Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BIOS virus/rootkit? - Unknown threat by AVG - "Bios Update\Award" folders, BS_Flash.sys, BIOS.sys and a dozen of mostly sys files appear on boot


  • Please log in to reply
19 replies to this topic

#1 domino loto

domino loto

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 07 October 2012 - 02:34 PM

Hello to the BleepingComputer community,

First of all I'm sorry I haven't finished some of the steps from the Preparation Guide. It's because these steps require a reboot (e.g. Step 6: Disable your CD Emulation Software - DeFogger will ask me to reboot the machine), and I have a bad feeling about the question if it is safe to reboot in my situation: I'm not sure if I have a type of malware which is ready to infect the BIOS - if it is so, then it could infect it much easier during the reboot process.

- If there is a good way to find out what is the problem (and fix the BIOS threat part if it really is present) without rebooting / shutting down this PC, or at least without booting from this hard drive (which I feel is probably infected), then please tell me what should I do.
- If you know a place / forum where I can get a specialized help for this (seemingly BIOS-malware related) situation, please tell me where I could go.
- If there is no way to move forward, I'll go ahead and risk the reboot, and follow the other steps (steps 6 to 10) in the Preparation Guide, no problem.

I kindly ask you to please read below the details of the problem as it occured to me, and the things I have tried so far.

The PC is AMD Athlon 64 X2 Dual Core BE-2350 2.1GHz, Motherboard Biostar TA690G AM2 (with AWARD BIOS), 4GB RAM, 200GB SATA HDD, and an ASUS EAH4870 card added a few years ago.
It's with WinXP SP3, AVG Free 2012, (standard) Windows Firewall, and it's behind a router.

I can't recall exactly, but I think {on 2012-09-22 evening I've left this PC with at least one account logged-in with many programs running online, locked (fast user switching screen), and then found the PC non-responsive in the morning, so I had to power off it - it was frozen.}
What I remember well is - on 2012-09-23, when I've turned on this PC for the first time and logged-in with my account (member of Administrators group). While it was still finishing loading the taskbar icons etc., I hit Win+L (fast user switching is enabled) and logged-in to another account (member of Users group). Right then a bunch of previously unseen "AVG Identity protection - threat detected" messages started to appear:
C:\Windows\system32\drivers\ - atkkbnt.sys, threat name: Unknown. I clicked "move to vault". Then another message showed up:
C:\Windows\system32\drivers\ - amdtools.sys, threat name: Unknown. I clicked "move to vault".
C:\Windows\system32\drivers\ (or was it C:\Windows\system32\, don't recall exactly) - bufadpt.sys, threat name: Unknown. I clicked "move to vault".
C:\Program Files\BIOS Update\BIOS Update\Award\ - BS_Flash.sys, threat name: Unknown. I doubt I have ever seen this folder before on this PC. I clicked "move to vault".
C:\Games\0ad\binaries\system\aken.sys, threat name: Unknown. I clicked "move to vault".
C:\Windows\system32\drivers\ - BIOS.sys, threat name: Unknown. I clicked "move to vault".
C:\Windows\system32\drivers\ - BS_I2cIo.sys, threat name: Unknown. I clicked "move to vault".
C:\Windows\system32\drivers\ - IOMap.sys, threat name: Unknown. I clicked "move to vault".
C:\Windows\system32\drivers\ (or was it C:\Windows\system32\, don't recall exactly) - ati2sgag.exe, threat name: Unknown. I clicked "move to vault".
C:\Windows\system32\drivers\ - EIO_XP.sys, threat name: Unknown. I clicked "move to vault".
Then AVG asked to reboot to finish the removal. I've let it to go rebooting, but I've paused the BIOS post screen and switched the PC off so I could research about what should I do next. I was suspecting that booting process could infect the BIOS (and/or MBR).

After researching online with the keywords from these messages I was still puzzled. While searching about if rebooting is risky if you suspect having a BIOS virus (especially AWARD BIOS virus), I've even found out that it's possible to infect multiple PCs, BIOSes and drives while switching them from one PC to another, and this can happen during booting process too: https://community.mcafee.com/thread/39954

Since the boot process scared me so much, I decided to disconnect the drive and add it to another very similar working WinXP SP3 system to investigate it in as much offline/read-only mode as possible, and to make a backup image of the drive - since it has a lot of valuable data and configuration, and so that I could undo any "fixing" I make to it if I do the "fixing" wrong. I've then connected the "infected" drive together with the "clean" one, and booted from the "clean" disk (by choosing the boot disk in BIOS/POST boot order). Then I made a Macrium Free image of the "infected" drive.

I've found quite a few files in Program Files\BIOS Update\BIOS Update\Award\ on the disk, not only the BS_Flash.sys file.

I've then checked and found all the suspected files (mentioned above) in their locations, made a backup copy of them on a flash drive, and scanned them on www.virustotal.com - all of them showed clean.

I've scanned the whole disk with AVG Free (updated via internet on the same "clean" PC) and MBAM (updated, with AVG realtime protection disabled), and with a freshly installed Avast (updated, with AVG realtime protection disabled). All these products didn't find any viruses in these files. Only Avast has found these:
\pagefile.sys - win32.small-dqc [Trj] (surprising; but maybe it's because I was examining the hard drive while it was not running an operating system? i.e. AVG antivirus definitions file or virus signature files could have been left in pagefile.sys after shut down, etc.?)
html.iframe-dz [Trj] and html.script-inf - I think these were in some *.txt and/or *.htm* files in Temporary Internet Files folder (I can check Avast logs to be more exact if needed)

I have then decided to try and delete manually all the files that appeared in any virus scanner until this moment; also, I've deleted the whole "C:\Program Files\BIOS Update" folder. I have a backup copy of all these files on my flash drive. Some files were locked, so I deleted them via MBAM built-in fileASSASSIN, and rebooted (all while in the same "clean" PC, so the infected drive's OS had no chance to access MBR and BIOS).

Then I've put the suspected hard drive back into the original PC with the Wireless network addon card removed (so this PC has no network connection now, for safety), tried once to turn it on and boot from it on 2012-10-06. I was hoping that the missing "bios", "update", "flash" and other similar files would help to not infect BIOS (and/or MBR).

Windows booted successfully. After logging-in to my account (member of Administrators group), I've found this "AVG Identity Protection" message:
--
Threat removal completed: C:\Windows\system32\drivers\atkkbnt.sys, summary: 1 process terminated, 10 files deleted, 1 registry key deleted.
--

When I clicked Show details, the following showed:
--
Details of threat that was determined to be malware: atkkbnt.sys, time of creation: 2012.09.23, 14:10:03, full path C:\windows\system32\drivers\atkkbnt.sys, Details: 1 process terminated, 10 files deleted, 1 registry key deleted. Processes terminated (strange that these are almost all in caps characters - here are they, case-sensitively):
ATI2SGAG.EXE - process ID 988, C:\WINDOWS\SYSTEM32\ATI2SGAG.EXE
IOMAP.SYS - process ID 0, C:\WINDOWS\SYSTEM32\DRIVERS\IOMAP.SYS
EIO_XP.SYS - process ID 0, C:\WINDOWS\SYSTEM32\DRIVERS\EIO_XP.SYS
BUFADPT.SYS - process ID 0, C:\WINDOWS\SYSTEM32\BUFADPT.SYS
BS_I2CIO.SYS - process ID 0, C:\WINDOWS\SYSTEM32\DRIVERS\BS_I2CIO.SYS
BS_FLASH.SYS - process ID 0, C:\PROGRAM FILES\BIOS UPDATE\BIOS UPDATE\AWARD\BS_FLASH.SYS
BIOS.SYS - process ID 0, C:\WINDOWS\SYSTEM32\DRIVERS\BIOS.SYS
ati2sgag.exe - process ID 0, C:\WINDOWS\system32\ati2sgag.exe
ATKKBNT.SYS - process ID 0, C:\WINDOWS\SYSTEM32\DRIVERS\ATKKBNT.SYS
AMDTOOLS.SYS - process ID 0, C:\WINDOWS\SYSTEM32\DRIVERS\AMDTOOLS.SYS
AKEN.SYS - process ID 0, C:\GAMES\0AD\BINARIES\SYSTEM\AKEN.SYS
All registry keys deleted: hkey_local_machine\system\currentcontrolset\services\ati smart
--

And at the same time with the previous message, AVG messages started reappearing one-by-one with similar files found (and these files were actually created, see below):

C:\Windows\system32\drivers\ - ATKKBNT.SYS, threat name: Unknown.

