPf - ok
13:14:33.0268 4752 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:14:33.0299 4752 WUDFRd - ok
13:14:33.0357 4752 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:14:33.0430 4752 \Device\Harddisk0\DR0 - ok
13:14:33.0436 4752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
13:14:33.0672 4752 \Device\Harddisk1\DR1 - ok
13:14:33.0677 4752 Boot (0x1200) (3a0600e55e41e11c913781ac18ff8fed) \Device\Harddisk0\DR0\Partition0
13:14:33.0678 4752 \Device\Harddisk0\DR0\Partition0 - ok
13:14:33.0685 4752 Boot (0x1200) (6102492e255a195bd2ce670dafd6c179) \Device\Harddisk0\DR0\Partition1
13:14:33.0686 4752 \Device\Harddisk0\DR0\Partition1 - ok
13:14:33.0691 4752 Boot (0x1200) (e84dc3a2743ee4dc3eb399dd1a659e7c) \Device\Harddisk1\DR1\Partition0
13:14:33.0692 4752 \Device\Harddisk1\DR1\Partition0 - ok
13:14:33.0695 4752 ============================================================
13:14:33.0695 4752 Scan finished
13:14:33.0695 4752 ============================================================
13:14:33.0716 4744 Detected object count: 9
13:14:33.0716 4744 Actual detected object count: 9
13:14:42.0401 4744 catchme ( UnsignedFile.Multi.Generic ) - skipped by user
13:14:42.0401 4744 catchme ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:14:42.0408 4744 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:14:42.0408 4744 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:14:42.0410 4744 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:14:42.0410 4744 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:14:42.0412 4744 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
13:14:42.0412 4744 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:14:42.0416 4744 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
13:14:42.0416 4744 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:14:42.0419 4744 NVR0Dev ( UnsignedFile.Multi.Generic ) - skipped by user
13:14:42.0419 4744 NVR0Dev ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:14:42.0424 4744 prwntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:14:42.0424 4744 prwntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:14:42.0427 4744 SliceDisk5 ( UnsignedFile.Multi.Generic ) - skipped by user
13:14:42.0428 4744 SliceDisk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:14:42.0430 4744 VSPerfDrv100 ( UnsignedFile.Multi.Generic ) - skipped by user
13:14:42.0431 4744 VSPerfDrv100 ( UnsignedFile.Multi.Generic ) - User select action: Skip


About Combofix:

Aswell as DDS it freezes the computer, tried it running for about 12h so it's a freeze. Tried it in safemode, changing filename of file etc.
Have disabled ESET and disabled all emus with defogger, still freezes.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,480 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:59 AM

Posted 11 December 2011 - 08:49 AM

Try this tool.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


#7 pepsshelp

pepsshelp
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 11 December 2011 - 10:05 AM

OTL:

