Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zeroaccess rootkit and Abnow redirection.


  • This topic is locked This topic is locked
67 replies to this topic

#1 psxlover

psxlover

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 16 March 2012 - 12:56 PM

Hallo,
when I use a search engine the results redirect me to abnow.com. I've run Malwarebytes Anti-Malware, it reports two files as Rootkit.Zeroaccess and says that it will remove them on restart but they are still there.

Thank you for your help.

Attached Files



BC AdBot (Login to Remove)

 


#2 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:20 AM

Posted 16 March 2012 - 05:15 PM

Hello psxlover ,

My name is ratman and and I will be helping you with your computer problems.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

====================================================================================

Backdoor Warning

One or more of the identified infections (ZeroAccess) is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.

====================================================================================


Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

====================================================================================

Please download ComboFix from here:

Link


* IMPORTANT !!! Save ComboFix.exe to your Desktop.

  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Right click on ComboFix icon Posted Image and run as admin then follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

====================================================================================

In your next reply, please copy/paste the contents of the following:
  • C:\Combofix.txt


How is your machine running now?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#3 psxlover

psxlover
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 16 March 2012 - 07:28 PM

Hallo ratman and thanks for your response.
μTorrent is not running on startup, and torrents are used by a lot of linux distributions and some application developer to distribute their files, so you'll excuse me if I choose not to uninstall it. I doubt it's what caused the problem in the first place. I probably got infected either from one of the sites I visited the other day or by one of the numerous updates I did.

First thing I noticed was that when I got on the computer (it was open during the night) it was unresponsive. I opened taskmanager and noticed a e856.tmp running (which was later removed when I run Malwarebytes Anti-Malware) which I terminated, and multiple (8-10) sshd.exe services running that were using the cpu (there was also one that was at 0% cpu usage, which I guess was the original one).

Right now, other than the search redirects the only not normal thing is services.exe and svchost.exe that are using 4-9% cpu each (around half a cpu thread), and I think that every few hours a new sshd.exe process comes up that is using 12-13% of the cpu time (100% on a cpu thread).

I can't use combofix. After downloading and running it, it decompresses the files and then does nothing. When I run it, a folder/link is created in C:\ named 32788R22FWJFW that gets me back to "My Computer" if clicked. I tried to run it both in normal and safe mode. Also if I start the pc in safe mode I get a bsod and immediately a restart about a minute after safe mode boots (note that this does not happen if I use "Safe mode with network".

#4 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:20 AM

Posted 16 March 2012 - 07:46 PM

Hi,

I'd like you to try another way of running ComboFix:
  • Press Start
  • Copy/paste %userprofile%\desktop\combofix.exe into search box and press enter.
Did that work?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#5 psxlover

psxlover
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 16 March 2012 - 07:48 PM

Again it runs the file, but after the extract nothing happens.

#6 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:20 AM

Posted 16 March 2012 - 07:51 PM

Hi psxlover ,

Ok, let's try something else.

I want you to run TDSSKiller:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.9.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

===================================================================================



In your next reply, please copy/paste the contents of the following:
  • TDSSKiller Log


How's your machine running now?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#7 psxlover

psxlover
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 16 March 2012 - 07:56 PM

TDSSKiller didn't find anything. Here's the log:


02:54:25.0142 0936 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
02:54:27.0144 0936 ============================================================
02:54:27.0144 0936 Current date / time: 2012/03/17 02:54:27.0144
02:54:27.0144 0936 SystemInfo:
02:54:27.0144 0936
02:54:27.0144 0936 OS Version: 6.1.7601 ServicePack: 1.0
02:54:27.0144 0936 Product type: Workstation
02:54:27.0144 0936 ComputerName: ALEX-NEW
02:54:27.0144 0936 UserName: Alex
02:54:27.0144 0936 Windows directory: C:\Windows
02:54:27.0144 0936 System windows directory: C:\Windows
02:54:27.0144 0936 Running under WOW64
02:54:27.0144 0936 Processor architecture: Intel x64
02:54:27.0144 0936 Number of processors: 8
02:54:27.0144 0936 Page size: 0x1000
02:54:27.0144 0936 Boot type: Normal boot
02:54:27.0144 0936 ============================================================
02:54:27.0413 0936 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1600000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:54:27.0441 0936 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:54:27.0450 0936 \Device\Harddisk0\DR0:
02:54:27.0450 0936 MBR used
02:54:27.0450 0936 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
02:54:27.0450 0936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD8000
02:54:27.0450 0936 \Device\Harddisk1\DR1:
02:54:27.0450 0936 MBR used
02:54:27.0450 0936 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
02:54:27.0450 0936 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xC34F2CC, BlocksNum 0x3E507BF5
02:54:27.0529 0936 Initialize success
02:54:27.0529 0936 ============================================================
02:54:28.0942 2444 ============================================================
02:54:28.0942 2444 Scan started
02:54:28.0942 2444 Mode: Manual;
02:54:28.0942 2444 ============================================================
02:54:29.0103 2444 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
02:54:29.0104 2444 1394ohci - ok
02:54:29.0191 2444 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
02:54:29.0193 2444 ACPI - ok
02:54:29.0227 2444 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
02:54:29.0227 2444 AcpiPmi - ok
02:54:29.0271 2444 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
02:54:29.0273 2444 adp94xx - ok
02:54:29.0283 2444 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
02:54:29.0284 2444 adpahci - ok
02:54:29.0291 2444 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
02:54:29.0292 2444 adpu320 - ok
02:54:29.0357 2444 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
02:54:29.0359 2444 AFD - ok
02:54:29.0373 2444 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
02:54:29.0373 2444 agp440 - ok
02:54:29.0388 2444 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
02:54:29.0389 2444 aliide - ok
02:54:29.0466 2444 ALSysIO - ok
02:54:29.0489 2444 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
02:54:29.0489 2444 amdide - ok
02:54:29.0519 2444 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
02:54:29.0519 2444 AmdK8 - ok
02:54:29.0666 2444 amdkmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
02:54:29.0708 2444 amdkmdag - ok
02:54:29.0732 2444 amdkmdap (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys
02:54:29.0734 2444 amdkmdap - ok
02:54:29.0749 2444 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
02:54:29.0749 2444 AmdPPM - ok
02:54:29.0768 2444 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
02:54:29.0768 2444 amdsata - ok
02:54:29.0795 2444 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
02:54:29.0796 2444 amdsbs - ok
02:54:29.0806 2444 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
02:54:29.0806 2444 amdxata - ok
02:54:29.0823 2444 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
02:54:29.0824 2444 AppID - ok
02:54:29.0843 2444 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
02:54:29.0844 2444 arc - ok
02:54:29.0862 2444 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
02:54:29.0863 2444 arcsas - ok
02:54:29.0888 2444 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
02:54:29.0889 2444 AsyncMac - ok
02:54:29.0905 2444 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
02:54:29.0905 2444 atapi - ok
02:54:29.0941 2444 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
02:54:29.0942 2444 AtiHDAudioService - ok
02:54:30.0000 2444 AtiHdmiService (7e2f5a758f63f80f8b03f889b4e6b19f) C:\Windows\system32\drivers\AtiHdmi.sys
02:54:30.0001 2444 AtiHdmiService - ok
02:54:30.0079 2444 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
02:54:30.0081 2444 b06bdrv - ok
02:54:30.0121 2444 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
02:54:30.0122 2444 b57nd60a - ok
02:54:30.0137 2444 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
02:54:30.0138 2444 Beep - ok
02:54:30.0148 2444 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
02:54:30.0148 2444 blbdrive - ok
02:54:30.0164 2444 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
02:54:30.0165 2444 bowser - ok
02:54:30.0174 2444 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:54:30.0174 2444 BrFiltLo - ok
02:54:30.0184 2444 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:54:30.0184 2444 BrFiltUp - ok
02:54:30.0195 2444 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
02:54:30.0196 2444 BridgeMP - ok
02:54:30.0236 2444 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
02:54:30.0238 2444 Brserid - ok
02:54:30.0247 2444 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
02:54:30.0248 2444 BrSerWdm - ok
02:54:30.0259 2444 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:54:30.0259 2444 BrUsbMdm - ok
02:54:30.0271 2444 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
02:54:30.0271 2444 BrUsbSer - ok
02:54:30.0288 2444 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
02:54:30.0289 2444 BTHMODEM - ok
02:54:30.0306 2444 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
02:54:30.0306 2444 cdfs - ok
02:54:30.0324 2444 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
02:54:30.0325 2444 cdrom - ok
02:54:30.0344 2444 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
02:54:30.0345 2444 circlass - ok
02:54:30.0397 2444 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
02:54:30.0399 2444 CLFS - ok
02:54:30.0425 2444 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
02:54:30.0425 2444 CmBatt - ok
02:54:30.0444 2444 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
02:54:30.0444 2444 cmdide - ok
02:54:30.0477 2444 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
02:54:30.0479 2444 CNG - ok
02:54:30.0487 2444 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
02:54:30.0487 2444 Compbatt - ok
02:54:30.0500 2444 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
02:54:30.0500 2444 CompositeBus - ok
02:54:30.0540 2444 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
02:54:30.0540 2444 cpuz135 - ok
02:54:30.0552 2444 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
02:54:30.0552 2444 crcdisk - ok
02:54:30.0583 2444 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
02:54:30.0584 2444 CSC - ok
02:54:30.0612 2444 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
02:54:30.0612 2444 DfsC - ok
02:54:30.0646 2444 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
02:54:30.0647 2444 discache - ok
02:54:30.0658 2444 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
02:54:30.0659 2444 Disk - ok
02:54:30.0677 2444 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
02:54:30.0678 2444 drmkaud - ok
02:54:30.0782 2444 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
02:54:30.0783 2444 DrvAgent64 - ok
02:54:30.0841 2444 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
02:54:30.0844 2444 DXGKrnl - ok
02:54:30.0890 2444 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
02:54:30.0904 2444 ebdrv - ok
02:54:30.0940 2444 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
02:54:30.0942 2444 elxstor - ok
02:54:30.0955 2444 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
02:54:30.0955 2444 ErrDev - ok
02:54:30.0977 2444 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
02:54:30.0978 2444 exfat - ok
02:54:30.0999 2444 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
02:54:31.0000 2444 fastfat - ok
02:54:31.0012 2444 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
02:54:31.0012 2444 fdc - ok
02:54:31.0031 2444 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
02:54:31.0031 2444 FileInfo - ok
02:54:31.0037 2444 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
02:54:31.0038 2444 Filetrace - ok
02:54:31.0055 2444 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
02:54:31.0056 2444 flpydisk - ok
02:54:31.0080 2444 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
02:54:31.0082 2444 FltMgr - ok
02:54:31.0109 2444 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
02:54:31.0110 2444 FsDepends - ok
02:54:31.0118 2444 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
02:54:31.0118 2444 Fs_Rec - ok
02:54:31.0138 2444 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
02:54:31.0139 2444 fvevol - ok
02:54:31.0157 2444 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:54:31.0158 2444 gagp30kx - ok
02:54:31.0219 2444 GGSAFERDriver - ok
02:54:31.0250 2444 Gun (4f7e0a173348a60e003d3c5f51c5808e) C:\Windows\system32\Gun64.sys
02:54:31.0250 2444 Gun - ok
02:54:31.0273 2444 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
02:54:31.0273 2444 hamachi - ok
02:54:31.0326 2444 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys
02:54:31.0327 2444 hcmon - ok
02:54:31.0341 2444 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
02:54:31.0341 2444 hcw85cir - ok
02:54:31.0371 2444 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
02:54:31.0372 2444 HdAudAddService - ok
02:54:31.0399 2444 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
02:54:31.0400 2444 HDAudBus - ok
02:54:31.0418 2444 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
02:54:31.0418 2444 HidBatt - ok
02:54:31.0434 2444 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
02:54:31.0435 2444 HidBth - ok
02:54:31.0446 2444 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
02:54:31.0446 2444 HidIr - ok
02:54:31.0472 2444 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
02:54:31.0472 2444 HidUsb - ok
02:54:31.0504 2444 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
02:54:31.0504 2444 HpSAMD - ok
02:54:31.0544 2444 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
02:54:31.0547 2444 HTTP - ok
02:54:31.0558 2444 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
02:54:31.0558 2444 hwpolicy - ok
02:54:31.0577 2444 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
02:54:31.0577 2444 i8042prt - ok
02:54:31.0614 2444 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
02:54:31.0616 2444 iaStor - ok
02:54:31.0643 2444 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
02:54:31.0645 2444 iaStorV - ok
02:54:31.0682 2444 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
02:54:31.0683 2444 iirsp - ok
02:54:31.0736 2444 IntcAzAudAddService (f2744fd54be1580be05916d1c755c92a) C:\Windows\system32\drivers\RTKVHD64.sys
02:54:31.0747 2444 IntcAzAudAddService - ok
02:54:31.0755 2444 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
02:54:31.0755 2444 intelide - ok
02:54:31.0778 2444 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
02:54:31.0778 2444 intelppm - ok
02:54:31.0814 2444 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:54:31.0814 2444 IpFilterDriver - ok
02:54:31.0854 2444 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
02:54:31.0854 2444 IPMIDRV - ok
02:54:31.0868 2444 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
02:54:31.0869 2444 IPNAT - ok
02:54:31.0877 2444 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
02:54:31.0878 2444 IRENUM - ok
02:54:31.0893 2444 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
02:54:31.0893 2444 isapnp - ok
02:54:31.0923 2444 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
02:54:31.0924 2444 iScsiPrt - ok
02:54:31.0936 2444 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
02:54:31.0936 2444 kbdclass - ok
02:54:31.0953 2444 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
02:54:31.0953 2444 kbdhid - ok
02:54:31.0987 2444 KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
02:54:31.0988 2444 KMWDFILTER - ok
02:54:32.0062 2444 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
02:54:32.0062 2444 KSecDD - ok
02:54:32.0092 2444 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
02:54:32.0092 2444 KSecPkg - ok
02:54:32.0102 2444 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
02:54:32.0103 2444 ksthunk - ok
02:54:32.0127 2444 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
02:54:32.0127 2444 LGBusEnum - ok
02:54:32.0137 2444 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
02:54:32.0137 2444 LGVirHid - ok
02:54:32.0159 2444 libusb0 (285954c6c6ef43b78ab84034750fac6a) C:\Windows\system32\DRIVERS\libusb0.sys
02:54:32.0160 2444 libusb0 - ok
02:54:32.0171 2444 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
02:54:32.0172 2444 lltdio - ok
02:54:32.0195 2444 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:54:32.0195 2444 LSI_FC - ok
02:54:32.0208 2444 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:54:32.0208 2444 LSI_SAS - ok
02:54:32.0214 2444 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:54:32.0214 2444 LSI_SAS2 - ok
02:54:32.0222 2444 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:54:32.0222 2444 LSI_SCSI - ok
02:54:32.0235 2444 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
02:54:32.0236 2444 luafv - ok
02:54:32.0283 2444 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
02:54:32.0284 2444 LVRS64 - ok
02:54:32.0425 2444 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
02:54:32.0444 2444 LVUVC64 - ok
02:54:32.0474 2444 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
02:54:32.0474 2444 megasas - ok
02:54:32.0497 2444 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
02:54:32.0498 2444 MegaSR - ok
02:54:32.0525 2444 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
02:54:32.0525 2444 Modem - ok
02:54:32.0582 2444 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
02:54:32.0583 2444 monitor - ok
02:54:32.0590 2444 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
02:54:32.0590 2444 mouclass - ok
02:54:32.0593 2444 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
02:54:32.0594 2444 mouhid - ok
02:54:32.0620 2444 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
02:54:32.0620 2444 mountmgr - ok
02:54:32.0638 2444 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
02:54:32.0638 2444 mpio - ok
02:54:32.0672 2444 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
02:54:32.0672 2444 mpsdrv - ok
02:54:32.0692 2444 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
02:54:32.0693 2444 MRxDAV - ok
02:54:32.0728 2444 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:54:32.0729 2444 mrxsmb - ok
02:54:32.0758 2444 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:54:32.0759 2444 mrxsmb10 - ok
02:54:32.0771 2444 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:54:32.0771 2444 mrxsmb20 - ok
02:54:32.0791 2444 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
02:54:32.0791 2444 msahci - ok
02:54:32.0808 2444 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
02:54:32.0808 2444 msdsm - ok
02:54:32.0848 2444 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
02:54:32.0848 2444 Msfs - ok
02:54:32.0856 2444 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
02:54:32.0857 2444 mshidkmdf - ok
02:54:32.0867 2444 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
02:54:32.0868 2444 msisadrv - ok
02:54:32.0911 2444 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
02:54:32.0912 2444 MSKSSRV - ok
02:54:32.0955 2444 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
02:54:32.0955 2444 MSPCLOCK - ok
02:54:32.0961 2444 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
02:54:32.0962 2444 MSPQM - ok
02:54:33.0012 2444 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
02:54:33.0014 2444 MsRPC - ok
02:54:33.0021 2444 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
02:54:33.0021 2444 mssmbios - ok
02:54:33.0074 2444 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
02:54:33.0074 2444 MSTEE - ok
02:54:33.0102 2444 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
02:54:33.0102 2444 MTConfig - ok
02:54:33.0124 2444 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
02:54:33.0125 2444 Mup - ok
02:54:33.0152 2444 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
02:54:33.0153 2444 NativeWifiP - ok
02:54:33.0197 2444 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
02:54:33.0200 2444 NDIS - ok
02:54:33.0217 2444 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
02:54:33.0217 2444 NdisCap - ok
02:54:33.0230 2444 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