I've checked if this and other previously found files are really present in the filesystem, and noticed that they are indeed present. Interesting to note is that Windows Explorer mouse-hover tooltip on ATKKBNT.SYS shows {Description: IDS Universal Driver, company: AVG Technologies CZ, s.r.o., File Version: 12.0.0.2076, Date Created: 2012.10.06 13:09, Size: 16,5 KB}.

After checking the properties of other files from WinExplorer I've found that many of them reappeared, and many of these sys files (even the one in the C:\Games folder) show the same properties like Description: IDS Universal Driver, company: AVG Technologies CZ, s.r.o., File Version: 12.0.0.2076, Date Created: 2012.10.06 13:09, Size: 16,5 KB, Copyright 2008-2011 AVG Technologies CZ, s.r.o. All rights reserved., IDS Universal Driver. Unknown OS. (32 bit version). Internal name UniversalDD.Sys, English (United States), Win32 release, AVG IDS, Avg2012VC9_2011_1223_083814(2076), SVNRev 6b3e9a0 (devel).
These files are surely changed (compared to original files before infection) or new, and at the same time they are strangely similar in between.
A few other files found are different in size and other properties though.

As I mentioned above, afterwards other messages reappeared in the following order (some sys file names are different# than previously mentioned ones, and some are missing##):
C:\Windows\system32\drivers\ - CBG300N.SYS, threat name: Unknown.#
C:\Windows\system32\drivers\ - GemCCID.sys, threat name: Unknown.#
C:\Windows\system32\ - bufadpt.sys, threat name: Unknown.
C:\PROGRAM FILES\BIOS UPDATE\BIOS UPDATE\AWARD\ - BS_FLASH.SYS, threat name: Unknown.
C:\Games\0ad\binaries\system\aken.sys, threat name: Unknown.
C:\Windows\system32\drivers\ - BIOS.sys, threat name: Unknown.
C:\Windows\system32\drivers\ - AmdK8.sys, threat name: Unknown.#
C:\Windows\system32\drivers\ - BS_I2CIO.SYS, threat name: Unknown.
C:\Windows\system32\drivers\ - IOMAP.SYS, threat name: Unknown.
C:\WINDOWS\SYSTEM32\ - ATI2SGAG.EXE, threat name: Unknown. - I don't see this file on disk now though.
##And I don't see the previously mentioned amdtools.sys and EIO_XP.sys files in C:\Windows\system32\drivers\ now.

(I don't recall, but I think I've scanned all these files with virustotal.com, if so, then there were no infections in them.)

Afterwards, the minimalistic dialog box {"Error", "Can not load EIO.DLL.", [OK]} has shown up, and the "SmartDoctor" application has crashed afterwards. (SmartDoctor is an application that I have installed when I added an ASUS EAH4870 card to my system a few years ago.)

I've checked the modification and creation dates of the subfolders in Program Files folder, and noticed that subfolder "C:\Program Files\BIOS UPDATE" has a modified date 2012.10.06 13:09, and another "C:\Program Files\z2 Remote2PC" has 2012.10.06 13:11. All other folders were older.
- "BIOS UPDATE" folder got recreated (I've deleted it before, see above). But this time it had only subfolder structure "C:\Program Files\BIOS UPDATE\BIOS UPDATE\AWARD", with no files in any of subfolders though (strange).
- "z2 Remote2PC" had no files or folders in it with creation or modification date later than 2012.10.05 (strange, since the folder showed modified on 2012.10.06), but I noticed the log.txt file in it which had date modified 2012.09.23 and date created 2012.09.12, and the contents of the log.txt file showed the last line "None|Notice|2012-10-06 13:13:12|None|Starting z2 Remote2PC server...$$". Perhaps it was modified directly without changing the date of file at all.

I've then scanned the PC with AVG and MBAM which were present before (not updated). Nothing found.
I've then put in the USB drive into this PC with standalone Avast, MBAM and AVG Free 2013 installers and their respective database update files from 2012-10-06. I've scanned with MBAM then - nothing found. Tried to update Avast, but I get an error "Can't install VPS update. Please report following errorcodes: Ver:7.0.1466, SI: 0x00000002, ST: 0x20000011, LE: 0x00000000". Then scanned with the downloaded version (virus definitions 120821-0, program version 7.0.1466), Win32:Trojan-gen, five Win32:Malware-gen items, Win32:Adware-gen [Adw] (all in the C:\System Volume Information\_restore folders, Moved these to Chest, action successful), and quite a few "archive is password protected" messages.
I've tried AVG update, but it failed (perhaps because the update is from version 2013, and the version installed is 2012). Then I installed 2013 version from the USB drive (on top of the previous 2012), but I think it asked to restart (I still haven't restarted it). I managed to update the 2013 version with the new database from USB. Then I scanned the whole PC.

One more thing. There is a Biostar T-Utility installed by me a few years ago in C:\Program Files\Biostar\, with 4 subfolders:
C:\Program Files\Biostar\T-Utility BIOS Live Update\ (it has files like WinFlash.sys, BIOS.exe, etc.)
C:\Program Files\Biostar\T-Utility Fan Control\
C:\Program Files\Biostar\T-Utility Hardware Monitor\
C:\Program Files\Biostar\T-Utility Over Clock\
On the other hand there is also a shortcut "BIOS Update" in the Start menu Programs folder which points to "C:\Program Files\BIOS Update\BIOS Update\BIOS.exe". And Control Panel's "Add remove programs" list has "BIOS Update" in it too. I doubt I have ever installed such a program on my PC though. But my own memory could be failing... :/

I haven't restarted the PC yet.

So puzzled I finally chose to seek help in some malware-specialized, especially BIOS-virus/rootkit-specialized forums, and I've found nothing better than this forum.

I'm so sorry for this much text and missing the log files that are required.. But I hope that at least some of the details above would help. To sum up, as I wrote in the beginning, I would want to know in this situation
- If there is a good way to find out what is the problem (and fix the BIOS threat part if it really is present) without rebooting / shutting down this PC, or at least without booting from this hard drive (which I feel is probably infected), then please tell me what should I do.
- If you know a place / forum where I can get a specialized help for this (seemingly BIOS-malware related) situation, please tell me where I could go.
- If there is no way to move forward, I'll go ahead and risk the reboot, and follow the other steps (steps 6 to 10) in the Preparation Guide, no problem.

I'll be checking often and updating this post until resolved, so if you need any additional info, just let me know!

Please help!.. And thanks a lot for your time.

-domino loto

Edited by domino loto, 08 October 2012 - 11:59 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:27 PM

Posted 10 October 2012 - 06:59 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 domino loto

domino loto
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 11 October 2012 - 03:13 AM

Hi m0le,

Thank you for your reply. Yes, I'm here, unsleeping, and waiting for your help. I kindly ask you to please check my problem description in the previous post.

Note: if needed, I have all copies of "suspected" files I've previously deleted from the hard drive manually (I know their original path locations) - one copy of these files is on my USB flash drive.
I haven't done any additional installing/uninstalling/updates/fixing/scanning after the last post. The PC is still switched on, in the same state as described above.

I'll be surely replying to this thread as fast as I can.

Many thanks again!

Edited by domino loto, 11 October 2012 - 04:10 AM.