OTL logfile created on: 12/11/2011 3:46:17 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\NyMedia\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 79.13% Memory free
6.50 Gb Paging File | 5.25 Gb Available in Paging File | 80.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50.65 Gb Total Space | 7.40 Gb Free Space | 14.62% Space Free | Partition Type: NTFS
Drive D: | 182.24 Gb Total Space | 73.62 Gb Free Space | 40.39% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 54.26 Gb Free Space | 23.30% Space Free | Partition Type: NTFS
Drive F: | 485.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MEDIA-PC | User Name: NyMedia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\NyMedia\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Personal\bin\Personal.exe (Technology Nexus AB)
PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7c4eea005578d9990f604fda345fb2b4\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\cb8360b08641130fd39a8a04f58c3124\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\813a0913bea1269e48613509609e72b4\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8244412387a82c0acd3d63622e22cef5\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\9dacf8a5033dfbcb435be166d2f42cdf\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9211f2faac02f0082b201a95731736c4\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\44a7d2597981a82da8b9e3e2298602de\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll ()
MOD - C:\Users\NyMedia\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\NyMedia\AppData\Local\Temp\catchme.sys ()
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (ssudnflt) -- C:\Windows\System32\drivers\ssudnflt.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Almico Software)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (prwntdrv) -- C:\Windows\System32\prwntdrv.sys ()
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (cpuz134) -- C:\Windows\System32\drivers\cpuz134_x32.sys (Windows ® Win 7 DDK provider)
DRV - (Corsair_CAHS1) -- C:\Windows\System32\drivers\CAHS1.sys (C-Media Electronics Inc)
DRV - (HCW88TSE) -- C:\Windows\System32\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc)
DRV - (HCW88BDA) -- C:\Windows\System32\drivers\hcw88bda.sys (Hauppauge Computer Works, Inc)
DRV - (HCW88AUD) -- C:\Windows\System32\drivers\hcw88aud.sys (Hauppauge Computer Works, Inc)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (VSPerfDrv100) -- D:\Program\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (epfwwfpr) -- C:\Windows\System32\drivers\epfwwfpr.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\Windows\System32\drivers\eamon.sys (ESET)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (SliceDisk5) -- C:\Program Files\A-FF Find and Mount\slicedisk.sys (Atola)
DRV - (NVR0Dev) -- C:\Windows\nvoclock.sys (NVidia Corp.)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2C BF 51 67 E5 AE CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\NyMedia\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\NyMedia\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2011/05/11 16:37:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/10 11:35:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 20:50:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/09/06 23:37:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/04/04 01:47:13 | 000,000,000 | ---D | M]