02:54:33.0231 2444 NdisTapi - ok
02:54:33.0260 2444 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
02:54:33.0261 2444 Ndisuio - ok
02:54:33.0277 2444 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
02:54:33.0278 2444 NdisWan - ok
02:54:33.0332 2444 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
02:54:33.0332 2444 NDProxy - ok
02:54:33.0334 2444 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
02:54:33.0335 2444 NetBIOS - ok
02:54:33.0352 2444 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
02:54:33.0354 2444 NetBT - ok
02:54:33.0379 2444 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
02:54:33.0379 2444 nfrd960 - ok
02:54:33.0402 2444 nmwcd (985a3f046dfcd58e26d3a95283bb8f1d) C:\Windows\system32\drivers\ccdcmbx64.sys
02:54:33.0403 2444 nmwcd - ok
02:54:33.0416 2444 nmwcdc (5eb41a9656388dc21119ccc33f0ee22a) C:\Windows\system32\drivers\ccdcmbox64.sys
02:54:33.0416 2444 nmwcdc - ok
02:54:33.0465 2444 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
02:54:33.0465 2444 NPF - ok
02:54:33.0468 2444 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
02:54:33.0469 2444 Npfs - ok
02:54:33.0473 2444 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
02:54:33.0474 2444 nsiproxy - ok
02:54:33.0514 2444 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
02:54:33.0520 2444 Ntfs - ok
02:54:33.0531 2444 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
02:54:33.0532 2444 Null - ok
02:54:33.0549 2444 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
02:54:33.0550 2444 nvraid - ok
02:54:33.0557 2444 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
02:54:33.0557 2444 nvstor - ok
02:54:33.0573 2444 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
02:54:33.0574 2444 nv_agp - ok
02:54:33.0593 2444 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
02:54:33.0594 2444 ohci1394 - ok
02:54:33.0649 2444 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
02:54:33.0650 2444 Parport - ok
02:54:33.0660 2444 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
02:54:33.0661 2444 partmgr - ok
02:54:33.0707 2444 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
02:54:33.0707 2444 pccsmcfd - ok
02:54:33.0727 2444 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
02:54:33.0728 2444 pci - ok
02:54:33.0735 2444 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
02:54:33.0735 2444 pciide - ok
02:54:33.0755 2444 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
02:54:33.0756 2444 pcmcia - ok
02:54:33.0795 2444 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
02:54:33.0795 2444 pcw - ok
02:54:33.0814 2444 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
02:54:33.0816 2444 PEAUTH - ok
02:54:33.0854 2444 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
02:54:33.0854 2444 Point64 - ok
02:54:33.0895 2444 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
02:54:33.0895 2444 PptpMiniport - ok
02:54:33.0907 2444 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
02:54:33.0907 2444 Processor - ok
02:54:33.0932 2444 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
02:54:33.0933 2444 Psched - ok
02:54:33.0995 2444 pspdisp (f3a3c10e20ab29925000edff0cc23022) C:\Windows\system32\DRIVERS\pspdisp_x64.sys
02:54:33.0996 2444 pspdisp - ok
02:54:34.0060 2444 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
02:54:34.0060 2444 PxHlpa64 - ok
02:54:34.0114 2444 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
02:54:34.0120 2444 ql2300 - ok
02:54:34.0137 2444 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
02:54:34.0138 2444 ql40xx - ok
02:54:34.0155 2444 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
02:54:34.0155 2444 QWAVEdrv - ok
02:54:34.0168 2444 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
02:54:34.0168 2444 RasAcd - ok
02:54:34.0180 2444 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:54:34.0181 2444 RasAgileVpn - ok
02:54:34.0199 2444 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:54:34.0200 2444 Rasl2tp - ok
02:54:34.0215 2444 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
02:54:34.0215 2444 RasPppoe - ok
02:54:34.0226 2444 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
02:54:34.0227 2444 RasSstp - ok
02:54:34.0242 2444 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
02:54:34.0244 2444 rdbss - ok
02:54:34.0250 2444 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
02:54:34.0250 2444 rdpbus - ok
02:54:34.0259 2444 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:54:34.0259 2444 RDPCDD - ok
02:54:34.0319 2444 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
02:54:34.0320 2444 RDPDR - ok
02:54:34.0351 2444 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
02:54:34.0352 2444 RDPENCDD - ok
02:54:34.0358 2444 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
02:54:34.0358 2444 RDPREFMP - ok
02:54:34.0394 2444 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
02:54:34.0395 2444 RDPWD - ok
02:54:34.0424 2444 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
02:54:34.0425 2444 rdyboost - ok
02:54:34.0460 2444 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
02:54:34.0461 2444 regi - ok
02:54:34.0517 2444 RsFx0105 (c9fe05a63c500abe3afa5786504c4d36) C:\Windows\system32\DRIVERS\RsFx0105.sys
02:54:34.0518 2444 RsFx0105 - ok
02:54:34.0544 2444 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
02:54:34.0544 2444 rspndr - ok
02:54:34.0580 2444 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
02:54:34.0582 2444 RTL8167 - ok
02:54:34.0606 2444 RtNdPt60 (e16b7c030a05ef649b18fab0a93d871f) C:\Windows\system32\DRIVERS\RtNdPt60.sys
02:54:34.0607 2444 RtNdPt60 - ok
02:54:34.0630 2444 RTTEAMPT (1de78f5008120cd79b34c12394dcd493) C:\Windows\system32\DRIVERS\RtTeam60.sys
02:54:34.0630 2444 RTTEAMPT - ok
02:54:34.0642 2444 RTVLANPT (b1018aa1b5735f5fa89fd4dadf4bea7a) C:\Windows\system32\DRIVERS\RtVlan60.sys
02:54:34.0642 2444 RTVLANPT - ok
02:54:34.0677 2444 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
02:54:34.0677 2444 s3cap - ok
02:54:34.0808 2444 SANDRA (5efbbfcc6adac121c8e2fe76641ed329) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x64\Sandra.sys
02:54:34.0808 2444 SANDRA - ok
02:54:34.0836 2444 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
02:54:34.0836 2444 sbp2port - ok
02:54:34.0867 2444 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
02:54:34.0867 2444 SCDEmu - ok
02:54:34.0884 2444 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
02:54:34.0885 2444 scfilter - ok
02:54:34.0901 2444 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:54:34.0901 2444 secdrv - ok
02:54:34.0916 2444 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
02:54:34.0916 2444 Serenum - ok
02:54:34.0932 2444 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
02:54:34.0933 2444 Serial - ok
02:54:34.0946 2444 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
02:54:34.0947 2444 sermouse - ok
02:54:35.0007 2444 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
02:54:35.0008 2444 sffdisk - ok
02:54:35.0018 2444 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
02:54:35.0019 2444 sffp_mmc - ok
02:54:35.0021 2444 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
02:54:35.0022 2444 sffp_sd - ok
02:54:35.0036 2444 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
02:54:35.0036 2444 sfloppy - ok
02:54:35.0053 2444 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:54:35.0053 2444 SiSRaid2 - ok
02:54:35.0072 2444 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
02:54:35.0072 2444 SiSRaid4 - ok
02:54:35.0083 2444 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
02:54:35.0083 2444 Smb - ok
02:54:35.0091 2444 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
02:54:35.0091 2444 spldr - ok
02:54:35.0120 2444 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\System32\Drivers\sptd.sys
02:54:35.0124 2444 sptd - ok
02:54:35.0171 2444 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
02:54:35.0173 2444 srv - ok
02:54:35.0237 2444 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
02:54:35.0238 2444 srv2 - ok
02:54:35.0248 2444 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
02:54:35.0249 2444 srvnet - ok
02:54:35.0281 2444 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
02:54:35.0281 2444 stexstor - ok
02:54:35.0286 2444 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
02:54:35.0287 2444 storflt - ok
02:54:35.0303 2444 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
02:54:35.0303 2444 storvsc - ok
02:54:35.0317 2444 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
02:54:35.0317 2444 swenum - ok
02:54:35.0321 2444 SysInfo - ok
02:54:35.0356 2444 tap0901t (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys
02:54:35.0356 2444 tap0901t - ok
02:54:35.0405 2444 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
02:54:35.0412 2444 Tcpip - ok
02:54:35.0426 2444 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
02:54:35.0433 2444 TCPIP6 - ok
02:54:35.0463 2444 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
02:54:35.0464 2444 tcpipreg - ok
02:54:35.0482 2444 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
02:54:35.0482 2444 TDPIPE - ok
02:54:35.0489 2444 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
02:54:35.0489 2444 TDTCP - ok
02:54:35.0521 2444 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
02:54:35.0521 2444 tdx - ok
02:54:35.0525 2444 TEAM (1de78f5008120cd79b34c12394dcd493) C:\Windows\system32\DRIVERS\RtTeam60.sys
02:54:35.0525 2444 TEAM - ok
02:54:35.0540 2444 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
02:54:35.0540 2444 TermDD - ok
02:54:35.0572 2444 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:54:35.0572 2444 tssecsrv - ok
02:54:35.0595 2444 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
02:54:35.0596 2444 TsUsbFlt - ok
02:54:35.0623 2444 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
02:54:35.0624 2444 tunnel - ok
02:54:35.0634 2444 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
02:54:35.0634 2444 TurboB - ok
02:54:35.0647 2444 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
02:54:35.0648 2444 uagp35 - ok
02:54:35.0666 2444 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
02:54:35.0668 2444 udfs - ok
02:54:35.0686 2444 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
02:54:35.0686 2444 uliagpkx - ok
02:54:35.0699 2444 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
02:54:35.0699 2444 umbus - ok
02:54:35.0713 2444 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
02:54:35.0713 2444 UmPass - ok
02:54:35.0740 2444 upperdev (afa3a0937b7044a8322d8bc91722c53b) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
02:54:35.0740 2444 upperdev - ok
02:54:35.0778 2444 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
02:54:35.0778 2444 usbaudio - ok
02:54:35.0807 2444 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
02:54:35.0808 2444 usbccgp - ok
02:54:35.0825 2444 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
02:54:35.0825 2444 usbcir - ok
02:54:35.0854 2444 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
02:54:35.0855 2444 usbehci - ok
02:54:35.0868 2444 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
02:54:35.0869 2444 usbhub - ok
02:54:35.0891 2444 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
02:54:35.0891 2444 usbohci - ok
02:54:35.0937 2444 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
02:54:35.0938 2444 usbprint - ok
02:54:35.0970 2444 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\DRIVERS\usbser.sys
02:54:35.0970 2444 usbser - ok
02:54:35.0982 2444 UsbserFilt (b826f3ff5a1975cc9096b4caadde77b6) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
02:54:35.0982 2444 UsbserFilt - ok
02:54:35.0997 2444 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:54:35.0998 2444 USBSTOR - ok
02:54:36.0014 2444 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
02:54:36.0014 2444 usbuhci - ok
02:54:36.0086 2444 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
02:54:36.0087 2444 usbvideo - ok
02:54:36.0115 2444 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
02:54:36.0115 2444 vdrvroot - ok
02:54:36.0128 2444 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
02:54:36.0129 2444 vga - ok
02:54:36.0144 2444 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
02:54:36.0145 2444 VgaSave - ok
02:54:36.0171 2444 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
02:54:36.0172 2444 vhdmp - ok
02:54:36.0180 2444 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
02:54:36.0180 2444 viaide - ok
02:54:36.0208 2444 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
02:54:36.0208 2444 vmbus - ok
02:54:36.0227 2444 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
02:54:36.0228 2444 VMBusHID - ok
02:54:36.0258 2444 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys
02:54:36.0259 2444 vmci - ok
02:54:36.0301 2444 vmkbd (ed82d26b5e26542615483b8bed77d826) C:\Windows\system32\drivers\VMkbd.sys
02:54:36.0301 2444 vmkbd - ok
02:54:36.0341 2444 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\Windows\system32\DRIVERS\vmnetadapter.sys
02:54:36.0342 2444 VMnetAdapter - ok
02:54:36.0376 2444 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys
02:54:36.0376 2444 VMnetBridge - ok
02:54:36.0420 2444 VMnetuserif (1e74142ded099de7ada258042f891a8d) C:\Windows\system32\drivers\vmnetuserif.sys
02:54:36.0420 2444 VMnetuserif - ok
02:54:36.0451 2444 vmx86 (18a28eda522b6c0560e59d5be638d076) C:\Windows\system32\drivers\vmx86.sys
02:54:36.0452 2444 vmx86 - ok
02:54:36.0465 2444 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
02:54:36.0465 2444 volmgr - ok
02:54:36.0483 2444 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
02:54:36.0485 2444 volmgrx - ok
02:54:36.0499 2444 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
02:54:36.0500 2444 volsnap - ok
02:54:36.0528 2444 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
02:54:36.0528 2444 vsmraid - ok
02:54:36.0704 2444 VSPerfDrv100 (ca64a8838b4674d14bdf88aba2f253ea) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
02:54:36.0705 2444 VSPerfDrv100 - ok
02:54:36.0708 2444 vstor2-mntapi10-shared - ok
02:54:36.0723 2444 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
02:54:36.0723 2444 vwifibus - ok
02:54:36.0741 2444 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
02:54:36.0741 2444 WacomPen - ok
02:54:36.0778 2444 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:54:36.0778 2444 WANARP - ok
02:54:36.0781 2444 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:54:36.0781 2444 Wanarpv6 - ok
02:54:36.0797 2444 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
02:54:36.0797 2444 Wd - ok
02:54:36.0826 2444 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:54:36.0829 2444 Wdf01000 - ok
02:54:36.0862 2444 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
02:54:36.0862 2444 WfpLwf - ok
02:54:36.0884 2444 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
02:54:36.0885 2444 WIMMount - ok
02:54:37.0056 2444 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Users\Alex\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys
02:54:37.0056 2444 WinRing0_1_2_0 - ok
02:54:37.0097 2444 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
02:54:37.0097 2444 WinUSB - ok
02:54:37.0117 2444 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
02:54:37.0118 2444 WmiAcpi - ok
02:54:37.0136 2444 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
02:54:37.0137 2444 ws2ifsl - ok
02:54:37.0166 2444 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
02:54:37.0166 2444 WudfPf - ok
02:54:37.0197 2444 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:54:37.0198 2444 WUDFRd - ok
02:54:37.0214 2444 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
02:54:37.0259 2444 \Device\Harddisk0\DR0 - ok
02:54:37.0283 2444 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
02:54:37.0449 2444 \Device\Harddisk1\DR1 - ok
02:54:37.0451 2444 Boot (0x1200) (188d203de5e7609efb44115433ef0a24) \Device\Harddisk0\DR0\Partition0
02:54:37.0451 2444 \Device\Harddisk0\DR0\Partition0 - ok
02:54:37.0458 2444 Boot (0x1200) (8a8288461677527be53bc455df283e2b) \Device\Harddisk0\DR0\Partition1
02:54:37.0458 2444 \Device\Harddisk0\DR0\Partition1 - ok
02:54:37.0459 2444 Boot (0x1200) (241d9d45c9fe170e62f2c3a83733560c) \Device\Harddisk1\DR1\Partition0
02:54:37.0460 2444 \Device\Harddisk1\DR1\Partition0 - ok
02:54:37.0476 2444 Boot (0x1200) (319cd96a1c5b5624bcd7c444942cb690) \Device\Harddisk1\DR1\Partition1
02:54:37.0477 2444 \Device\Harddisk1\DR1\Partition1 - ok
02:54:37.0477 2444 ============================================================
02:54:37.0477 2444 Scan finished
02:54:37.0477 2444 ============================================================
02:54:37.0482 1424 Detected object count: 0
02:54:37.0482 1424 Actual detected object count: 0
02:54:39.0883 6212 Deinitialize success