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:27 PM

Posted 11 October 2012 - 07:16 PM

Okay, first things first. Stop deleting files manually. From now on please follow my instructions exactly otherwise this topic (and your machine) will descend into chaos.

Let's start with a rootkit check

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Then please run OTL, this is a scanner which will take a look at your machine.

  • Please download OTL
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.

Finally, start your next post with the answer to this question.

Other than the unknown files, what symptoms of malware are you experiencing?
Posted Image
m0le is a proud member of UNITE

#5 domino loto

domino loto
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 12 October 2012 - 05:51 AM

Hi,

Other than the unknown files, what symptoms of malware are you experiencing?


Other than unknown files, the symptoms are the same - just to reiterate post #1 (summarized):

When I scanned the drive before (when connected to another PC), Avast has found these:
\pagefile.sys - win32.small-dqc [Trj]
html.iframe-dz [Trj]
html.script-inf
As I wrote, I've deleted them afterwards. However, I haven't reconnected and rescanned it yet, as per your instructions.

Then, after I connected the drive back to the original PC, booted, and scanned with Avast from there, it found Win32:Trojan-gen, five Win32:Malware-gen items, Win32:Adware-gen [Adw] (all in the C:\System Volume Information\_restore folders, Moved these to Chest, action successful), and quite a few "archive is password protected" messages.


I haven't done any more scans than you requested since post #1, as per your instructions.

At the moment my primary concern is about the suspected unknown files which appear to be getting created during boot/login process (this is why I'm not even shutting down the machine -- and this is why I can't tell about any other symptoms of malware). Is this behaviour and/or these unknown files related to some malware? some BIOS-related malware?

Regarding the scans you have requested: since this PC is currently offline, I've downloaded aswMBR and OTL to the flash drive (on another PC), then copied it to the desktop of the PC we are checking, and ran aswMBR, then OTL. See the logs below. Please note there is Daemon Tools Lite installed on this PC.

Thank you for your time, m0le -- I'm looking forward to your reply.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-12 10:46:00
-----------------------------
10:46:00.937 OS Version: Windows 5.1.2600 Service Pack 3
10:46:00.937 Number of processors: 2 586 0x6B01
10:46:00.937 ComputerName: GIEDRIUS2 UserName: Giedrius
10:46:02.062 Initialize success
10:46:03.640 AVAST engine defs: 12082100
10:47:57.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
10:47:57.093 Disk 0 Vendor: SAMSUNG_SP2004C VM100-50 Size: 190782MB BusType: 3
10:47:57.109 Disk 0 MBR read successfully
10:47:57.109 Disk 0 MBR scan
10:47:57.109 Disk 0 Windows XP default MBR code
10:47:57.109 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 190771 MB offset 63
10:47:57.109 Disk 0 scanning sectors +390700800
10:47:57.187 Disk 0 scanning C:\WINDOWS\system32\drivers
10:48:15.234 Service scanning
10:48:26.765 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
10:48:30.296 Modules scanning
10:48:37.875 Disk 0 trace - called modules:
10:48:37.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys vsflt53.sys hal.dll ACPI.sys atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
10:48:37.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b3edab8]
10:48:37.890 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> [0x8b3f6a10]
10:48:37.890 5 vsflt53.sys[f7214c2b] -> nt!IofCallDriver -> \Device\00000095[0x8b3bdf18]
10:48:37.890 7 ACPI.sys[f7233620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8b3bc940]
10:48:38.687 AVAST engine scan C:\WINDOWS
10:48:59.234 AVAST engine scan C:\WINDOWS\system32
10:51:23.656 AVAST engine scan C:\WINDOWS\system32\drivers
10:51:45.890 AVAST engine scan C:\Documents and Settings\Giedrius
11:53:22.890 AVAST engine scan C:\Documents and Settings\All Users
11:59:00.718 Scan finished successfully
11:59:41.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Giedrius\Desktop\MBR.dat"
11:59:41.656 The log file has been saved successfully to "C:\Documents and Settings\Giedrius\Desktop\aswMBR.txt"


OTL logfile created on: 2012.10.12 12:07:54 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Giedrius\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000427 | Country: Lithuania | Language: LTH | Date Format: yyyy.MM.dd

3,25 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 52,96% Memory free
4,40 Gb Paging File | 2,81 Gb Available in Paging File | 63,85% Paging File free
Paging file location(s): C:\pagefile.sys 1344 16000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186,30 Gb Total Space | 6,40 Gb Free Space | 3,44% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 956,15 Mb Total Space | 595,74 Mb Free Space | 62,31% Space Free | Partition Type: FAT32

Computer Name: GIEDRIUS2 | User Name: Giedrius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.12 10:37:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giedrius\Desktop\OTL.exe
PRC - [2012.10.12 10:37:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Giedrius\Desktop\aswMBR.exe
PRC - [2012.09.14 05:35:58 | 003,039,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012.09.12 05:41:24 | 000,713,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012.09.01 05:06:24 | 000,388,576 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2012.08.30 05:58:46 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012.08.27 02:27:10 | 001,108,088 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012.08.21 12:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 12:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.08.20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.08.20 04:52:34 | 000,783,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012.08.20 04:52:26 | 000,450,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012.07.23 17:22:16 | 001,651,200 | ---- | M] (Copernic Inc.) -- C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
PRC - [2012.05.24 21:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Giedrius\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012.04.27 12:37:00 | 000,395,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2012.04.27 12:36:52 | 000,846,048 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2012.04.27 12:35:30 | 002,637,784 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011.09.02 16:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.08.15 16:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.07.29 02:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.07.16 17:32:34 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010.07.08 16:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\TightVNC\tvnserver.exe
PRC - [2010.04.01 12:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009.12.16 21:43:27 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mspaint.exe
PRC - [2009.03.15 13:00:34 | 000,031,744 | ---- | M] (NirSoft) -- C:\Program Files\Volumouse\volumouse.exe
PRC - [2008.10.28 16:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008.10.28 16:42:12 | 000,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008.10.27 19:03:46 | 000,759,072 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2008.08.03 04:37:54 | 000,532,480 | ---- | M] (z2 Software) -- C:\Program Files\z2 Remote2PC\R2PCServ.exe
PRC - [2008.04.14 03:12:25 | 001,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe
PRC - [2008.04.14 03:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.10.13 18:40:12 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.EXE
PRC - [2007.06.14 21:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2007.05.11 12:25:56 | 001,150,976 | ---- | M] (Salling Software AB) -- C:\Program Files\Salling Software AB\Salling Clicker\WinClicker.exe
PRC - [2007.03.06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2006.10.10 15:49:42 | 000,270,336 | ---- | M] () -- C:\WINDOWS\tsnp325.exe
PRC - [2006.10.10 14:11:08 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnp325.exe
PRC - [2006.06.13 17:48:32 | 003,283,456 | ---- | M] (BIOSTAR MICROTECH INT'L CORP.) -- C:\Program Files\BIOSTAR\T-Utility Fan Control\FanConditioner.exe
PRC - [2002.07.01 09:50:00 | 000,028,672 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
PRC - [2001.01.18 01:00:20 | 000,724,992 | ---- | M] (UAB „Fotonija”) -- C:\Program Files\Fotonija\ALKONAS\ALKONAS.exe