[2011/10/10 11:29:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NyMedia\AppData\Roaming\Mozilla\Extensions
[2011/10/10 11:35:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NyMedia\AppData\Roaming\Mozilla\Firefox\Profiles\asnkiloa.default\extensions
[2011/10/10 11:35:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/10 11:35:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/04/04 01:48:45 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/04/11 21:40:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/09/12 12:56:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\NYMEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ASNKILOA.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011/09/29 07:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2011/09/12 12:55:51 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2011/06/07 11:35:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/09/29 01:26:50 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2011/09/29 01:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 01:26:50 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2011/09/29 01:26:50 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/09/29 01:26:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2011/09/29 01:26:50 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\NyMedia\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\NyMedia\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\NyMedia\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexus Personal (Enabled) = C:\Program Files\Personal\bin\np_prsnl.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\NyMedia\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2010/03/22 13:18:37 | 000,000,857 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.141.64.3 213.141.84.30
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A51F26B-19D3-4CE7-8849-71774C344128}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D00AACE6-BE99-4D91-AE72-D5B6288BD998}: DhcpNameServer = 213.141.64.3 213.141.84.30
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) -C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) -C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) -C:\Windows\System32\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/04/12 09:05:00 | 000,000,029 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009/11/23 07:44:00 | 000,000,000 | ---D | M] - F:\Autokey utility -- [ CDFS ]
O32 - AutoRun File - [2008/10/08 07:45:26 | 000,002,675 | R--- | M] () - F:\auto-ar.html -- [ CDFS ]
O32 - AutoRun File - [2008/10/08 07:45:26 | 000,003,028 | R--- | M] () - F:\auto-cs.html -- [ CDFS ]
O32 - AutoRun File - [2008/10/08 07:45:26 | 000,002,953 | R--- | M] () - F:\auto-da.html -- [ CDFS ]
O32 - AutoRun File - [2008/10/08 07:45:26 | 000,002,789 | R--- | M] () - F:\auto-de.html -- [ CDFS ]
O32 - AutoRun File - [2008/10/08 07:45:26 | 000,002,926 | R--- | M] () - F:\auto-en.html -- [ CDFS ]
O32 - AutoRun File - [2008/10/08 07:45:26 | 000,002,701 | R--- | M] () - F:\auto-es.html -- [ CDFS ]
O32 - AutoRun File - [2008/10/08 07:45:26 | 000,003,054 | R--- | M] () - F:\auto-fi.html -- [ CDFS ]
O32 - AutoRun File - [2008/10/08 07:45:26 | 000,003,090 | R--- | M] () - F:\auto-fr.html -- [ CDFS ]
O32 - AutoRun File - [2008/10/08 07:45:26 | 000,002,776 | R--- | M] () - F:\auto-hu.html -- [ CDFS ]
O32 - AutoRun File - [2008/10/08 07:45:26 | 000,002,737 | R--- | M] () - F:\auto-it.html -- [ CDFS ]
O32 - AutoRun File - [2008/10/08 07:45:26 | 000,003,609 | R--- | M] () - F:\auto-ja.html -- [ CDFS ]
O32 - AutoRun File - [2008/10/08 07:45:26 | 000,003,092 | R--- | M] () - F:\auto-ko.html -- [ CDFS ]
O32 - AutoRun File - [2008/10/08 07:45:26 | 000,002,928 | R--- | M] () - F:\auto-nl.html -- [ CDFS ]
O32 - AutoRun File - [2008/10/08 07:45:26 | 000,002,898 | R--- | M] () - F:\auto-no.html -- [ CDFS ]
O32 - AutoRun File - [2008/10/08 07:45:26 | 000,002,645 | R--- | M] () - F:\auto-pl.html -- [ CDFS ]
O32 - AutoRun File - [2008/10/08 07:45:26 | 000,002,571 | R--- | M] () - F:\auto-pt.html -- [ CDFS ]
O32 - AutoRun File - [2008/10/08 07:45:26 | 000,003,052 | R--- | M] () - F:\auto-ro.html -- [ CDFS ]