#8 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:20 AM

Posted 16 March 2012 - 08:28 PM

Hi psxlover ,

We need to create an OTL Report
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

====================================================================================


In your next reply, please copy/paste the contents of the following:
  • OTL.txt
  • Extra.txt

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#9 psxlover

psxlover
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 16 March 2012 - 08:40 PM

OTL.Txt:
OTL logfile created on: 17/3/2012 03:29:49 - Run 1
OTL by OldTimer - Version 3.2.37.1 Folder = C:\Users\Alex\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

11,99 Gb Total Physical Memory | 9,24 Gb Available Physical Memory | 77,02% Memory free
23,98 Gb Paging File | 20,52 Gb Available in Paging File | 85,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 660,84 Gb Free Space | 35,47% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 14,61 Gb Free Space | 14,96% Space Free | Partition Type: NTFS
Drive I: | 498,52 Gb Total Space | 26,31 Gb Free Space | 5,28% Space Free | Partition Type: NTFS

Computer Name: ALEX-NEW | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/17 03:28:57 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2012/03/13 06:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/14 21:36:40 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
PRC - [2012/02/14 21:35:52 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2012/02/02 01:57:02 | 002,074,440 | ---- | M] (Actual Tools) -- C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter.exe
PRC - [2012/01/18 15:47:10 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2012/01/18 13:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2012/01/18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/12/14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/10/14 14:49:38 | 000,745,832 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe
PRC - [2011/10/07 17:12:50 | 000,411,150 | ---- | M] () -- C:\Compilers\Cygwin\usr\sbin\sshd.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/02 05:41:37 | 000,012,800 | ---- | M] (Mr. John aka japamd) -- C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
PRC - [2009/12/20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\Program Files\xampp\mysql\bin\mysqld.exe
PRC - [2009/12/20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\Program Files\xampp\apache\bin\httpd.exe
PRC - [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 13:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/10 14:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/03/18 12:28:46 | 000,068,096 | ---- | M] () -- C:\Compilers\Cygwin\bin\cygrunsrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/14 10:40:03 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/03/14 10:39:36 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/03/14 10:39:28 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/03/14 10:39:06 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/03/14 10:39:00 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/03/14 10:38:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/03/14 10:38:55 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/03/13 06:39:07 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/14 21:36:40 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
MOD - [2012/02/14 21:35:10 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraEll.dll
MOD - [2012/01/10 22:17:52 | 001,273,870 | ---- | M] () -- C:\Compilers\Cygwin\bin\cygcrypto-0.9.8.dll
MOD - [2011/10/26 06:26:51 | 000,008,206 | ---- | M] () -- C:\Compilers\Cygwin\bin\cygssp-0.dll
MOD - [2011/10/26 06:26:36 | 000,080,910 | ---- | M] () -- C:\Compilers\Cygwin\bin\cyggcc_s-1.dll
MOD - [2011/10/24 21:17:10 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/10/07 17:12:50 | 000,411,150 | ---- | M] () -- C:\Compilers\Cygwin\usr\sbin\sshd.exe
MOD - [2011/08/12 11:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2011/08/12 11:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2011/08/12 11:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2011/08/12 11:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2011/08/12 11:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2010/11/20 03:19:58 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/13 01:31:41 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_el_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/08/01 23:04:19 | 000,077,838 | ---- | M] () -- C:\Compilers\Cygwin\bin\cygz.dll
MOD - [2010/03/28 11:02:33 | 000,028,174 | ---- | M] () -- C:\Compilers\Cygwin\bin\cygwrap-0.dll
MOD - [2008/03/18 12:28:46 | 000,068,096 | ---- | M] () -- C:\Compilers\Cygwin\bin\cygrunsrv.exe
MOD - [2003/10/19 11:12:30 | 000,006,656 | ---- | M] () -- C:\Compilers\Cygwin\bin\cygcrypt-0.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/02/15 05:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/07/15 09:24:27 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/12/20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\Program Files\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV:64bit: - [2009/12/20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV:64bit: - [2009/11/02 12:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/10/13 16:52:36 | 001,436,424 | ---- | M] (Acresso Software Inc.) [Auto | Stopped] -- C:\Program Files\PGI\flexlm\lmgrd.exe -- (PGI License Server)
SRV:64bit: - [2009/07/25 00:32:46 | 002,067,832 | ---- | M] (RealVNC Ltd.) [On_Demand | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 03:39:46 | 000,005,120 | ---- | M] (Iomega) [Auto | Running] -- C:\Windows\SysNative\cpqfcalm.dll -- (sglogplayer)
SRV:64bit: - [2008/12/12 03:20:08 | 000,095,896 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2008/07/29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2012/01/18 15:47:28 | 000,433,264 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012/01/18 15:47:20 | 000,354,416 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/01/18 15:04:52 | 011,839,488 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012/01/18 13:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/01/18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/12/14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/10/19 19:01:34 | 000,191,440 | ---- | M] (QIP.ru) [On_Demand | Stopped] -- C:\Program Files (x86)\QipGuard\QipGuard.exe -- (QipGuard)
SRV - [2011/10/14 14:49:38 | 000,745,832 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011/08/29 22:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011/08/15 15:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/02 05:41:37 | 000,012,800 | ---- | M] (Mr. John aka japamd) [Auto | Running] -- C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe -- (RadeonPro Support Service)
SRV - [2011/01/09 17:41:06 | 000,069,632 | ---- | M] (e-sonopress) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\esonopress Shared\Service\Licence Manager SON.exe -- (License Management Service SON)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/07/15 09:24:26 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/09/10 14:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/07/16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/18 12:28:46 | 000,068,096 | ---- | M] () [Auto | Running] -- C:\Compilers\Cygwin\bin\cygrunsrv.exe -- (sshd)
SRV - [2007/05/28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/02/05 09:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 09:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/02/15 04:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/01/18 15:47:44 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012/01/18 15:46:52 | 000,032,880 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012/01/18 15:46:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012/01/18 13:06:00 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012/01/18 13:06:00 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012/01/18 08:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64) Logitech HD Webcam C270(UVC)
DRV:64bit: - [2012/01/18 08:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/12/05 21:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/09/22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011/08/29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/23 21:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/23 04:43:09 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/08/23 04:43:09 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011/08/08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/17 20:03:58 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 21:27:31 | 000,030,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Gun64.sys -- (Gun)
DRV:64bit: - [2011/01/18 15:47:48 | 000,004,608 | ---- | M] (JJS) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pspdisp_x64.sys -- (pspdisp)
DRV:64bit: - [2010/11/20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 01:43:58 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/10/02 10:08:56 | 000,043,456 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2010/07/30 14:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010/07/30 14:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/07/30 14:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010/07/30 14:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010/06/25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/05/27 21:41:28 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/04/12 10:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/09 12:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/14 19:27:46 | 000,032,544 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2010/01/14 19:27:30 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.2)
DRV:64bit: - [2010/01/14 19:27:30 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.2)
DRV:64bit: - [2010/01/14 19:27:18 | 000,029,472 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2)
DRV:64bit: - [2009/11/02 12:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009/08/07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x64\Sandra.sys -- (SANDRA)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007/04/17 10:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2011/02/15 18:43:28 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\Alex\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2010/02/14 16:56:12 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {95289393-33EA-4F8D-B952-483415B9C955}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = http://search.qip.ru/?query={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2164020701-20636641-638044707-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://gr.msn.com/?mkt=el-gr
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = el
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 6E 5E 10 11 A9 CA 01 [binary data]
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1001\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1001\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1001\..\SearchScopes\{6B3A53C1-C5E4-4D1E-9E2C-3D5641414A82}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1001\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1001\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/search?query={searchTerms}&from=IE
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1001\..\SearchScopes\{E0E38748-51AC-41AE-B1B1-1030EB2B9DD9}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2164020701-20636641-638044707-1019\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1019\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1019\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1019\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1019\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1019\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://gr.msn.com/?mkt=el-gr
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1019\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = el
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1019\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 6E 5E 10 11 A9 CA 01 [binary data]
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1019\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1019\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1019\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1019\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1019\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1019\..\SearchScopes\{6B3A53C1-C5E4-4D1E-9E2C-3D5641414A82}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1019\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1019\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/search?query={searchTerms}&from=IE
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1019\..\SearchScopes\{E0E38748-51AC-41AE-B1B1-1030EB2B9DD9}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKU\S-1-5-21-2164020701-20636641-638044707-1019\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.gr/"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6.4
FF - prefs.js..extensions.enabledItems: {68836a21-fc7d-4ea1-a065-7efabd99d414}:3.02
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3713a489-0634-4472-8456-dc7abd7eba00}:1.3.1
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..extensions.enabledItems: {624bab10-c637-11dd-ad8b-0800200c9a66}:0.8.7
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 6000


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 11.0\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS [2012/03/14 09:13:03 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 11.0\extensions\\Plugins: C:\PROGRAM FILES\WATERFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/05/07 18:05:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/05/07 18:05:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/14 08:32:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/14 08:32:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/14 08:32:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/05/07 18:05:13 | 000,000,000 | ---D | M]