========== Modules (No Company Name) ==========

MOD - [2012.09.01 05:06:40 | 002,061,280 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2012.09.01 05:06:36 | 000,157,664 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012.09.01 05:06:36 | 000,021,984 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012.08.30 05:58:45 | 000,442,392 | ---- | M] () -- C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
MOD - [2012.08.30 05:58:42 | 003,997,720 | ---- | M] () -- C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012.08.30 05:57:15 | 000,144,424 | ---- | M] () -- C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012.08.30 05:57:13 | 000,266,792 | ---- | M] () -- C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012.08.30 05:57:12 | 002,480,680 | ---- | M] () -- C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
MOD - [2012.08.21 10:21:38 | 001,802,240 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12082100\algo.dll
MOD - [2012.07.27 15:16:53 | 000,182,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2012.07.27 15:16:51 | 000,210,824 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2012.06.15 03:23:18 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012.06.15 03:21:13 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.15 03:20:56 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.06.15 03:17:34 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.05.12 15:04:42 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.12 15:04:36 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012.05.12 15:02:32 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.12 15:00:12 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.12 14:59:55 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011.11.03 18:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011.11.03 18:28:36 | 000,386,048 | ---- | M] () -- C:\WINDOWS\system32\qdvd.dll
MOD - [2011.07.29 02:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 02:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.28 14:19:50 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2011.06.28 14:19:49 | 000,589,184 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011.06.16 18:32:06 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011.06.16 16:15:38 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2010.08.12 17:28:20 | 000,380,928 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3632.28218__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010.08.12 17:28:20 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3632.28238__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010.08.12 17:28:19 | 001,736,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3632.28243__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010.08.12 17:28:19 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3632.28245__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010.08.12 17:28:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3632.28229__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010.08.12 17:28:18 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3632.28345__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010.08.12 17:28:18 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3632.28319__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010.08.12 17:28:18 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3632.28229__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010.08.12 17:28:18 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3632.28290__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010.08.12 17:28:18 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3632.28277__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010.08.12 17:28:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3632.28346__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010.08.12 17:28:17 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3632.28244__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2010.08.12 17:28:17 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3632.28389__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
MOD - [2010.08.12 17:28:16 | 000,356,352 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3632.28298__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010.08.12 17:28:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3632.28299__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010.08.12 17:28:16 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3632.28298__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010.08.12 17:28:16 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3632.28244__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2010.08.12 17:28:15 | 000,651,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3632.28360__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2010.08.12 17:28:15 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3632.28359__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2010.08.12 17:28:14 | 000,827,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3632.28280__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010.08.12 17:28:14 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3632.28312__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010.08.12 17:28:13 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3632.28247__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010.08.12 17:28:13 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3632.28232__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010.08.12 17:28:13 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3632.28246__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010.08.12 17:28:13 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3632.28279__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010.08.12 17:28:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3632.28287__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010.08.12 17:28:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3632.28286__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010.08.12 17:28:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3632.28252__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010.08.12 17:28:12 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3632.28279__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010.08.12 17:28:12 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3632.28273__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010.08.12 17:28:12 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3632.28278__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010.08.12 17:28:12 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3632.28279__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010.08.12 17:28:12 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3632.28288__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010.08.12 17:28:11 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.08.12 17:28:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3621.42212__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010.08.12 17:28:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3621.42210__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010.08.12 17:28:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3621.42227__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010.08.12 17:28:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3621.42278__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010.08.12 17:28:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3621.42271__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010.08.12 17:28:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3621.42225__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010.08.12 17:28:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3621.42271__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010.08.12 17:28:10 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010.08.12 17:28:09 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010.08.12 17:28:09 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3621.42190__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010.08.12 17:28:09 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3621.42192__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010.08.12 17:28:09 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2010.08.12 17:28:09 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3621.42223__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010.08.12 17:28:09 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010.08.12 17:28:09 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3621.42228__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010.08.12 17:28:09 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010.08.12 17:28:08 | 000,151,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3621.42202__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010.08.12 17:28:08 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3621.42196__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010.08.12 17:28:08 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3621.42329__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010.08.12 17:28:08 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3621.42213__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010.08.12 17:28:08 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3621.42217__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010.08.12 17:28:08 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3621.42209__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010.08.12 17:28:08 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3621.42268__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll
MOD - [2010.08.12 17:28:08 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3621.42241__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2010.08.12 17:28:08 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3621.42211__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010.08.12 17:28:08 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3621.42240__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010.08.12 17:28:08 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3621.42221__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010.08.12 17:28:07 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3621.42274__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2010.08.12 17:28:07 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3621.42246__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010.08.12 17:28:07 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3621.42267__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010.08.12 17:28:06 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3621.42247__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010.08.12 17:28:06 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3621.42226__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010.08.12 17:28:06 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3621.42214__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010.08.12 17:28:06 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3621.42241__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010.08.12 17:28:06 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3621.42244__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010.08.12 17:28:06 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3621.42226__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010.08.12 17:28:04 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3621.42226__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010.08.12 17:28:04 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3621.42243__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010.08.12 17:28:04 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3621.42224__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010.08.12 17:28:04 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3621.42229__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010.08.12 17:28:04 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3621.42211__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010.08.12 17:28:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3621.42225__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010.08.12 17:28:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3621.42213__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010.08.12 17:28:03 | 000,741,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3632.28381__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2010.08.12 17:28:03 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3632.28353__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010.08.12 17:28:03 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3621.42200__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010.08.12 17:28:03 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2010.08.12 17:28:03 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2010.08.12 17:28:03 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3632.28212__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010.08.12 17:28:02 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3632.28237__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010.08.12 17:28:02 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3632.28338__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010.08.12 17:28:02 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3632.28336__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010.08.12 17:28:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3621.42205__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010.08.12 17:28:02 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3621.42192__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010.08.12 17:28:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3621.42221__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010.08.12 17:28:02 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3621.42221__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010.08.12 17:28:01 | 000,577,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3632.28331__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010.08.12 17:28:01 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3632.28215__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010.08.12 17:28:01 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3632.28217__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010.08.12 17:28:01 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3621.42219__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010.08.12 17:28:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3621.42221__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010.08.12 17:27:59 | 001,220,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3632.28224__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010.08.12 17:27:59 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3621.42217__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010.08.12 17:27:59 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3621.42249__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010.08.12 17:27:58 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3632.28215__90ba9c70f846762e\APM.Server.dll
MOD - [2010.08.12 17:27:58 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3632.28213__90ba9c70f846762e\AEM.Server.dll
MOD - [2010.08.12 17:27:58 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010.08.12 17:27:58 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3632.28338__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010.06.14 00:54:28 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla Client\fzshellext.dll
MOD - [2008.04.14 03:12:03 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008.04.14 03:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008.04.14 03:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006.12.03 14:53:06 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006.10.10 15:49:42 | 000,270,336 | ---- | M] () -- C:\WINDOWS\tsnp325.exe
MOD - [2006.10.10 14:11:08 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnp325.exe
MOD - [2006.05.14 16:44:00 | 000,070,144 | ---- | M] () -- C:\Program Files\PSPad editor\PSPadShell.dll