O32 - AutoRun File - [2008/10/08 07:45:26 | 000,004,026 | R--- | M] () - F:\auto-ru.html -- [ CDFS ]
O32 - AutoRun File - [2008/10/08 07:45:26 | 000,002,850 | R--- | M] () - F:\auto-sc.html -- [ CDFS ]
O32 - AutoRun File - [2008/10/08 07:45:26 | 000,002,948 | R--- | M] () - F:\auto-sk.html -- [ CDFS ]
O32 - AutoRun File - [2008/10/08 07:45:26 | 000,002,750 | R--- | M] () - F:\auto-sl.html -- [ CDFS ]
O32 - AutoRun File - [2008/10/08 07:45:26 | 000,002,980 | R--- | M] () - F:\auto-sv.html -- [ CDFS ]
O32 - AutoRun File - [2008/10/08 07:45:26 | 000,003,718 | R--- | M] () - F:\auto-tc.html -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/04 17:21:56 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\NyMedia\Desktop\dds.scr
[2011/12/01 21:46:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/01 00:23:46 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\fsbl.exe
[2011/11/30 23:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/11/30 22:47:25 | 000,000,000 | ---D | C] -- C:\Users\NyMedia\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/30 22:47:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/11/30 22:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/30 22:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/29 22:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/11/29 22:31:24 | 000,000,000 | ---D | C] -- C:\Users\NyMedia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/26 16:14:47 | 000,000,000 | ---D | C] -- C:\Users\NyMedia\AppData\Local\assembly
[2011/11/21 21:43:01 | 000,000,000 | ---D | C] -- C:\Users\NyMedia\AppData\Roaming\Malwarebytes
[2006/12/20 00:00:00 | 000,034,816 | ---- | C] ( ) -- C:\Windows\System32\A3D.DLL
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/11 15:44:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-298792575-1938906914-175759571-1014UA.job
[2011/12/11 15:36:51 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-298792575-1938906914-175759571-1001UA.job
[2011/12/11 15:36:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/11 13:17:43 | 000,017,408 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/11 13:17:43 | 000,017,408 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/11 13:16:32 | 000,663,078 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/11 13:16:32 | 000,121,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/11 13:10:18 | 2616,893,440 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/10 22:44:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-298792575-1938906914-175759571-1014Core.job
[2011/12/09 10:16:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-298792575-1938906914-175759571-1001Core.job
[2011/12/04 12:06:50 | 000,000,020 | ---- | M] () -- C:\Users\NyMedia\defogger_reenable
[2011/12/03 16:10:25 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\NyMedia\Desktop\dds.scr
[2011/11/30 23:58:31 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\fsbl.exe
[2011/11/30 22:47:10 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/29 22:31:24 | 000,002,973 | ---- | M] () -- C:\Users\NyMedia\Desktop\HiJackThis.lnk
[2011/11/19 13:45:50 | 000,002,411 | ---- | M] () -- C:\Users\NyMedia\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/04 12:06:14 | 000,000,020 | ---- | C] () -- C:\Users\NyMedia\defogger_reenable
[2011/11/30 22:47:10 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/29 22:31:24 | 000,002,973 | ---- | C] () -- C:\Users\NyMedia\Desktop\HiJackThis.lnk
[2011/11/06 01:21:44 | 000,002,356 | ---- | C] () -- C:\Windows\System32\secushr.dat
[2011/05/09 15:06:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/04/27 13:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/04/27 13:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/04/27 13:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/04/27 13:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/04/27 13:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/04/19 21:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/04/12 01:36:04 | 000,439,296 | ---- | C] () -- C:\Windows\sqlite3.exe
[2011/04/12 01:36:04 | 000,432,128 | ---- | C] () -- C:\Windows\sqlite3.dll