[2011/05/07 19:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions
[2012/03/14 07:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\0dekehmf.default\extensions
[2011/05/07 19:11:00 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\0dekehmf.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2012/01/10 13:00:23 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\0dekehmf.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/05/07 19:11:12 | 000,000,000 | ---D | M] (Abaca classic) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\0dekehmf.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}
[2011/05/07 19:11:18 | 000,000,000 | ---D | M] (Aero Fox XL) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\0dekehmf.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2011/05/07 19:11:28 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\0dekehmf.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2012/03/14 07:28:02 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\0dekehmf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/10/17 21:04:29 | 000,000,000 | ---D | M] (Greek-English Spelling dictionary) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\0dekehmf.default\extensions\el-en@dictionaries.addons.mozilla.org
[2011/10/17 14:58:57 | 000,000,000 | ---D | M] (Greek Spelling dictionary) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\0dekehmf.default\extensions\el-GR@dictionaries.addons.mozilla.org
[2011/10/17 21:04:29 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\0dekehmf.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011/05/07 19:10:55 | 000,000,000 | ---D | M] (Mangan) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\0dekehmf.default\extensions\mangan@joerg-walter.net
[2011/05/07 19:11:00 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\0dekehmf.default\extensions\noia2_option@kk.noia
[2011/05/07 19:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\0dekehmf.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2011/05/07 19:11:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\0dekehmf.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}\chrome\mozapps\extensions
[2011/05/07 19:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\0dekehmf.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2011/05/07 19:10:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\0dekehmf.default\extensions\mangan@joerg-walter.net\chrome\mozapps\extensions
[2011/09/08 17:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\s0wtg7b7.default\extensions
[2010/06/25 20:17:54 | 000,002,094 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0dekehmf.default\searchplugins\--youtube.xml
[2012/03/14 05:08:28 | 000,002,233 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0dekehmf.default\searchplugins\demonoid-torrent-pool.xml
[2012/03/16 14:10:26 | 000,002,203 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0dekehmf.default\searchplugins\dmis5lsnh9.xml
[2011/03/03 22:00:52 | 000,012,703 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0dekehmf.default\searchplugins\imdb.xml
[2012/03/14 05:08:28 | 000,004,873 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0dekehmf.default\searchplugins\isohunt--bt-search.xml
[2009/04/05 03:38:44 | 000,002,298 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0dekehmf.default\searchplugins\lastfm.xml
[2011/10/10 02:06:22 | 000,002,276 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0dekehmf.default\searchplugins\minecraft-wiki-en.xml
[2009/04/28 21:47:19 | 000,001,976 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0dekehmf.default\searchplugins\rapidshare-google-arama.xml
[2010/02/12 17:38:05 | 000,002,007 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0dekehmf.default\searchplugins\sharereactor.xml
[2009/09/10 15:03:13 | 000,002,007 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0dekehmf.default\searchplugins\skroutz.xml
[2009/04/28 21:48:18 | 000,001,679 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0dekehmf.default\searchplugins\thepiratebayorg.xml
[2009/03/24 05:36:11 | 000,002,166 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0dekehmf.default\searchplugins\torrentbox.xml
[2010/02/12 17:38:48 | 000,001,011 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0dekehmf.default\searchplugins\torrentz-search.xml
[2009/02/06 19:17:44 | 000,001,330 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0dekehmf.default\searchplugins\wikipedia-en.xml
[2011/11/25 02:34:20 | 000,001,746 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0dekehmf.default\searchplugins\yg-ffxiv-search.xml
[2012/03/14 08:32:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0DEKEHMF.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0DEKEHMF.DEFAULT\EXTENSIONS\{68836A21-FC7D-4EA1-A065-7EFABD99D414}.XPI
() (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0DEKEHMF.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0DEKEHMF.DEFAULT\EXTENSIONS\BRIEF@MOZDEV.ORG.XPI
() (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0DEKEHMF.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0DEKEHMF.DEFAULT\EXTENSIONS\FIREFINDER@ROBERTNYMAN.COM.XPI
() (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0DEKEHMF.DEFAULT\EXTENSIONS\GREASEFIRE@SKRUL.COM.XPI
() (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0DEKEHMF.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012/03/13 06:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/13 06:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 06:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Alex\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/03/15 01:20:56 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 149.5.18.172 www.google-analytics.com.
O1 - Hosts: 149.5.18.172 ad-emea.doubleclick.net.
O1 - Hosts: 149.5.18.172 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2 - BHO: (GetRight IE Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files (x86)\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-2164020701-20636641-638044707-1001..\Run: [Actual Window Manager] C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter.exe (Actual Tools)
O4 - HKU\S-1-5-21-2164020701-20636641-638044707-1001..\Run: [Grid] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe ()
O4 - HKU\S-1-5-21-2164020701-20636641-638044707-1001..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-2164020701-20636641-638044707-1019..\Run: [Actual Window Manager] C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter.exe (Actual Tools)
O4 - HKU\S-1-5-21-2164020701-20636641-638044707-1019..\Run: [Infium] C:\Program Files (x86)\QIP 2012\qip.exe (QIP)
O4 - HKU\S-1-5-21-2164020701-20636641-638044707-1019..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2164020701-20636641-638044707-1019..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2164020701-20636641-638044707-1019..\Run: [winupdater] C:\Users\psxlover\Documents\Updates\Winupdater.exe File not found
O4 - HKU\S-1-5-21-2164020701-20636641-638044707-1019..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2164020701-20636641-638044707-1019..\RunOnce: [WAB Migrate] C:\Program Files (x86)\Windows Mail\wab.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2164020701-20636641-638044707-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2164020701-20636641-638044707-1019\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: ?????µa pe??t? st?? ????? &1 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: ?????µa pe??t? st?? ????? &2 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Download with GetRight Pro - C:\Program Files (x86)\GetRight\GRdownload.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files (x86)\GetRight\GRbrowse.htm ()
O8:64bit: - Extra context menu item: Άνοιγμα πελάτη στην οθόνη &1 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Άνοιγμα πελάτη στην οθόνη &2 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: ?????µa pe??t? st?? ????? &1 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: ?????µa pe??t? st?? ????? &2 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files (x86)\GetRight\GRdownload.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files (x86)\GetRight\GRbrowse.htm ()
O8 - Extra context menu item: Άνοιγμα πελάτη στην οθόνη &1 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Άνοιγμα πελάτη στην οθόνη &2 - C:\Windows\web\AOpenClient.htm File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2164020701-20636641-638044707-1001\..Trusted Domains: ([]msn in Computer)
O15 - HKU\S-1-5-21-2164020701-20636641-638044707-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2164020701-20636641-638044707-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2164020701-20636641-638044707-1001\..Trusted Domains: kithara.vu ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2164020701-20636641-638044707-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2164020701-20636641-638044707-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2164020701-20636641-638044707-1019\..Trusted Domains: ([]msn in Computer)
O15 - HKU\S-1-5-21-2164020701-20636641-638044707-1019\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2164020701-20636641-638044707-1019\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2164020701-20636641-638044707-1019\..Trusted Domains: kithara.vu ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2164020701-20636641-638044707-1019\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2164020701-20636641-638044707-1019\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AB734B2-5226-47A3-A685-D8BA6EFF5DAC}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Alex\Documents\Updates\Winupdater.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Alex\Documents\Updates\Winupdater.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Alex\Documents\Updates\Winupdater.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop Components:0 (Τρέχουσα αρχική σελίδα) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b4e95aed-80b0-11e0-a18a-0025221f1158}\Shell - "" = AutoRun
O33 - MountPoints2\{b4e95aed-80b0-11e0-a18a-0025221f1158}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/17 03:28:57 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2012/03/17 02:52:23 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\tdsskiller.exe
[2012/03/17 02:24:55 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/03/17 01:40:51 | 004,438,210 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
[2012/03/17 00:08:06 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\.mojam
[2012/03/16 19:38:53 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\dds.scr
[2012/03/16 17:13:26 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{82315C3A-B42F-42AD-A37E-DEE13763CFB3}
[2012/03/16 17:13:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{4434D92D-E7CD-434A-8825-38FE641FFE5E}
[2012/03/16 14:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/03/16 05:12:47 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{8F3DFEAC-41A7-49C0-889F-8900DA26AC95}
[2012/03/16 05:12:36 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{380F29B9-A89F-4523-8E2E-EF25C8F11A6F}
[2012/03/16 04:26:20 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cmd.execf
[2012/03/15 19:04:58 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes
[2012/03/15 19:04:36 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/15 19:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/15 19:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/15 19:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/15 19:04:00 | 000,063,088 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2012/03/15 19:03:43 | 000,354,416 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2012/03/15 19:03:41 | 000,433,264 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2012/03/15 19:03:41 | 000,030,320 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2012/03/15 19:03:37 | 000,942,192 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2012/03/15 19:03:35 | 000,039,024 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2012/03/15 19:03:35 | 000,032,880 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2012/03/15 19:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2012/03/15 19:03:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2012/03/15 19:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2012/03/15 17:03:11 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{BB01FFE6-DE75-495C-A48A-83EEC2F5FEC6}
[2012/03/15 17:02:06 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{E22AE38F-3583-4354-97FD-77D56098D1BC}
[2012/03/15 05:00:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{0116AAC8-55DC-48DA-AFCA-ECEFA3BAF64D}
[2012/03/15 05:00:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{A7C82843-AD84-4B97-A3B9-D113A5D64ADE}
[2012/03/14 17:00:11 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{CE009F35-6C1B-41FA-A8B0-419DFBC07367}
[2012/03/14 17:00:00 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{BA5B1525-87FA-44AE-BF2D-ED91434C967A}
[2012/03/14 10:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2012/03/14 10:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012/03/14 10:30:08 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/14 10:30:08 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 10:30:07 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/14 10:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/03/14 10:21:48 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2012/03/14 10:21:48 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2012/03/14 10:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64
[2012/03/14 10:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/03/14 09:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/03/14 09:55:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/03/14 09:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/03/14 09:55:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/03/14 09:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/03/14 09:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/03/14 09:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/03/14 09:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/03/14 09:52:34 | 000,000,000 | ---D | C] -- C:\AMD