========== Services (SafeList) ==========

SRV - [2012.09.07 12:56:29 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.21 12:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.08.20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.08.20 04:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.27 12:36:52 | 000,846,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011.09.02 16:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.07.08 16:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2009.09.29 10:20:10 | 000,253,952 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Stopped] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2008.10.28 16:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008.10.27 19:03:46 | 000,759,072 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)
SRV - [2008.08.03 04:37:54 | 000,532,480 | ---- | M] (z2 Software) [Auto | Running] -- C:\Program Files\z2 Remote2PC\R2PCServ.exe -- (z2 R2PC Server)
SRV - [2007.06.14 21:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007.05.07 19:28:58 | 000,589,824 | ---- | M] (TightVNC Group) [Disabled | Stopped] -- C:\Program Files\TightVNC\WinVNC.exe -- (winvnc)
SRV - [2007.03.06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007.03.03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\snman612.sys -- (snapman612)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Giedrius\LOCALS~1\Temp\JMC64.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Giedrius\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\BIOS Update\BIOS Update\Award\BS_Flash.sys -- (BS_Flash)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (awqckwbu)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Giedrius\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Giedrius\LOCALS~1\Temp\AMDPCI.sys -- (AMDPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\d\Downloads\Benchmark\AIDA3942\aida32.sys -- (AIDA32Driver)
DRV - [2012.10.06 13:09:48 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IOMAP.SYS -- (IOMap)
DRV - [2012.10.06 13:09:48 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO_XP.SYS -- (EIO_XP)
DRV - [2012.10.06 13:09:48 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\BUFADPT.SYS -- (BUFADPT)
DRV - [2012.10.06 13:09:48 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BS_I2CIO.SYS -- (BS_I2cIo)
DRV - [2012.10.06 13:09:48 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.SYS -- (BIOS)
DRV - [2012.10.06 13:09:48 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ATKKBNT.SYS -- (asuskbnt)
DRV - [2012.10.06 13:09:48 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AMDTOOLS.SYS -- (amdtools)
DRV - [2012.10.06 13:09:48 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Games\0ad\binaries\system\AKEN.SYS -- (Aken)
DRV - [2012.09.17 18:58:56 | 000,051,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.09.14 05:34:34 | 000,089,440 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012.09.12 11:47:22 | 000,164,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.09.12 11:47:04 | 000,151,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.08.21 12:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 12:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 12:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 12:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.08.21 12:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.08.21 12:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.08.21 12:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.08.13 16:40:54 | 000,176,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012.08.10 04:52:28 | 000,019,808 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012.08.10 04:52:18 | 000,035,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012.08.09 13:56:44 | 000,178,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012.07.28 23:19:48 | 000,168,576 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2012.07.27 10:38:48 | 000,601,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2012.07.27 10:38:39 | 000,125,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vididr.sys -- (vididr)
DRV - [2012.07.27 10:38:34 | 000,083,392 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vsflt53.sys -- (vidsflt53)
DRV - [2012.07.20 13:37:53 | 000,067,104 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2012.06.05 16:33:00 | 000,158,552 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2012.06.05 16:33:00 | 000,116,056 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2012.06.05 16:33:00 | 000,104,792 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2012.06.05 16:33:00 | 000,091,992 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2012.06.05 16:33:00 | 000,082,776 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2011.07.29 13:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011.07.29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011.05.25 02:00:36 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2011.05.25 02:00:36 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010.09.21 08:29:05 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009.11.18 13:24:26 | 000,095,232 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.07.02 20:49:32 | 004,125,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.02.17 18:22:56 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2009.02.17 18:22:54 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2008.05.06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008.04.13 21:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.04 09:02:10 | 000,087,424 | ---- | M] (Gemalto) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GemCCID.sys -- (GemCCID)
DRV - [2007.10.13 18:49:22 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.06.14 16:41:58 | 004,429,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007.03.07 16:58:30 | 010,260,864 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp325.sys -- (SNP325)
DRV - [2007.02.06 19:43:26 | 000,090,880 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007.02.05 10:23:20 | 003,624,128 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtHDMI.sys -- (RTHDMIAzAudService)
DRV - [2006.10.12 10:28:56 | 000,604,928 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CBG300N.SYS -- (CBBCM300)
DRV - [2006.09.24 16:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006.07.01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.02.20 04:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2005.08.14 14:25:02 | 000,003,548 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\BIOSTAR\T-Utility BIOS Live Update\WinFlash.sys -- (WINFLASH)
DRV - [2002.10.15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002.07.02 19:20:51 | 000,070,382 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2002.07.02 19:20:51 | 000,040,508 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2002.07.02 19:20:51 | 000,023,854 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2002.07.02 19:20:51 | 000,006,030 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)
DRV - [2002.07.02 19:20:50 | 000,050,830 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2)
DRV - [2001.08.23 15:00:00 | 000,098,176 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NBF.SYS -- (Nbf)
DRV - [2001.08.23 15:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001.08.23 15:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [1996.04.03 22:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-789336058-682003330-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-789336058-682003330-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-789336058-682003330-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-789336058-682003330-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-789336058-682003330-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-789336058-682003330-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-789336058-682003330-839522115-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-789336058-682003330-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-789336058-682003330-839522115-1004\..\SearchScopes\{2349270D-2F37-4756-B73C-D7DEEC6FC13E}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-789336058-682003330-839522115-1004\..\SearchScopes\{31C49057-568A-4D3F-ADDE-497A7B80CECC}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=FP-tab-web-t340&ei=UTF-8&meta=vc%3D
IE - HKU\S-1-5-21-789336058-682003330-839522115-1004\..\SearchScopes\{9BA1D676-9863-4FEC-B688-F5942C8B1AB3}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKU\S-1-5-21-789336058-682003330-839522115-1004\..\SearchScopes\{AFA665F3-5360-4FDC-A598-68207520ACC5}: "URL" = http://www.amazon.co.uk/gp/search/ref=nb_ss_w_h_/202-5903101-7098263?url=search-alias%3Daps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-789336058-682003330-839522115-1004\..\SearchScopes\{D5D158EE-BAA3-430D-A9A6-EF94B4D772CA}: "URL" = http://en.wikipedia.org/wiki/{searchTerms}
IE - HKU\S-1-5-21-789336058-682003330-839522115-1004\..\SearchScopes\{E482BFB3-8849-412D-BB79-47F7C6CD981E}: "URL" = http://search.avg.com/dispatcher.aspx?i=40&tp=ie&q={searchTerms}
IE - HKU\S-1-5-21-789336058-682003330-839522115-1004\..\SearchScopes\{EEE8B00A-B995-491E-8D0E-AA346668E0FC}: "URL" = http://search.avg.com/dispatcher.aspx?i=40&tp=ie&q={searchTerms}
IE - HKU\S-1-5-21-789336058-682003330-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-682003330-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-789336058-682003330-839522115-1005\..\SearchScopes,DefaultScope = {D99A3B03-D297-4816-87A6-23764044BFAB}