[2011/04/04 15:30:05 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/04 02:13:32 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/04/04 01:33:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/01 20:44:50 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/04/01 20:44:16 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/04/01 20:44:13 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/03/29 15:52:00 | 000,001,024 | ---- | C] () -- C:\Windows\System32\Image2PDF.dat
[2011/03/17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/28 22:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/28 22:29:36 | 002,336,384 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/01/28 22:29:36 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/01/28 22:29:36 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/01/28 22:29:36 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/01/28 22:29:36 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/01/02 23:23:39 | 000,098,696 | ---- | C] () -- C:\Windows\System32\setupprwdrv03.exe
[2011/01/02 23:23:39 | 000,013,704 | ---- | C] () -- C:\Windows\System32\prwntdrv.sys
[2010/12/08 17:32:23 | 000,000,009 | ---- | C] () -- C:\Windows\System32\status.bin
[2010/11/16 13:35:22 | 000,143,360 | ---- | C] () -- C:\Windows\VmixHS1.dll
[2010/11/16 13:35:12 | 000,000,200 | ---- | C] () -- C:\Windows\CAHS1.ini.cfl
[2010/11/16 13:35:11 | 000,557,056 | ---- | C] () -- C:\Windows\System32\CAHS1.exe
[2010/11/16 13:34:55 | 000,299,008 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010/11/16 13:34:55 | 000,001,525 | ---- | C] () -- C:\Windows\CAHS1.ini.cfg
[2010/11/16 13:34:55 | 000,001,475 | ---- | C] () -- C:\Windows\CAHS1.ini.imi
[2010/10/27 02:13:04 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/10/25 21:02:03 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/10/25 21:02:03 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/10/08 15:04:52 | 000,000,556 | ---- | C] () -- C:\Windows\System32\secustat.dat
[2010/10/07 22:47:14 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/07/30 12:49:31 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/07/30 04:07:30 | 000,000,539 | ---- | C] () -- C:\Windows\CAHS1.ini
[2010/05/11 15:48:20 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/03/22 00:31:25 | 000,000,374 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/15 22:45:33 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2010/03/15 21:40:38 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009/08/06 09:35:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat(1543).dat
[2009/07/14 05:33:53 | 002,343,928 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,663,078 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,121,946 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/09 02:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/02/26 19:47:56 | 000,042,320 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2007/03/12 11:01:30 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2011/11/06 11:04:09 | 000,000,000 | ---D | M] -- C:\Users\NyMedia\AppData\Roaming\BITS
[2011/11/05 23:06:30 | 000,000,000 | ---D | M] -- C:\Users\NyMedia\AppData\Roaming\FlashGet
[2011/11/05 23:06:24 | 000,000,000 | ---D | M] -- C:\Users\NyMedia\AppData\Roaming\FlashGetBHO
[2011/10/03 21:09:41 | 000,000,000 | ---D | M] -- C:\Users\NyMedia\AppData\Roaming\LolClient
[2011/10/03 17:36:26 | 000,000,000 | ---D | M] -- C:\Users\NyMedia\AppData\Roaming\Notepad++
[2011/10/03 17:20:34 | 000,000,000 | ---D | M] -- C:\Users\NyMedia\AppData\Roaming\Personal
[2011/10/11 22:29:21 | 000,000,000 | ---D | M] -- C:\Users\NyMedia\AppData\Roaming\Samsung
[2011/12/11 01:04:49 | 000,000,000 | ---D | M] -- C:\Users\NyMedia\AppData\Roaming\Spotify
[2011/12/10 19:28:54 | 000,000,000 | ---D | M] -- C:\Users\NyMedia\AppData\Roaming\uTorrent
[2011/10/07 00:18:28 | 000,000,000 | ---D | M] -- C:\Users\NyMedia\AppData\Roaming\XBMC
[2011/03/09 16:21:45 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(1545).TXT
[2009/07/14 05:53:46 | 000,022,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Extras:

OTL Extras logfile created on: 12/11/2011 3:46:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\NyMedia\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 79.13% Memory free
6.50 Gb Paging File | 5.25 Gb Available in Paging File | 80.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50.65 Gb Total Space | 7.40 Gb Free Space | 14.62% Space Free | Partition Type: NTFS
Drive D: | 182.24 Gb Total Space | 73.62 Gb Free Space | 40.39% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 54.26 Gb Free Space | 23.30% Space Free | Partition Type: NTFS
Drive F: | 485.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MEDIA-PC | User Name: NyMedia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.NyMedia] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{02BEB9A6-6695-F451-A98A-E08B048B5687}" = ATI Problem Report Wizard
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{170DE2A7-4768-370C-9671-D8D17826EFBF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{183B7569-90FB-4C56-9761-0EEB002CAB83}" = Adobe Camera Raw 4.0
"{193A833F-38D7-43CD-B906-86F54B54C1EC}" = IronPython 2.7
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java™ 7
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{32939827-d8e5-470a-b126-870db3c69fdf}" = Python 2.7.1
"{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java™ SE Development Kit 6 Update 21
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java™ SE Development Kit 6 Update 24
"{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java™ SE Development Kit 7
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{361693F2-A153-4359-A4CB-A1B9FF2AA5E6}" = A4tech USB Mouse Quality Testing Program V6.0
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}" = Adobe Version Cue CS3 Client
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}" = Adobe ExtendScript Toolkit 2
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{589D0376-CF0C-3096-40E4-D2A15FE7987B}" = WMV9/VC-1 Video Playback
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5F577CD8-A997-2E11-83BC-4445DD2D4542}" = AMD VISION Engine Control Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{658DE1DF-D156-DD5A-800E-20C693806F65}" = Catalyst Control Center InstallProxy
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6844F85B-1AEE-093A-5FC9-235035B3A127}" = Catalyst Control Center Graphics Previews Common
"{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}" = Adobe Bridge CS3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D3E3395-A9A0-42D4-A81B-41C3583CCE89}" = OSCAR Editor
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71790311-0C42-B5BC-AF01-97BFFEF2A30B}" = ATI Catalyst Install Manager
"{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB7}" = Corsair HS1 USB Headset
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{733D84D6-AAFD-4368-A1D0-F2734F6B9082}" = Adobe Help Viewer CS3
"{74FF7860-85D8-D261-52C6-D41E946235F1}" = AMD Drag and Drop Transcoding
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7F3A2319-79CF-4701-95FB-034E99281808}" = Adobe Bridge Start Meeting
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C4A333-DD44-3431-B1BF-6A66B971D07B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}" = Adobe Asset Services CS3
"{8C3A3C74-0163-F062-08D6-C8AC7430669E}" = ccc-utility
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-041D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Swedish) 2007
"{90120000-0015-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-041D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Swedish) 2007
"{90120000-0016-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-041D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Swedish) 2007
"{90120000-0018-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-041D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Swedish) 2007
"{90120000-0019-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-041D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Swedish) 2007
"{90120000-001A-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-041D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Swedish) 2007
"{90120000-001B-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2007
"{90120000-001F-040B-0000-0000000FF1CE}_ENTERPRISE_{8C00DF3E-E8BD-4C6A-B86F-0135E11DAF1C}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2007
"{90120000-001F-041D-0000-0000000FF1CE}_ENTERPRISE_{43722AA8-ACEA-4F54-9B83-2467D376EF8A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-041D-0000-0000000FF1CE}" = Microsoft Office Proofing (Swedish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-041D-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Swedish) 2007
"{90120000-0044-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-041D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Swedish) 2007
"{90120000-006E-041D-0000-0000000FF1CE}_ENTERPRISE_{8C2A0B2D-382B-428C-9E8D-247D31B22201}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-041D-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Swedish) 2007
"{90120000-00A1-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-041D-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Swedish) 2007
"{90120000-00BA-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AD7902EB-6FCA-4C71-BB72-C51520DB9FBE}" = Corona SDK
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7749EE2-5318-D255-F0EE-14D5845B0925}" = CCC Help English
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}" = Adobe Update Manager CS3
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DB09C3D8-5ED0-42A3-8EC8-3B9F665971EF}" = WD FAT32 Formatter
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E15E74CC-E9D1-9042-4481-BE3B573620BA}" = AMD Fuel
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F809C246-9699-4EB3-8D1C-B576C0B774EE}" = Titanium Developer
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE9C13F6-6BBD-47D3-B939-F7E061BC4930}" = ESET NOD32 Antivirus
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFE07FA8-37BD-02CB-DEBF-0B64B57C20F8}" = ATI AVIVO Codecs
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Airplay SDK 4.4_is1" = Airplay SDK 4.4
"Android SDK Tools" = Android SDK Tools
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Betsson Poker_is1" = Betsson Poker
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 7.0.1 Home Edition
"EASEUS Partition Recovery_is1" = EASEUS Partition Recovery 5.0.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVE" = EVE Online (remove only)
"Fiddler2" = Fiddler2
"Find and Mount_is1" = Find and Mount 2.31
"FlashGet 3.5" = FlashGet 3.5
"flip.exe" = Flip 3.4.1
"Git_is1" = Git version 1.7.3.1-preview20101002
"HDD Health_is1" = HDD Health v3.3 Beta
"hon" = Heroes of Newerth
"ImgBurn" = ImgBurn
"InstallShield_{6D3E3395-A9A0-42D4-A81B-41C3583CCE89}" = Anti-Vibrate Oscar Editor
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mendeley Desktop" = Mendeley Desktop 0.9.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"MiniTool Power Data Recovery_is1" = MiniTool Power Data Recovery
"Monitor Calibration Wizard" = Monitor Calibration Wizard 1.0
"MoSync" = MoSync
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.11)" = Mozilla Thunderbird (3.1.11)
"nbi-nb-base-7.0.0.0.0" = NetBeans IDE 7.0
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"PandoraRecovery" = PandoraRecovery (Remove Only)
"PerformanceTest 7_is1" = PerformanceTest v7.0
"Personal" = BankID Security Application 4.10.4
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"RMPrepUSB" = RMPrepUSB
"scons-py2.6" = Python 2.6 SCons - a software construction tool
"Sencha SDK Tools 1.2.3" = Sencha SDK Tools
"SopCast" = SopCast 3.2.9
"SpeedFan" = SpeedFan (remove only)
"Spotify" = Spotify
"ST6UNST #1" = WSQL
"Steam App 42910" = Magicka
"Svenska Spels Poker" = Svenska Spels Poker
"TreeSize Free_is1" = TreeSize Free V2.4
"UBCD4Win_is1" = UBCD4Win 3.60
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Veetle TV" = Veetle TV 0.9.18
"VeryPDF Image2PDF v3.2_is1" = VeryPDF Image2PDF v3.2
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"XBMC" = XBMC