[2012/03/14 09:29:56 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/03/14 09:29:53 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 09:29:53 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/03/14 09:29:53 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/03/14 09:29:48 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/03/14 09:28:51 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/03/14 09:28:51 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/03/14 09:28:50 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/03/14 09:28:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/03/14 09:28:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/03/14 09:28:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/03/14 09:28:49 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/03/14 09:28:49 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/03/14 09:28:49 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/03/14 09:28:49 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/03/14 09:28:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/03/14 09:19:04 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 09:19:04 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 09:19:04 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 09:19:04 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/14 09:19:03 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/14 09:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Waterfox
[2012/03/14 08:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/03/14 04:59:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{9A1C17A8-6941-4D73-9F87-D8C6DF1F7FB0}
[2012/03/14 04:59:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{627DB288-2ABD-4863-BAA0-B38991D7E7D0}
[2012/02/28 02:55:18 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{822D9EAC-363D-4AB4-9F2B-980CF42EA322}
[2012/02/27 14:54:44 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C4C5CF8A-2787-4181-B655-1B8D31EFC159}
[2012/02/27 02:54:11 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{FD0A4FE5-3C81-4DFD-9A24-716DE0BE68C0}
[2012/02/26 14:53:40 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{990A7C3E-040C-4B4D-9E0B-7BFB074FA054}
[2012/02/26 02:53:10 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{BCF92D67-5D4F-42A8-BE2C-612195034E1D}
[2012/02/25 14:52:43 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{594F910A-3C8D-4EBD-AF08-59C4853DFFC6}
[2012/02/25 02:52:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{0500A4C9-F41D-4D69-B245-62FA2DE54E65}
[2012/02/25 02:52:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{14467640-0191-4F3E-90F8-CCDE3AF30A01}
[2012/02/24 14:51:32 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{A5D81792-42DD-423E-87FD-5155A3CE8835}
[2012/02/24 02:51:04 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{B4843401-D9AA-470B-B18B-4AF666EABE0B}
[2012/02/23 14:50:39 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{9A15E5B6-41FF-47C4-88A0-6FA633ADCF43}
[2012/02/23 02:50:13 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{BC204799-CD9C-4076-A518-2A9EB9BBE10F}
[2012/02/22 14:49:48 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{5A4E7FBF-B2CA-4F9C-8FDB-F347A2B4E20E}
[2012/02/22 14:49:36 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C006D2C4-613B-477E-B5C9-CB8338B543CD}
[2012/02/22 02:49:07 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{3213C52A-3423-4284-82A7-78C5515F3645}
[2012/02/21 14:48:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{A0200A25-94F9-430C-92BE-4EA6FFC074B4}
[2012/02/21 03:17:28 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Tracker Software
[2012/02/21 02:48:15 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{FA0C0F30-EB92-4587-98B4-8DAA3ABC8FFF}
[2012/02/21 01:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
[2012/02/21 01:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2012/02/20 14:47:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{367D5444-6E81-44AC-957E-34226FC45E59}
[2012/02/20 02:47:26 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{D9E26351-2022-4E44-8E2F-AD27E568F3D7}
[2012/02/20 02:47:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{FA52841A-5010-490E-8987-FA1BE09DC228}
[2012/02/19 22:32:27 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Harvest
[2012/02/19 22:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Harvest
[2012/02/19 22:32:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oxeye Games
[2012/02/19 14:46:47 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{A72C7F33-28F8-4F73-85CE-CF4ABA708383}
[2012/02/19 14:46:35 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{BA2675B8-753C-47DA-9548-CAF952DE2411}
[2012/02/19 02:20:59 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{22AC2332-056E-4404-9412-6894BE714A90}
[2012/02/19 02:20:47 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{6A0A92D5-F0FF-42DB-81E8-3B5F3023BBA0}
[2012/02/18 14:20:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{9953C57D-8858-42C0-828B-0B00C4F17592}
[2012/02/18 02:19:56 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{50118F67-CB12-4DA3-9838-783D1C42402E}
[2012/02/18 02:19:44 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{A5A67617-3283-40C0-8864-57ECEC3E6188}
[2012/02/17 14:19:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{6CBA3851-269A-499D-9547-E5568A2B9B82}
[2012/02/17 02:18:47 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{07B60B47-79A9-42EE-9B20-D68D102168AB}
[2012/02/16 14:18:20 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{DF550A4B-B78C-4696-BDB6-B1E0E75C08AE}
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/17 03:28:57 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2012/03/17 02:52:25 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\tdsskiller.exe
[2012/03/17 02:50:00 | 000,001,190 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2164020701-20636641-638044707-1001UA.job
[2012/03/17 01:59:32 | 000,025,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/17 01:59:32 | 000,025,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/17 01:51:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/17 01:51:28 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_log_ad13.cmd
[2012/03/17 01:50:37 | 1066,676,222 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/17 01:40:55 | 004,438,210 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
[2012/03/17 01:25:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2012/03/16 19:39:00 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\dds.scr
[2012/03/16 19:32:41 | 000,000,020 | ---- | M] () -- C:\Users\Alex\defogger_reenable
[2012/03/16 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012/03/16 16:50:35 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2164020701-20636641-638044707-1001Core.job
[2012/03/16 14:02:28 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cmd.execf
[2012/03/15 19:28:14 | 000,000,600 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\winscp.rnd
[2012/03/15 19:04:36 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/15 19:04:02 | 000,001,028 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk
[2012/03/15 19:03:33 | 001,733,976 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/15 19:03:33 | 000,732,716 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/15 19:03:33 | 000,687,624 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2012/03/15 19:03:33 | 000,152,462 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/15 19:03:33 | 000,142,848 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2012/03/15 19:03:32 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2012/03/15 01:20:56 | 000,001,395 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/15 01:09:19 | 000,137,728 | ---- | M] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/14 22:47:52 | 001,680,952 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/14 16:30:31 | 000,429,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/14 10:58:09 | 000,001,127 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\DS ROM Organizer.lnk
[2012/03/14 09:59:06 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/03/14 09:16:54 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2012/03/14 08:37:04 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/14 07:34:45 | 000,002,040 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/23 04:16:06 | 000,002,664 | ---- | M] () -- C:\Users\Alex\.kdiff3rc
[2012/02/19 22:32:27 | 000,002,037 | ---- | M] () -- C:\Users\Alex\Desktop\Harvest - Massive Encounter.lnk
[2012/02/17 08:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/02/17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/16 19:32:41 | 000,000,020 | ---- | C] () -- C:\Users\Alex\defogger_reenable
[2012/03/15 19:04:36 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/15 19:04:02 | 000,001,028 | ---- | C] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk
[2012/03/15 19:03:32 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2012/03/15 01:18:41 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_log_ad13.cmd
[2012/03/14 10:21:48 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/03/14 10:21:48 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/03/14 10:21:48 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2012/03/14 10:21:47 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/03/14 10:14:53 | 000,203,264 | ---- | C] () -- C:\Windows\SysNative\unrar.dll
[2012/03/14 10:14:52 | 000,092,160 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
[2012/03/14 09:59:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/03/14 09:16:54 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2012/03/14 09:13:05 | 000,000,870 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
[2012/02/19 22:32:27 | 000,002,037 | ---- | C] () -- C:\Users\Alex\Desktop\Harvest - Massive Encounter.lnk
[2012/02/15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/01/10 21:18:50 | 011,423,744 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Sandra.mdb
[2011/12/08 16:45:38 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/12/08 16:45:28 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/18 17:08:46 | 000,000,264 | ---- | C] () -- C:\Windows\_delis32.ini
[2011/10/13 18:51:49 | 000,007,674 | ---- | C] () -- C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/09 18:29:59 | 000,038,968 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/09/09 17:41:55 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/09/09 17:41:55 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/09/09 17:41:55 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/08/23 04:36:09 | 000,137,728 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/30 12:34:08 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/05/30 12:34:08 | 000,000,008 | RHS- | C] () -- C:\ProgramData\6AA179D13D.sys
[2011/05/25 19:08:07 | 000,051,270 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\room_v3.dat
[2011/05/21 14:04:14 | 000,000,600 | ---- | C] () -- C:\Users\Alex\AppData\Local\PUTTY.RND
[2011/05/08 00:10:56 | 000,000,346 | ---- | C] () -- C:\Windows\SysWow64\cygrunsrv.exe.stackdump
[2011/05/07 16:55:37 | 001,733,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/26 16:56:52 | 000,046,742 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\room.dat
[2011/01/07 14:27:53 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/01/06 07:24:37 | 000,000,300 | ---- | C] () -- C:\Windows\game.ini
[2010/10/14 17:44:19 | 000,032,878 | ---- | C] () -- C:\Windows\scunin.dat
[2010/08/24 13:46:44 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/08/22 18:36:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/06/25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/06/07 06:12:24 | 000,000,232 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\System Uptime Full Plus_Settings.ini
[2010/06/03 08:14:31 | 000,000,136 | ---- | C] () -- C:\Windows\SysWow64\cpuz.ini
[2010/05/30 01:30:00 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\lmpqapi.dll
[2010/05/30 01:24:28 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2010/05/28 03:46:39 | 000,001,850 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
[2010/05/28 03:46:38 | 000,011,479 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
[2010/05/28 03:46:38 | 000,002,234 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
[2010/05/28 03:46:38 | 000,001,230 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Wave64 Codec.dat
[2010/05/28 03:46:35 | 000,003,014 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp WavPack Codec.dat
[2010/05/28 03:46:35 | 000,001,212 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Dalet Codec.dat
[2010/05/28 03:46:30 | 000,003,071 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2010/05/28 03:46:24 | 000,003,159 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
[2010/05/28 03:46:19 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
[2010/05/28 03:46:13 | 000,002,993 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2010/05/28 03:46:08 | 000,002,849 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
[2010/05/28 03:45:55 | 000,005,894 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.dat
[2010/05/28 03:44:49 | 000,012,502 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/05/28 03:44:47 | 003,835,624 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/05/28 03:44:47 | 000,018,038 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/05/27 05:34:45 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2010/05/21 05:16:10 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/05/21 04:52:38 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/05/01 17:58:14 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\FCVAP.dll
[2010/05/01 17:58:14 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\Tdwfk.dll
[2010/05/01 17:58:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\rescan.exe
[2010/05/01 17:58:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\remove2.exe
[2010/05/01 17:58:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\remove.exe
[2010/05/01 17:58:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ReDlg.exe
[2010/05/01 17:58:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\re_move_scan.exe
[2010/04/21 19:08:08 | 000,210,032 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL
[2010/04/18 13:56:41 | 000,000,600 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\winscp.rnd
[2010/04/13 12:38:08 | 000,000,318 | ---- | C] () -- C:\Windows\WPE PRO.INI