IE - HKU\S-1-5-21-789336058-682003330-839522115-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-789336058-682003330-839522115-1005\..\SearchScopes\{8194169E-80EA-4EA2-BA58-57D027DABD12}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=FP-tab-web-t340&ei=UTF-8&meta=vc%3D
IE - HKU\S-1-5-21-789336058-682003330-839522115-1005\..\SearchScopes\{C40C3EA1-C67C-4FE2-AE45-9E7E3B5F75D4}: "URL" = http://www.amazon.co.uk/gp/search/ref=nb_ss_w_h_/202-5903101-7098263?url=search-alias%3Daps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-789336058-682003330-839522115-1005\..\SearchScopes\{D99A3B03-D297-4816-87A6-23764044BFAB}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKU\S-1-5-21-789336058-682003330-839522115-1005\..\SearchScopes\{F6593F28-2690-4157-A6A0-A179C441D6A2}: "URL" = http://en.wikipedia.org/wiki/{searchTerms}
IE - HKU\S-1-5-21-789336058-682003330-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-682003330-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-789336058-682003330-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-789336058-682003330-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-789336058-682003330-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = lt
IE - HKU\S-1-5-21-789336058-682003330-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA 12 EE 56 1A 78 CA 01 [binary data]
IE - HKU\S-1-5-21-789336058-682003330-839522115-1007\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-789336058-682003330-839522115-1007\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-789336058-682003330-839522115-1007\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-789336058-682003330-839522115-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-789336058-682003330-839522115-1007\..\SearchScopes\{BFCD0406-8106-4CD8-B9CC-10D00FCE09F8}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-21-789336058-682003330-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-682003330-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-789336058-682003330-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-789336058-682003330-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-789336058-682003330-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = lt
IE - HKU\S-1-5-21-789336058-682003330-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 12 4A A9 89 6C CA 01 [binary data]
IE - HKU\S-1-5-21-789336058-682003330-839522115-1008\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-789336058-682003330-839522115-1008\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-789336058-682003330-839522115-1008\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-789336058-682003330-839522115-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-789336058-682003330-839522115-1008\..\SearchScopes\{67AC2E40-89B4-44A1-A0F3-009B735A77C4}: "URL" = http://search.avg.com/dispatcher.aspx?i=40&tp=ie&q={searchTerms}
IE - HKU\S-1-5-21-789336058-682003330-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-682003330-839522115-1009\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-789336058-682003330-839522115-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-789336058-682003330-839522115-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-789336058-682003330-839522115-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = lt
IE - HKU\S-1-5-21-789336058-682003330-839522115-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 58 61 39 6D 6D CD 01 [binary data]
IE - HKU\S-1-5-21-789336058-682003330-839522115-1009\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-789336058-682003330-839522115-1009\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-789336058-682003330-839522115-1009\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-789336058-682003330-839522115-1009\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-789336058-682003330-839522115-1009\..\SearchScopes\{5CE1DF72-1886-4ED2-AAE2-2596162F319E}: "URL" = http://search.avg.com/dispatcher.aspx?i=40&tp=ie&q={searchTerms}
IE - HKU\S-1-5-21-789336058-682003330-839522115-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-682003330-839522115-1011\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-789336058-682003330-839522115-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-789336058-682003330-839522115-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-789336058-682003330-839522115-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = lt
IE - HKU\S-1-5-21-789336058-682003330-839522115-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE 0E EF 47 FA 6F CD 01 [binary data]
IE - HKU\S-1-5-21-789336058-682003330-839522115-1011\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-789336058-682003330-839522115-1011\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-789336058-682003330-839522115-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-682003330-839522115-1012\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-789336058-682003330-839522115-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-789336058-682003330-839522115-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-789336058-682003330-839522115-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = lt
IE - HKU\S-1-5-21-789336058-682003330-839522115-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 62 EE E9 F3 FB 6F CD 01 [binary data]
IE - HKU\S-1-5-21-789336058-682003330-839522115-1012\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-789336058-682003330-839522115-1012\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-789336058-682003330-839522115-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-682003330-839522115-1013\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-789336058-682003330-839522115-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-789336058-682003330-839522115-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-789336058-682003330-839522115-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = lt
IE - HKU\S-1-5-21-789336058-682003330-839522115-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 5B B5 39 0F 72 CD 01 [binary data]
IE - HKU\S-1-5-21-789336058-682003330-839522115-1013\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-789336058-682003330-839522115-1013\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-789336058-682003330-839522115-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-682003330-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-789336058-682003330-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-789336058-682003330-839522115-500\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-789336058-682003330-839522115-500\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-789336058-682003330-839522115-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-789336058-682003330-839522115-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-789336058-682003330-839522115-500\..\SearchScopes\{99195112-A6AA-4E6D-A9FC-1E1C03723AD8}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-21-789336058-682003330-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-682003330-839522115-501\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-789336058-682003330-839522115-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-789336058-682003330-839522115-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-789336058-682003330-839522115-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = lt
IE - HKU\S-1-5-21-789336058-682003330-839522115-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 76 28 4A A7 92 CA 01 [binary data]
IE - HKU\S-1-5-21-789336058-682003330-839522115-501\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-789336058-682003330-839522115-501\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-789336058-682003330-839522115-501\..\SearchScopes,DefaultScope = {1117DF38-DD07-47E7-B74B-22C129EDFCC9}
IE - HKU\S-1-5-21-789336058-682003330-839522115-501\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-789336058-682003330-839522115-501\..\SearchScopes\{1117DF38-DD07-47E7-B74B-22C129EDFCC9}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-789336058-682003330-839522115-501\..\SearchScopes\{9566CDFD-8C04-47C9-A9A9-109A175093E5}: "URL" = http://search.avg.com/dispatcher.aspx?i=40&tp=ie&q={searchTerms}
IE - HKU\S-1-5-21-789336058-682003330-839522115-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.14
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.5.7.4
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2191
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledItems: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189
FF - prefs.js..extensions.enabledItems: daplinkchecker@speedbit.com:1.0.0.9
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:10.0.2.6
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4aeec443&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2012.10.06 14:24:28 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Giedrius\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\daplinkchecker@speedbit.com: C:\Program Files\DAP\daplinkchecker [2012.07.30 02:13:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.10.06 14:24:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 12:56:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 12:56:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.21 00:02:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.08.18 11:30:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files\AVG\AVG2012\Thunderbird\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7d666f76-9295-4370-b662-37e2dc87b5d7}: C:\Program Files\Copernic Desktop Search - Home\Firefox110Connector [2012.07.29 11:32:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2012.07.30 02:13:51 | 000,000,000 | ---D | M]