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/2/2011 6:09:40 PM | Computer Name = Media-PC | Source = VSS | ID = 8193
Description =

Error - 12/2/2011 6:09:41 PM | Computer Name = Media-PC | Source = System Restore | ID = 8193
Description =

Error - 12/6/2011 3:06:32 PM | Computer Name = Media-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files\EASEUS\easeus
partition master 7.0.1 home edition\bin\x64\ConvertFAT2NTFS.exe.Manifest".Error
in manifest or policy file "c:\program files\EASEUS\easeus partition master 7.0.1
home edition\bin\x64\Microsoft.VC80.CRT.MANIFEST" on line 11. Component identity
found in manifest does not match the identity of the component requested. Reference
is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition
is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Please
use sxstrace.exe for detailed diagnosis.

Error - 12/6/2011 3:06:32 PM | Computer Name = Media-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files\EASEUS\easeus
partition master 7.0.1 home edition\bin\x64\WinChkdsk.exe".Error in manifest or
policy file "c:\program files\EASEUS\easeus partition master 7.0.1 home edition\bin\x64\Microsoft.VC80.CRT.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition
is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Please
use sxstrace.exe for detailed diagnosis.

Error - 12/8/2011 1:51:55 PM | Computer Name = Media-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files\EASEUS\easeus
partition master 7.0.1 home edition\bin\x64\ConvertFAT2NTFS.exe.Manifest".Error
in manifest or policy file "c:\program files\EASEUS\easeus partition master 7.0.1
home edition\bin\x64\Microsoft.VC80.CRT.MANIFEST" on line 11. Component identity
found in manifest does not match the identity of the component requested. Reference
is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition
is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Please
use sxstrace.exe for detailed diagnosis.

Error - 12/8/2011 1:51:56 PM | Computer Name = Media-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files\EASEUS\easeus
partition master 7.0.1 home edition\bin\x64\WinChkdsk.exe".Error in manifest or
policy file "c:\program files\EASEUS\easeus partition master 7.0.1 home edition\bin\x64\Microsoft.VC80.CRT.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition
is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Please
use sxstrace.exe for detailed diagnosis.

Error - 12/8/2011 2:11:03 PM | Computer Name = Media-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files\EASEUS\easeus
partition master 7.0.1 home edition\bin\x64\ConvertFAT2NTFS.exe.Manifest".Error
in manifest or policy file "c:\program files\EASEUS\easeus partition master 7.0.1
home edition\bin\x64\Microsoft.VC80.CRT.MANIFEST" on line 11. Component identity
found in manifest does not match the identity of the component requested. Reference
is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition
is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Please
use sxstrace.exe for detailed diagnosis.

Error - 12/8/2011 2:11:03 PM | Computer Name = Media-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files\EASEUS\easeus
partition master 7.0.1 home edition\bin\x64\WinChkdsk.exe".Error in manifest or
policy file "c:\program files\EASEUS\easeus partition master 7.0.1 home edition\bin\x64\Microsoft.VC80.CRT.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition
is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Please
use sxstrace.exe for detailed diagnosis.