< End of report >










Extras.Txt:
OTL Extras logfile created on: 17/3/2012 03:29:49 - Run 1
OTL by OldTimer - Version 3.2.37.1 Folder = C:\Users\Alex\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

11,99 Gb Total Physical Memory | 9,24 Gb Available Physical Memory | 77,02% Memory free
23,98 Gb Paging File | 20,52 Gb Available in Paging File | 85,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 660,84 Gb Free Space | 35,47% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 14,61 Gb Free Space | 14,96% Space Free | Partition Type: NTFS
Drive I: | 498,52 Gb Total Space | 26,31 Gb Free Space | 5,28% Space Free | Partition Type: NTFS

Computer Name: ALEX-NEW | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2164020701-20636641-638044707-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Waterfox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L"
Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L"
Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0C818871-6337-17AC-CA8C-A3942F15D92A}" = AMD Accelerated Video Transcoding
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{251481E4-723F-492F-F5C1-3424FB2EF44E}" = AMD Drag and Drop Transcoding
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java™ 6 Update 29 (64-bit)
"{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}" = Microsoft SQL Server 2008 Native Client
"{28F03685-172D-20C8-394F-F95E0D203474}" = AMD Media Foundation Decoders
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{49D5BCB5-31E0-4B32-816D-E953C372E650}" = TortoiseSVN 1.6.8.19260 (64 bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4FF5C7C9-86CC-41ED-B93B-0B51AB4FED24}" = VmciSockets
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{54FFD5AC-7350-52B9-FB8F-1A8A6CF1FB5B}" = AMD Media Foundation Decoders
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{603A40C0-110D-3C5A-81CD-638DC1716B8D}" = Microsoft .NET Framework 4 Extended ELL Language Pack
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6292D514-17A4-403F-98F9-E150F10C043D}" = Microsoft SQL Server 2008 Setup Support Files
"{64A3A4F4-B792-11D6-A78A-00B0D0160290}" = Java™ SE Development Kit 6 Update 29 (64-bit)
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{717BF9BD-65DD-45FF-E30F-A6C6D7945EC6}" = ccc-utility64
"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0408-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Greek) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EC10607-4F0B-336D-80FE-B869F4D55ABC}" = Microsoft .NET Framework 4 Client Profile ELL Language Pack
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2012.SP1
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{E9735C19-6BA5-4399-8EDA-A10ADBAB6688}" = PGI Workstation 10.9
"{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Πακέτο προγραμμάτων οδήγησης των Windows - Nokia Modem (06/09/2010 4.5)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"ComicRack" = ComicRack v0.9.140
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"EEEE705096F837B7907659F100C9FE6DA001970F" = Πακέτο προγραμμάτων οδήγησης των Windows - Nokia Modem (06/09/2010 7.01.0.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Πακέτο προγραμμάτων οδήγησης των Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"KLiteCodecPack64_is1" = K-Lite Codec Pack 6.0.2 (64-bit)
"Logitech Gaming Software" = Logitech Gaming Software 8.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ELL Language Pack" = Πακέτο γλωσσών για τα Ελληνικά του Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended ELL Language Pack" = Πακέτο γλωσσών για τα Ελληνικά του Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"nbi-nb-base-6.7.1.0.0" = NetBeans IDE 6.7.1
"nbi-nb-base-7.0.1.0.0" = NetBeans IDE 7.0.1
"RealVNC_is1" = VNC Enterprise Edition E4.5.1
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VNCMirror_is1" = VNC Mirror Driver 1.8.0
"VNCPrinter_is1" = VNC Printer Driver 1.6.0
"Waterfox 11.0 (x64 en-US)" = Waterfox 11.0 (x64 en-US)
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01DAE036-0879-4915-ADC7-4692A34D7899}" = Folding@home-gpu
"{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
"{045F305E-D9F4-445F-B1F1-095CA09EEDEC}" = Crazy Machines
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{06204E2A-6369-43ED-A9CF-49B5F49915FA}" = Superbox Pro and Superbox
"{0739F5FC-3339-4113-B3F9-83F311FE2AAA}_is1" = Find Subtitles 1.0
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B59A75C-615A-ABB2-0464-5AF5104C284A}" = CCC Help Norwegian
"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{1039158D-B0B8-4C52-8CA6-F3C9F072657D}" = Crazy Machines - New Challenges
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1" = Deus Ex - Human Revolution version 1.0
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{150EE7AE-A548-4A00-B9E3-99D96816F9DD}" = Installer Intel® C++ Compiler Professional Edition 11.1.054 Update 4 for Windows*
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}" = SDFormatter
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{1B2ADAAC-573C-935F-3B87-CD7029C7F020}" = CCC Help Spanish
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1F08ACAA-BF3E-2569-9294-2EBA2885C205}" = CCC Help Greek
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{204D7A53-4EE9-EC02-EBCF-1AC61057E835}" = CCC Help Czech
"{21040472-F8DF-48A9-A093-2986C1495670}" = Lineage II
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.2
"{2557BFE0-B5AC-AB5B-8873-9122BABBED0C}" = CCC Help Chinese Traditional
"{25BE8C91-0FC9-4AEF-914A-0571A6F4048A}" = Intel® Math Kernel Library for applications running on IA-32, version 10.2.054
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{2713CC64-B3FF-A2FD-9AFF-471F11A36284}" = CCC Help Danish
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{3826C2D2-45A2-4DBD-93AE-90894A449A0C}" = Intel® C++ Compiler for applications running on IA-32, version 11.1.054
"{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Activision®
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{43430808-081A-4C0D-B7CC-601000018301}" = LOST PLANET 2
"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{50F038DD-5B3A-179A-4CB2-DB56E2527E0F}" = CCC Help Dutch
"{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{54510837-BD04-4C32-9676-DB1000038201}" = Red Faction: Guerrilla
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5842A2D8-618F-4A2A-BD2D-9715526CB272}_is1" = DS ROM Organizer 4.2.0.0
"{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.2.0
"{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD 2010
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = The Saboteur™
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5ED61938-A4A9-FA79-3841-F022C5865AF5}" = CCC Help English
"{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
"{68ADAEAA-DABD-45C1-9CC2-F995407549CD}" = Microsoft Windows Debugging Symbols
"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}" = AMD System Monitor
"{6F117A6D-7368-4597-846C-C4C36B8C6A9C}" = Intel® Integrated Performance Primitives for applications running on IA-32, version 6.1.054
"{6F28C2D1-EAB8-4193-4AE5-4EB9CA49FBED}" = CCC Help Polish
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{737369DC-08E8-4787-A78C-F86943247BDF}" = LOST PLANET 2
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7741CC1B-B9C0-4E94-9202-DF8521BBA403}" = Intel® Math Kernel Library for applications running on Intel® 64, version 10.2.054
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
"{79D83AD9-3E68-F48A-9E73-ACD17897F265}" = CCC Help Portuguese
"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{842A96FC-E07E-EC7F-A025-9C8F585B1A7F}" = CCC Help Swedish
"{8495CDF7-BCF8-13F8-F5F4-D9B7E9768EDB}" = Catalyst Control Center Localization All
"{84C00B33-9EAD-9C3C-9B17-2E4E2707F0F2}" = Catalyst Control Center InstallProxy
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E4E1FA6-52DF-4D74-96B6-636BC34E36BE}" = Intel® Integrated Performance Primitives for applications running on Intel® 64, version 6.1.054
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster FFB Driver
"{90120000-0015-0408-0000-0000000FF1CE}" = Microsoft Office Access MUI (Greek) 2007
"{90120000-0015-0408-0000-0000000FF1CE}_OMUI.el-gr_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0408-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Greek) 2007
"{90120000-0016-0408-0000-0000000FF1CE}_OMUI.el-gr_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0408-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Greek) 2007
"{90120000-0017-0408-0000-0000000FF1CE}_OMUI.el-gr_{FB030BB2-3A16-44E4-B0C4-407A7D00BF3B}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0408-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Greek) 2007
"{90120000-0018-0408-0000-0000000FF1CE}_OMUI.el-gr_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0408-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Greek) 2007
"{90120000-0019-0408-0000-0000000FF1CE}_OMUI.el-gr_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0408-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Greek) 2007
"{90120000-001A-0408-0000-0000000FF1CE}_OMUI.el-gr_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0408-0000-0000000FF1CE}" = Microsoft Office Word MUI (Greek) 2007
"{90120000-001B-0408-0000-0000000FF1CE}_OMUI.el-gr_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.el-gr_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2007
"{90120000-001F-0408-0000-0000000FF1CE}_OMUI.el-gr_{DB0C1C5A-7998-4B95-8BD5-ACACD18B0B53}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.el-gr_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.el-gr_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0408-1000-0000000FF1CE}_OMUI.el-gr_{58D10C7E-20DE-47F0-BAFA-37A870A625F9}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0408-0000-0000000FF1CE}" = Microsoft Office Proofing (Greek) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0408-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Greek) 2007
"{90120000-0044-0408-0000-0000000FF1CE}_OMUI.el-gr_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0408-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Greek) 2007
"{90120000-006E-0408-0000-0000000FF1CE}_OMUI.el-gr_{58D10C7E-20DE-47F0-BAFA-37A870A625F9}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0408-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Greek) 2007
"{90120000-00A1-0408-0000-0000000FF1CE}_OMUI.el-gr_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0408-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Greek) 2007
"{90120000-00BA-0408-0000-0000000FF1CE}_OMUI.el-gr_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0408-0000-0000000FF1CE}" = Microsoft Office O MUI (Greek) 2007
"{90120000-0100-0408-0000-0000000FF1CE}_OMUI.el-gr_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0408-0000-0000000FF1CE}" = Microsoft Office X MUI (Greek) 2007
"{90120000-0101-0408-0000-0000000FF1CE}_OMUI.el-gr_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92529891-5983-977C-3C9B-48B0814D3EE4}" = CCC Help Turkish
"{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007F-0408-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{959DF55C-05EC-77BE-E43E-6F21D3AA8A86}" = CCC Help Russian
"{9952863E-ABAA-4DE7-81BA-CE324F78B415}" = Intel® C++ Compiler Professional Edition 11.1.054 Update 4 for Windows*
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
"{9B151381-27B4-14D6-57EE-6C48F3DA9BA6}" = Catalyst Control Center Graphics Previews Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C7BF864-5A03-01D7-6811-539EE1749780}" = Catalyst Control Center
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9E084323-F971-C72C-4943-AFE0F99F179D}" = CCC Help Thai
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A76CCB01-1E4F-0613-A1E0-63C13330556B}" = HydraVision
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{ABD3F7BD-02E6-9150-2D34-F9F3109FA466}" = Catalyst Control Center InstallProxy
"{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1" = MinGW-Get version 0.1-alpha-5
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC462391-9A50-EBCF-A59D-1E747C368191}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = Catalyst Control Center
"{B67298BA-EF28-809B-3539-1754416A7F0B}" = CCC Help Hungarian
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{BCCA10AA-320A-4E0C-A16B-819C7E39F813}" = Intel® Math Kernel Library common files, version 10.2.054
"{BCDADBF1-A530-1923-F3A4-9AAA44E072E5}" = CCC Help Korean
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
"{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
"{C3EC226D-D618-C465-4AB8-B49A51BB0771}" = CCC Help German
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
"{D54640A3-2C2B-4CB1-9666-01E55F54E7F5}" = NCsoft Launcher
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility
"{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy
"{DCC2B7D1-540F-4D6C-6D74-121BA4ADA7BF}" = CCC Help Japanese
"{DF4EC298-5B5F-401D-A674-F6796FE4F12E}" = Aion
"{E03989B9-A4EF-4B97-9F5F-529315177A5B}" = HFM.NET 0.5.1.198
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
"{E1508054-EC6B-B3B3-52D9-DF387C20ADFA}" = CCC Help French
"{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
"{E25FE31E-D2B7-4F1F-BB4C-AA4FABF91391}" = METRO 2033
"{E470FD52-B199-421E-97A3-91CFD0FF071C}" = Intel® Threading Building Blocks , version 2.2
"{E4AC673A-B81B-45C1-8500-9E35E7122C35}" = Intel® C++ Compiler Professional Edition 11.1.054 Update 4 for Windows*
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
"{EA5B4DB8-BF9A-4E23-B7FB-0A387A3A0E8F}" = Free JavaScript Editor 4.7
"{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0069410-4156-1A9F-E78E-299324F8FFB4}" = CCC Help Finnish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F1C32EB1-F035-ECFE-C312-A23654010759}" = CCC Help Italian
"{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Actual Windows Manager_is1" = Actual Window Manager 7.0 beta 2
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"AhaView" = AhaView
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.00
"Android SDK Tools" = Android SDK Tools
"ArtMoney SE v7.19" = ArtMoney SE v7.19
"ASRock IES_is1" = ASRock IES v2.0.86
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.23
"ASRock OC DNA_is1" = ASRock OC DNA v1.5
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.93
"Audiovisual" = Audiovisual
"AutoHotkey" = AutoHotkey 1.1.05.02
"bgbennyboyGrimReplacementSetup_is1" = Grim Fandango
"Bridge Constructor_is1" = Bridge Constructor v1.0
"CorsixTH" = CorsixTH Beta 6
"Counter-Strike 1.6" = Counter-Strike 1.6
"Crazy Machines 2 + Add-on_is1" = Crazy Machines 2 v1.05 + Add-on
"CRFoxWalker GF CT2.3 3.00" = CRFoxWalker GF CT2.3 3.00
"dBpoweramp [Calculate Audio CRC] Codec" = dBpoweramp [Calculate Audio CRC] Codec
"dBpoweramp CD Writer" = dBpoweramp CD Writer
"dBpoweramp Dalet Codec" = dBpoweramp Dalet Codec
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
"dBpoweramp Mp2 and BwfMp2 codec" = dBpoweramp Mp2 and BwfMp2 codec
"dBpoweramp mp3 (Fraunhofer IIS) Codec" = dBpoweramp mp3 (Fraunhofer IIS) Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBpoweramp Real Audio (Helix) Encoder" = dBpoweramp Real Audio (Helix) Encoder
"dBPoweramp tooLame MP2 codec" = dBPoweramp tooLame MP2 codec
"dBpoweramp Wave64 Codec" = dBpoweramp Wave64 Codec
"dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec
"devkitProUpdater" = devkitProUpdater 1.5.0
"Diablo II" = Diablo II
"Doc Clock - The Toasted Sandwich of Time_is1" = Doc Clock - The Toasted Sandwich of Time
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Episode 1" = Back to the Future The Game - Episode 1
"ESET Online Scanner" = ESET Online Scanner v3
"Eurobattle.net1.26" = Eurobattle.net
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"FarmingSimulator2011_PLATINUMEN_is1" = Farming Simulator 2011
"FarmingSimulator2011EN_is1" = Farming Simulator 2011
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"Fraps" = Fraps
"Garena" = Garena 2010
"GetRight Pro_is1" = GetRight
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"Gokart" = Garena - GO Kart
"GunboundIS_is1" = GunboundIS
"Harvest" = Harvest - Massive Encounter
"im" = Garena Messenger
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Singularity™
"InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{E9735C19-6BA5-4399-8EDA-A10ADBAB6688}" = PGI Workstation 10.9
"JDownloader" = JDownloader
"KDiff3" = KDiff3 (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.5.2
"L2CrusaderS GF 3.00" = L2CrusaderS GF 3.00
"LastFM_is1" = Last.fm 1.5.4.27091
"LEd_is1" = LEd Beta 0.53
"Logitech Vid" = Logitech Vid HD
"LogMeIn Hamachi" = LogMeIn Hamachi
"LUNA Plus" = LUNA Plus v1.0
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware έκδοση 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"mIRC" = mIRC
"Monopoly by Parker Brothers" = Monopoly by Parker Brothers
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"OCCT" = OCCT 4.0.0
"OMUI.el-gr" = Microsoft Office Language Pack 2007 - Greek/Ελληνικά
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.8.0
"pcsx2-r3113" = PCSX2 - Playstation 2 Emulator
"Plants vs. Zombies" = Plants vs. Zombies
"PowerISO" = PowerISO
"PSPdisp" = PSPdisp v0.6
"RadeonPro_is1" = RadeonPro 1.0 (Build 1.0.11.2)
"RealVNC_is1" = VNC Free Edition 4.1.3
"romcenter_is1" = RomCenter 3.58
"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X
"ScummVM_is1" = ScummVM 1.4.1
"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Stronghold 3_is1" = Stronghold 3
"TagScanner_is1" = TagScanner 5.1.600
"TeamViewer 7" = TeamViewer 7
"TeXLive2010" = TeX Live 2010
"Texmaker" = Texmaker
"Thief2DeinstallKey" = Thief 2
"Tunngle beta_is1" = Tunngle beta
"TWIN PS TO PC CONVERTER" = TWIN PS TO PC CONVERTER
"Uninstaller_B30C7000_Crazy Machines New Challenges" = Crazy Machines New Challenges (Shared Components)
"uTorrent" = µTorrent
"VMware_Workstation" = VMware Workstation
"W3M Map Utilities" = W3M Map Utilities
"Warzone 2100" = Warzone 2100
"Warzone 2100-2.3.9" = Warzone 2100-2.3.9
"WebStorm 2.1.4" = JetBrains WebStorm 2.1.4
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinHugs" = WinHugs
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"winscp3_is1" = WinSCP 4.3.2
"Worms Reloaded_is1" = Worms Reloaded
"wxdevcpp" = wxDev-C++
"Yacc" = Yacc 0.4.0.3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2164020701-20636641-638044707-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Episode 2" = Back to the Future The Game - Episode 2
"Episode 3" = Back to the Future The Game - Episode 3
"GameRanger" = GameRanger
"Google Chrome" = Google Chrome
"LayeredPaneDemo" = LayeredPaneDemo
"QIP 2012" = QIP 2012 4.0.7058
"Radio Button Demo" = Radio Button Demo
"SOE-DC Universe Online Live" = DC Universe Online Live
"UnityWebPlayer" = Unity Web Player

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2164020701-20636641-638044707-1019\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Episode 2" = Back to the Future The Game - Episode 2
"Episode 3" = Back to the Future The Game - Episode 3
"GameRanger" = GameRanger
"Google Chrome" = Google Chrome
"LayeredPaneDemo" = LayeredPaneDemo
"QIP 2012" = QIP 2012 4.0.6715
"QipGuard" = QIP Internet Guardian
"Radio Button Demo" = Radio Button Demo
"SOE-DC Universe Online Live" = DC Universe Online Live

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/3/2012 18:09:51 | Computer Name = Alex-New | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής hl.exe, έκδοση 1.1.1.1, χρονική σήμανση
0x3fd11900 Όνομα ελαττωματικής λειτουργικής μονάδας serverbrowser.dll_unloaded,
έκδοση 0.0.0.0, χρονική σήμανση 0x42f19fab Κωδικός εξαίρεσης: 0xc0000005 Μετατόπιση
σφάλματος: 0x1160e290 Αναγνωριστικό ελαττωματικής διεργασίας: 0x1c58 Χρόνος έναρξης
ελαττωματικής εφαρμογής: 0x01cd02f849345534 Διαδρομή ελαττωματικής εφαρμογής: C:\Program
Files (x86)\Counter-Strike 1.6\hl.exe Διαδρομή ελλατωματικής λειτουργικής μονάδας:serverbrowser.dll
Αναγνωριστικό
αναφοράς:959f31b9-6eeb-11e1-9eb4-005056c00008