[2010.07.07 02:35:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Giedrius\Application Data\Mozilla\Extensions
[2010.07.07 02:35:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Giedrius\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.09.17 14:58:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Giedrius\Application Data\Mozilla\Firefox\Profiles\qhu70iaq.default\extensions
[2012.09.17 14:58:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Giedrius\Application Data\Mozilla\Firefox\Profiles\qhu70iaq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.09.17 14:58:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Giedrius\Application Data\Mozilla\Firefox\Profiles\qhu70iaq.default\extensions\staged
[2012.09.05 00:06:08 | 000,699,353 | ---- | M] () (No name found) -- C:\Documents and Settings\Giedrius\Application Data\Mozilla\Firefox\Profiles\qhu70iaq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.09.13 14:58:22 | 000,698,867 | ---- | M] () (No name found) -- C:\Documents and Settings\Giedrius\Application Data\Mozilla\Firefox\Profiles\qhu70iaq.default\extensions\staged\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.09.07 12:56:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.09.07 12:56:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.07 12:56:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012.09.07 12:56:30 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.01 05:16:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.01 05:16:35 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: about:blank
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: about:blank
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Java™ Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Session Manager = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi\0.4_0\
CHR - Extension: YouTube = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: DAP Link Checker = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.0.9_0\
CHR - Extension: ZipTabs = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ccnanbffbfbcgfmmkgejodommhidpjba\0.1.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Download Accelerator Plus (DAP) = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.10_0\
CHR - Extension: bitly | \u2665 your bitmarks = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\2.0.52_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: PageArchiver = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihkkeoeinpbomhnpkmmkpggkaefincbn\0.1.15_0\
CHR - Extension: SingleFile Core = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\0.3.4_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Reload All Tabs = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam\3.2.1_0\
CHR - Extension: MultiHighlighter = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifbglmlbpgpbflnkfpclkmckoollbn\1.0.100.1_0\
CHR - Extension: WiseStamp - Email Signatures for GMail, Google Apps and more = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pbcgnkmbeodkmiijjfnliicelkjfcldg\3.11.24.0_0\
CHR - Extension: Bitdefender QuickScan = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\
CHR - Extension: Evernote Web Clipper = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.7_0\
CHR - Extension: Gmail = C:\Documents and Settings\Giedrius\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.13 16:51:58 | 000,307,157 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10574 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SpeedBit Link Verification Helper) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-789336058-682003330-839522115-1004\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-789336058-682003330-839522115-1007\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-789336058-682003330-839522115-1008\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-789336058-682003330-839522115-1009\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-789336058-682003330-839522115-500\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-789336058-682003330-839522115-501\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [snp325] C:\WINDOWS\vsnp325.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe ()
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [WinVNC] C:\Program Files\TightVNC\WinVNC.exe (TightVNC Group)
O4 - HKU\S-1-5-21-789336058-682003330-839522115-1004..\Run: [$Volumouse$] C:\Program Files\Volumouse\volumouse.exe (NirSoft)
O4 - HKU\S-1-5-21-789336058-682003330-839522115-1004..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe (ASUSTeK Inc.)
O4 - HKU\S-1-5-21-789336058-682003330-839522115-1004..\Run: [Copernic Desktop Search - Home] C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe (Copernic Inc.)
O4 - HKU\S-1-5-21-789336058-682003330-839522115-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-789336058-682003330-839522115-1004..\Run: [WinClicker.exe] C:\Program Files\Salling Software AB\Salling Clicker\WinClicker.exe (Salling Software AB)
O4 - HKU\S-1-5-21-789336058-682003330-839522115-1007..\Run: [Voobly] File not found
O4 - HKU\.DEFAULT..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - HKU\S-1-5-18..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SPB Backup Sync.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Giedrius\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Giedrius\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Giedrius\Start Menu\Programs\Startup\Shortcut to DXPort.exe.lnk = File not found
O4 - Startup: C:\Documents and Settings\Giedrius\Start Menu\Programs\Startup\T-Utility Fan Control.lnk = C:\Program Files\BIOSTAR\T-Utility Fan Control\FanConditioner.exe (BIOSTAR MICROTECH INT'L CORP.)
O4 - Startup: C:\Documents and Settings\Kristina\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-682003330-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-682003330-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-682003330-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-682003330-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-682003330-839522115-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-682003330-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-682003330-839522115-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-682003330-839522115-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-682003330-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-682003330-839522115-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Verify with DAP - C:\Program Files\DAP\dapverify.htm ()
O8 - Extra context menu item: Add to Evernote - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Create a Post-it® Note - C:\Program Files\3M\PDNotes\\PSNBookMark.html ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-789336058-682003330-839522115-1004\..Trusted Domains: teo.lt ([intranet] * in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{932786B0-153C-40F0-8ADC-35404A0F62B8}: NameServer = (two correct DNS IP numbers from my ISP go here; I'm not posting them here for privacy reasons)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Giedrius\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Giedrius\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2007.10.13 17:15:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{999b2b59-fa78-11dc-be77-00e04d2bca94}\Shell\AutoRun\command - "" = G:\USBNB.exe
O33 - MountPoints2\{b021789f-772a-11df-a2c2-0016013f377b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b021789f-772a-11df-a2c2-0016013f377b}\Shell\AutoRun\command - "" = E:\pupica\\makaroni.exe
O33 - MountPoints2\{b021789f-772a-11df-a2c2-0016013f377b}\Shell\explore\command - "" = E:\pupica\\\makaroni.exe
O33 - MountPoints2\{b021789f-772a-11df-a2c2-0016013f377b}\Shell\open\command - "" = E:\pupica\\\makaroni.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.12 10:40:06 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Giedrius\Desktop\aswMBR.exe
[2012.10.12 10:40:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Giedrius\Desktop\OTL.exe
[2012.10.06 14:25:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012.10.06 14:25:04 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.10.06 14:25:04 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.10.06 14:25:01 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.10.06 14:25:00 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.10.06 14:25:00 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.10.06 14:24:58 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.10.06 14:24:58 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.10.06 14:24:58 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.10.06 14:24:28 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.10.06 14:24:27 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.10.06 14:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.10.06 14:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012.10.06 14:08:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giedrius\Application Data\AVG2013
[2012.10.06 14:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giedrius\Application Data\TuneUp Software
[2012.10.06 14:04:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012.10.06 14:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012.10.06 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giedrius\Local Settings\Application Data\MFAData
[2012.10.06 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giedrius\Local Settings\Application Data\Avg2013
[2012.10.06 13:15:21 | 000,000,000 | ---D | C] -- C:\av_removals
[2012.10.06 13:09:48 | 000,016,976 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\IOMAP.SYS
[2012.10.06 13:09:48 | 000,016,976 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\EIO_XP.SYS
[2012.10.06 13:09:48 | 000,016,976 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\BS_I2CIO.SYS
[2012.10.06 13:09:48 | 000,016,976 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\BIOS.SYS
[2012.10.06 13:09:48 | 000,016,976 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\ATKKBNT.SYS
[2012.10.06 13:09:48 | 000,016,976 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AMDTOOLS.SYS
[2012.10.06 13:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\BIOS UPDATE
[2012.10.06 12:04:04 | 000,000,000 | ---D | C] -- C:\av
[2012.09.18 07:46:05 | 000,000,000 | ---D | C] -- C:\ccc
[2012.09.18 07:17:44 | 000,000,000 | ---D | C] -- C:\bbb
[2012.09.12 23:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\z2 Remote2PC
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Giedrius\Desktop\*.tmp files -> C:\Documents and Settings\Giedrius\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.10.12 11:59:41 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Giedrius\Desktop\MBR.dat
[2012.10.12 11:43:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-682003330-839522115-1009UA.job
[2012.10.12 11:31:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-682003330-839522115-1007UA.job
[2012.10.12 11:30:19 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-682003330-839522115-1004UA.job
[2012.10.12 10:37:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giedrius\Desktop\OTL.exe
[2012.10.12 10:37:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Giedrius\Desktop\aswMBR.exe
[2012.10.12 02:31:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-682003330-839522115-1007Core.job
[2012.10.12 02:25:00 | 000,000,320 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.10.11 17:30:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-682003330-839522115-1004Core.job
[2012.10.11 16:11:18 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012.10.11 12:43:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-682003330-839522115-1009Core.job
[2012.10.06 14:25:05 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012.10.06 14:24:59 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.10.06 14:05:49 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2012.10.06 13:14:19 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012.10.06 13:14:19 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012.10.06 13:10:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.10.06 13:10:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.10.06 13:10:27 | 000,375,648 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012.10.06 13:10:25 | 3488,075,776 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.06 13:09:48 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\IOMAP.SYS
[2012.10.06 13:09:48 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\EIO_XP.SYS
[2012.10.06 13:09:48 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\BUFADPT.SYS
[2012.10.06 13:09:48 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\BS_I2CIO.SYS
[2012.10.06 13:09:48 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\BIOS.SYS
[2012.10.06 13:09:48 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\ATKKBNT.SYS
[2012.10.06 13:09:48 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AMDTOOLS.SYS
[2012.09.19 21:56:11 | 000,152,064 | ---- | M] () -- C:\Documents and Settings\Giedrius\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.17 18:58:56 | 000,051,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2012.09.17 08:08:35 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.09.14 05:34:34 | 000,089,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2012.09.12 23:52:04 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\Giedrius\Desktop\z2 R2PC Client.lnk
[2012.09.12 23:52:02 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\Giedrius\Desktop\Start z2 R2PC Server.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Giedrius\Desktop\*.tmp files -> C:\Documents and Settings\Giedrius\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.10.12 11:59:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Giedrius\Desktop\MBR.dat
[2012.10.06 14:25:05 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012.10.06 14:24:59 | 000,000,320 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.10.06 14:05:49 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2012.09.12 23:52:04 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\Giedrius\Desktop\z2 R2PC Client.lnk
[2012.09.12 23:52:02 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\Giedrius\Desktop\Start z2 R2PC Server.lnk
[2012.08.23 17:07:16 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Giedrius\Local Settings\Application Data\dt.dat
[2012.07.30 02:13:46 | 000,109,256 | ---- | C] () -- C:\WINDOWS\System32\EasyHook64.dll
[2012.07.30 02:13:46 | 000,090,824 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2012.07.29 11:24:08 | 000,000,124 | ---- | C] () -- C:\WINDOWS\Bench32.INI
[2012.07.27 11:27:46 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Giedrius\list
[2012.07.20 17:34:50 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2012.07.20 17:34:49 | 002,468,520 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2012.07.20 17:34:47 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2012.07.20 17:34:47 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2012.07.20 17:34:47 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2012.07.14 00:55:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Giedrius\userall.cfg
[2012.06.25 14:22:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Giedrius\usergui.cfg
[2012.03.10 20:50:03 | 000,000,385 | ---- | C] () -- C:\WINDOWS\{2158ED55-19D1-4C0C-B213-5EFF748248AC}_WiseFW.ini
[2011.12.30 17:49:38 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\BHARegister.dll
[2011.06.16 16:56:18 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011.04.25 20:19:25 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpx32.dll
[2011.01.07 09:32:03 | 000,043,384 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.10.14 22:58:24 | 000,000,062 | ---- | C] () -- C:\WINDOWS\pcvcdbr.INI
[2010.10.14 22:57:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcvcdvw.INI
[2010.08.16 23:43:04 | 000,009,373 | ---- | C] () -- C:\Documents and Settings\Giedrius\.recently-used.xbel
[2010.07.25 20:19:54 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2010.06.23 19:00:50 | 000,011,108 | ---- | C] () -- C:\Documents and Settings\Giedrius\gsview32.ini
[2009.05.24 13:24:15 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Giedrius\Application Data\$_hpcst$.hpc
[2009.03.11 20:52:15 | 000,003,081 | ---- | C] () -- C:\Documents and Settings\Giedrius\.ganttproject
[2008.12.28 04:57:10 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Giedrius\Local Settings\Application Data\fusioncache.dat
[2008.09.11 12:22:15 | 000,000,810 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2008.01.19 05:00:59 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{3D55D1F4-1059-11DC-B281-197056D89593}
[2007.12.01 23:20:33 | 000,152,064 | ---- | C] () -- C:\Documents and Settings\Giedrius\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2007.10.13 18:22:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 22:29:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 15:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 846 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35E5AF34
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56E2E879