Error - 12/10/2011 8:53:14 AM | Computer Name = Media-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files\EASEUS\easeus
partition master 7.0.1 home edition\bin\x64\ConvertFAT2NTFS.exe.Manifest".Error
in manifest or policy file "c:\program files\EASEUS\easeus partition master 7.0.1
home edition\bin\x64\Microsoft.VC80.CRT.MANIFEST" on line 11. Component identity
found in manifest does not match the identity of the component requested. Reference
is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition
is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Please
use sxstrace.exe for detailed diagnosis.

Error - 12/10/2011 8:53:14 AM | Computer Name = Media-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files\EASEUS\easeus
partition master 7.0.1 home edition\bin\x64\WinChkdsk.exe".Error in manifest or
policy file "c:\program files\EASEUS\easeus partition master 7.0.1 home edition\bin\x64\Microsoft.VC80.CRT.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition
is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Please
use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 12/4/2011 5:02:15 PM | Computer Name = Media-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 12/6/2011 3:11:28 PM | Computer Name = Media-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 12/7/2011 1:01:36 PM | Computer Name = Media-PC | Source = DCOM | ID = 10010
Description =

Error - 12/7/2011 2:41:20 PM | Computer Name = Media-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 12/7/2011 6:47:25 PM | Computer Name = Media-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 12/9/2011 6:54:42 PM | Computer Name = Media-PC | Source = DCOM | ID = 10010
Description =

Error - 12/10/2011 8:56:31 AM | Computer Name = Media-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 12/10/2011 9:50:37 AM | Computer Name = Media-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 12/10/2011 8:28:14 PM | Computer Name = Media-PC | Source = DCOM | ID = 10010
Description =

Error - 12/11/2011 9:05:59 AM | Computer Name = Media-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.


< End of report >

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,480 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:59 AM

Posted 12 December 2011 - 08:42 AM

Nothing suspicious was found on your OTL log.

Do you have any difficulties with your backups or do you get some error message that may indicate some registry problem?

From your extra log.

Error - 12/6/2011 3:06:32 PM | Computer Name = Media-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files\EASEUS\easeus
partition master 7.0.1 home edition\bin\x64\ConvertFAT2NTFS.exe.Manifest".Error
in manifest or policy file "c:\program files\EASEUS\easeus partition master 7.0.1
home edition\bin\x64\Microsoft.VC80.CRT.MANIFEST" on line 11. Component identity
found in manifest does not match the identity of the component requested. Reference
is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition
is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Please
use sxstrace.exe for detailed diagnosis.

Have a look at the other error messages.

I have searched Google for sxstrace.exe and from what I can gather is that you have a wrong version of some module.
You may want to investigate. This is not my forte so cannot help you there.

===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know the exact issues you are having with this computer.

#9 pepsshelp

pepsshelp
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 12 December 2011 - 10:22 AM

Hi,

Thank you for your time on this matter, I appriciate it.

I've updated all my 3rd party apps.

I dont have any problems with the computer since I removed wlidnsp.dll from winsock with LSPFix and re-enabled my network interface. From the looks from Google wlidnsp.dll seems to be a legit component from microsoft live, though im not sure why it should be included in winsock. I also have a hard time thinking WSQL.exe could be the one that was causing trouble couse it wasnt running in my system, only the executable was quarentined.

Anyway, I was just worried that my computer still was infected becouse i couldnt run DDS or ComboFix, and I was pretty suprised that nore malwarebytes or Eset had picked up any suspicious activity.

I might reinstall windows though to be sure.

Thanks,

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,480 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:59 AM

Posted 13 December 2011 - 10:11 AM

Anyway, I was just worried that my computer still was infected becouse i couldnt run DDS or ComboFix,


Keep an eye on your system and if you get any redirection of other problems please let me know.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,480 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:59 AM

Posted 19 December 2011 - 09:51 AM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,480 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:59 AM

Posted 25 December 2011 - 10:29 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users