Error - 15/3/2012 18:10:53 | Computer Name = Alex-New | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής hl.exe, έκδοση 1.1.1.1, χρονική σήμανση
0x3fd11900 Όνομα ελαττωματικής λειτουργικής μονάδας serverbrowser.dll_unloaded,
έκδοση 0.0.0.0, χρονική σήμανση 0x42f19fab Κωδικός εξαίρεσης: 0xc0000005 Μετατόπιση
σφάλματος: 0x0d36e290 Αναγνωριστικό ελαττωματικής διεργασίας: 0x1de4 Χρόνος έναρξης
ελαττωματικής εφαρμογής: 0x01cd02f86d6a585f Διαδρομή ελαττωματικής εφαρμογής: C:\Program
Files (x86)\Counter-Strike 1.6\hl.exe Διαδρομή ελλατωματικής λειτουργικής μονάδας:serverbrowser.dll
Αναγνωριστικό
αναφοράς:ba73c146-6eeb-11e1-9eb4-005056c00008

Error - 15/3/2012 18:11:21 | Computer Name = Alex-New | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής hl.exe, έκδοση 1.1.1.1, χρονική σήμανση
0x3fd11900 Όνομα ελαττωματικής λειτουργικής μονάδας serverbrowser.dll_unloaded,
έκδοση 0.0.0.0, χρονική σήμανση 0x42f19fab Κωδικός εξαίρεσης: 0xc0000005 Μετατόπιση
σφάλματος: 0x0f81e290 Αναγνωριστικό ελαττωματικής διεργασίας: 0x1f78 Χρόνος έναρξης
ελαττωματικής εφαρμογής: 0x01cd02f87f3b710f Διαδρομή ελαττωματικής εφαρμογής: C:\Program
Files (x86)\Counter-Strike 1.6\hl.exe Διαδρομή ελλατωματικής λειτουργικής μονάδας:serverbrowser.dll
Αναγνωριστικό
αναφοράς:cb042dac-6eeb-11e1-9eb4-005056c00008

Error - 15/3/2012 20:09:12 | Computer Name = Alex-New | Source = Application Hang | ID = 1002
Description = Το πρόγραμμα mirc.exe έκδοση 7.19.0.0 σταμάτησε να αλληλεπιδρά με
τα Windows και έκλεισε. Για να δείτε αν υπάρχουν διαθέσιμες περισσότερες πληροφορίες
για το πρόβλημα, ελέγξτε το ιστορικό του προβλήματος στον πίνακα ελέγχου του Κέντρου
ενεργειών. Αναγνωριστικό διεργασίας: e2c Ώρα έναρξης: 01cd0308e27b596e Ώρα τερματισμού:
16 Διαδρομή εφαρμογής: C:\Program Files (x86)\mIRC\mirc.exe Αναγνωριστικό αναφοράς:
38711b6c-6efc-11e1-b80a-0025221f1158

Error - 16/3/2012 08:14:08 | Computer Name = Alex-New | Source = SideBySide | ID = 16842832
Description = Η δημιουργία περιβάλλοντος ενεργοποίησης για το "C:\Users\Alex\Downloads\esetsmartinstaller_enu.exe"
απέτυχε. Παρουσιάστηκε σφάλμα στο αρχείο διακήρυξης ή πολιτικής "" στη γραμμή .
Η
έκδοση ενός στοιχείου που απαιτείται για την εφαρμογή έρχεται σε διένεξη με την
έκδοση άλλου στοιχείου το οποίο είναι ήδη ενεργό. Τα στοιχεία που έρχονται σε διένεξη
είναι:. Στοιχείο 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Στοιχείο
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 16/3/2012 08:14:10 | Computer Name = Alex-New | Source = SideBySide | ID = 16842832
Description = Η δημιουργία περιβάλλοντος ενεργοποίησης για το "C:\Users\Alex\Downloads\esetsmartinstaller_enu.exe"
απέτυχε. Παρουσιάστηκε σφάλμα στο αρχείο διακήρυξης ή πολιτικής "" στη γραμμή .
Η
έκδοση ενός στοιχείου που απαιτείται για την εφαρμογή έρχεται σε διένεξη με την
έκδοση άλλου στοιχείου το οποίο είναι ήδη ενεργό. Τα στοιχεία που έρχονται σε διένεξη
είναι:. Στοιχείο 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Στοιχείο
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 16/3/2012 08:19:00 | Computer Name = Alex-New | Source = SideBySide | ID = 16842832
Description = Η δημιουργία περιβάλλοντος ενεργοποίησης για το "C:\Users\Alex\Downloads\esetsmartinstaller_enu.exe"
απέτυχε. Παρουσιάστηκε σφάλμα στο αρχείο διακήρυξης ή πολιτικής "" στη γραμμή .
Η
έκδοση ενός στοιχείου που απαιτείται για την εφαρμογή έρχεται σε διένεξη με την
έκδοση άλλου στοιχείου το οποίο είναι ήδη ενεργό. Τα στοιχεία που έρχονται σε διένεξη
είναι:. Στοιχείο 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Στοιχείο
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 16/3/2012 19:58:19 | Computer Name = Alex-New | Source = Application Hang | ID = 1002
Description = Το πρόγραμμα firefox.exe έκδοση 11.0.0.4454 σταμάτησε να αλληλεπιδρά
με τα Windows και έκλεισε. Για να δείτε αν υπάρχουν διαθέσιμες περισσότερες πληροφορίες
για το πρόβλημα, ελέγξτε το ιστορικό του προβλήματος στον πίνακα ελέγχου του Κέντρου
ενεργειών. Αναγνωριστικό διεργασίας: 1758 Ώρα έναρξης: 01cd03cfef3f8933 Ώρα τερματισμού:
0 Διαδρομή εφαρμογής: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Αναγνωριστικό
αναφοράς: e4f13594-6fc3-11e1-8f25-0025221f1158

Error - 16/3/2012 20:30:08 | Computer Name = Alex-New | Source = SideBySide | ID = 16842832
Description = Η δημιουργία περιβάλλοντος ενεργοποίησης για το "C:\Users\Alex\Downloads\esetsmartinstaller_enu.exe"
απέτυχε. Παρουσιάστηκε σφάλμα στο αρχείο διακήρυξης ή πολιτικής "" στη γραμμή .
Η
έκδοση ενός στοιχείου που απαιτείται για την εφαρμογή έρχεται σε διένεξη με την
έκδοση άλλου στοιχείου το οποίο είναι ήδη ενεργό. Τα στοιχεία που έρχονται σε διένεξη
είναι:. Στοιχείο 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Στοιχείο
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 16/3/2012 20:53:08 | Computer Name = Alex-New | Source = Application Hang | ID = 1002
Description = Το πρόγραμμα Explorer.EXE έκδοση 6.1.7601.17567 σταμάτησε να αλληλεπιδρά
με τα Windows και έκλεισε. Για να δείτε αν υπάρχουν διαθέσιμες περισσότερες πληροφορίες
για το πρόβλημα, ελέγξτε το ιστορικό του προβλήματος στον πίνακα ελέγχου του Κέντρου
ενεργειών. Αναγνωριστικό διεργασίας: 7ec Ώρα έναρξης: 01cd03cfbc27983c Ώρα τερματισμού:
15 Διαδρομή εφαρμογής: C:\Windows\Explorer.EXE Αναγνωριστικό αναφοράς: 8e6a0189-6fcb-11e1-8f25-0025221f1158


[ OSession Events ]
Error - 12/4/2010 16:16:57 | Computer Name = Alex-New | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1431
seconds with 720 seconds of active time. This session ended with a crash.

Error - 13/6/2010 20:18:39 | Computer Name = Alex-New | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/10/2010 21:21:37 | Computer Name = Alex-New | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 38035 seconds with 6600 seconds of active time. This session ended with
a crash.

Error - 3/4/2011 09:13:25 | Computer Name = Alex-New | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/4/2011 09:14:03 | Computer Name = Alex-New | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 16/3/2012 19:47:23 | Computer Name = Alex-New | Source = DCOM | ID = 10005
Description =

Error - 16/3/2012 19:47:33 | Computer Name = Alex-New | Source = DCOM | ID = 10005
Description =

Error - 16/3/2012 19:47:38 | Computer Name = Alex-New | Source = DCOM | ID = 10005
Description =

Error - 16/3/2012 19:47:41 | Computer Name = Alex-New | Source = DCOM | ID = 10005
Description =

Error - 16/3/2012 19:51:41 | Computer Name = Alex-New | Source = Service Control Manager | ID = 7023
Description = Η υπηρεσία Αναζήτηση υπολογιστών τερματίστηκε με το ακόλουθο σφάλμα:
%%1060

Error - 16/3/2012 19:51:42 | Computer Name = Alex-New | Source = Service Control Manager | ID = 7003
Description = Η υπηρεσία Λειτουργικές μονάδες κλειδιών IKE και AuthIP IPsec εξαρτάται
από την ακόλουθη υπηρεσία: BFE. Αυτή η υπηρεσία ενδέχεται να μην είναι εγκατεστημένη.

Error - 16/3/2012 19:51:52 | Computer Name = Alex-New | Source = Service Control Manager | ID = 7003
Description = Η υπηρεσία Παράγοντας πολιτικής IPsec εξαρτάται από την ακόλουθη υπηρεσία:
BFE. Αυτή η υπηρεσία ενδέχεται να μην είναι εγκατεστημένη.

Error - 16/3/2012 19:52:14 | Computer Name = Alex-New | Source = Service Control Manager | ID = 7023
Description = Η υπηρεσία Windows Defender τερματίστηκε με το ακόλουθο σφάλμα: %%126

Error - 16/3/2012 19:52:27 | Computer Name = Alex-New | Source = Service Control Manager | ID = 7034
Description = Η λειτουργία της υπηρεσίας PGI License Server τερματίστηκε αναπάντεχα.
Αυτό συνέβη 1 φορά(ές).

Error - 16/3/2012 19:54:40 | Computer Name = Alex-New | Source = Service Control Manager | ID = 7024
Description = Η υπηρεσία Υπηρεσία ακρόασης οικιακής ομάδας τερματίστηκε με σφάλμα
που έχει σχέση με την υπηρεσία %%-2147023143.


< End of report >

#10 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:20 AM

Posted 18 March 2012 - 10:10 AM

Hi psxlover ,

While I go over these logs I'd like you to try running Combofix another way:

Download a fresh copy of Combofix > renaming it to svchost.exe before saving and then saving it directly to the c:\ drive,

try that in normal mode first, if it still won't run, then try safe mode.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#11 psxlover

psxlover
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 18 March 2012 - 10:41 AM

That didn't work either. The combofix installer/extracter runs, it's whats supposed to run afterwards that is being stopped by the infection.

Also some of the times that I run combofix I was able to access the 32788R22FWJFW folder before it was turned into a link, perhaps we could run the files directly if you know which and in what order are being run.

#12 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:20 AM

Posted 18 March 2012 - 02:08 PM

Hello psxlover ,

Junction

We need to scan the system with this special tool.
  • Please download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

    A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.

===================================================================================



In your next reply, please copy/paste the contents of the following:
  • log.txt

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#13 psxlover

psxlover
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 18 March 2012 - 02:31 PM

Attached the junction output.

Attached Files

  • Attached File  log.txt   199.26KB   10 downloads


#14 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:20 AM

Posted 19 March 2012 - 12:22 PM

Hello psxlover ,

I'd like you to run Junction Box.

Please download Junction Box and unzip it to your desktop.
  • Double click on Junction Box icon.
  • Firstly, we will back up current junctions
    • Click Backup Junctions button.
    • Click Save button
  • Next, we will restore Default junctions.
    • Select Default from Path Folder Drop Down menu
    • Click Restore Junctions button
    • Ensure DefaultJunctions file is selected and click Open

Please try and run ComboFix now.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#15 psxlover

psxlover
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 19 March 2012 - 06:03 PM

You mean select default from Profile Folder drop down menu? It says that:
"The backup file you are using was not specifically designed for the language this operating system is configured to use.
As proceeding could lead to damage, execution has been halted.
If you are sure that the contents pf the backup file match the folder-names in your OS, then add 0408 to the OSLanguages value in the backup file, and proceed."


After adding 0408 in the file and restoring the default junctions combofix still only decompresses the files and doesn't run anything afterwards.

Edited by psxlover, 19 March 2012 - 06:09 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users