< End of report >

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:27 PM

Posted 12 October 2012 - 06:18 PM

At the moment my primary concern is about the suspected unknown files which appear to be getting created during boot/login process (this is why I'm not even shutting down the machine -- and this is why I can't tell about any other symptoms of malware). Is this behaviour and/or these unknown files related to some malware? some BIOS-related malware?

I've got good news for you. The threats that are being flagged are false positives and are in fact legitimate .sys files - many of them are Asus-owned so connected to your graphics card. Deleting them means that they will regenerate on boot as you have been observing.

None of them are malicious and the aswMBR and OTL logs show nothing either.

The malware remnants that Avast found, you deleted, and the System Restore folder items have been moved as well.

Hence my question about whether there was anything other than the suspicious files happening on the machine.
Posted Image
m0le is a proud member of UNITE

#7 domino loto

domino loto
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 12 October 2012 - 07:12 PM

The strange thing is that on 2012-09-23 Unknown threats appeared before I deleted any of these files..
Why could this happen that on 2012-09-23 AVG was triggered by them (while they probably were actually being (re)created)?
There was also one exe file (ati2sgag.exe), some file(s) in "C:\Program Files\BIOS Update", and a sys file in "C:\Games\0ad" folder found - are all of these also legitimate?
Are you sure it is safe to reboot and do some antivirus scans?
Is it OK to run DDS and/or GMER scan?
Is it safe to connect the drive to another PC (as a secondary drive) and do an antivirus scan of it?

:unsure:

Edited by domino loto, 12 October 2012 - 07:38 PM.


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:27 PM

Posted 13 October 2012 - 02:28 PM

The strange thing is that on 2012-09-23 Unknown threats appeared before I deleted any of these files..

Because AVG was finding legitimate sys files

Why could this happen that on 2012-09-23 AVG was triggered by them (while they probably were actually being (re)created)?
There was also one exe file (ati2sgag.exe), some file(s) in "C:\Program Files\BIOS Update", and a sys file in "C:\Games\0ad" folder found - are all of these also legitimate?

AVG may have been triggered by their creation after you deleted them because it has the same kind of processes that are found in malware. When this happens it's a false positive. The ati2sgag.exe file is legitimate, the file in BIOS update I don't know because you have no name but the folder is legitimate, and finally the aken.sys file is an unknown file because AVG could not possibly database every file that PC games use.

Are you sure it is safe to reboot and do some antivirus scans?
Is it OK to run DDS and/or GMER scan?
Is it safe to connect the drive to another PC (as a secondary drive) and do an antivirus scan of it?

Yes. You are not infected. The BIOS malware that you speak of has not been found in the wild on domestic machines as of yet and nothing you have shown me says otherwise.

You should run an online scan with ESET which will find any remnants and post that, but basically you are clean.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE

#9 domino loto

domino loto
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 14 October 2012 - 07:52 AM

domino loto, on 13 October 2012 - 03:12 AM, said:
The strange thing is that on 2012-09-23 Unknown threats appeared before I deleted any of these files..

Because AVG was finding legitimate sys files


Sorry, I'd just want to double-check on this if you don't mind. Something must have triggered AVG's algorithm on the first boot on 2012-09-23 (I have neither deleted, nor touched those files until these messages appeared for the first time), and that's one of the reasons why I'm still a little nervous about these files. How could have AVG suddenly "find" these files as unknown threats? I haven't made any changes to the system which could be related to this group of files, and before these messages showed up AVG was just working normally, AVG databases were just updated regularly, periodically. To my knowledge there was no big change in the system, applications and antivirus. So I'm even more nervous about the process which was the cause of those first AVG messages. What do you think could the cause have been?
(This uncertainty is preventing me from feeling safe to boot from this drive. :blush: )

The ati2sgag.exe file is legitimate, the file in BIOS update I don't know because you have no name [...]


Here's some info about the files in "BIOS Update" directory (I have a copy of this whole directory on my flash drive). I have just rescanned these files from my flash drive with virustotal.com. TrendMicro finds TROJ_GEN in both BIOS.exe files.

1) Directory of \Program Files\BIOS Update\BIOS Update

2012.10.02 13:08 <DIR> .
2012.10.02 13:08 <DIR> ..
2009.02.26 17:06 1.692.160 BIOS.exe
2008.06.16 19:02 15.408 BS_I2c64.sys
2008.06.16 10:02 17.024 BS_I2cIo.sys
2012.10.02 13:08 <DIR> Image
2012.10.02 13:08 <DIR> Award
2012.10.02 13:08 <DIR> AMI
3 File(s) 1.724.592 bytes

https://www.virustotal.com/file/79983d99e40c8e48a419122e04db9e5043b7b74a30ea161874fe356c9041da9b/analysis/1350214401/ - TrendMicro-HouseCall TROJ_GEN.F47V0904 20121014
https://www.virustotal.com/file/55fee54c0d0d873724864dc0b2a10b38b7f40300ee9cae4d9baaf8a202c4049a/analysis/1350214424/
https://www.virustotal.com/file/510e1f874aa92613807eab7cba0860bd79641d4ba4b07192142cacfa9581db02/analysis/1350214442/


2) Directory of \Program Files\BIOS Update\BIOS Update\Award

2012.10.02 13:08 <DIR> .
2012.10.02 13:08 <DIR> ..
2008.01.17 18:39 1.585.664 BIOS.exe
2007.08.16 11:09 3.604 BS_Flash.sys
2007.08.22 17:09 10.088 BS_Flash64.sys
2005.08.14 15:24 995.383 mfc42.dll
2005.08.14 15:24 401.462 msvcp60.dll
2005.08.14 15:24 266.293 msvcrt.dll
2012.10.02 13:08 <DIR> Image
6 File(s) 3.262.494 bytes

https://www.virustotal.com/file/5050aa937219c07d214cb54f5e6de7586af18c04547ce672f6ae848c28ad27bb/analysis/1350214668/ - TrendMicro-HouseCall TROJ_GEN.F47V1012 20121014
https://www.virustotal.com/file/a292b3aeb6c9decfb2665455bf282c01461d3bb25fc1c94f1890646507401e4f/analysis/1350215034/
https://www.virustotal.com/file/86a8e0aa29a5b52c84921188cc1f0eca9a7904dcfe09544602933d8377720219/analysis/1350215086/
https://www.virustotal.com/file/62be9be47fb4b3d2dda8ccdc65628cff6c201f6a8f00034a4eb538c5a800d86f/analysis/1350215106/
https://www.virustotal.com/file/2b6b93c2d66969eb00258e2b5ad6172decebada096e3b1b077a3380c80e4a072/analysis/1350215139/
https://www.virustotal.com/file/2d5670881a6d13a100e37da297f6eeb876f68b63073a28eb5d650625c60f9bf7/analysis/1350215165/


3) Directory of \Program Files\BIOS Update\BIOS Update\AMI

2012.10.02 13:08 <DIR> .
2012.10.02 13:08 <DIR> ..
2008.10.28 13:41 368.768 AFUWIN.exe
2008.10.28 13:41 592.512 AFUWINx64.exe
2008.10.28 13:41 102.512 Ucoredll.dll
2008.10.28 13:41 15.432 Ucoresys.sys
2008.10.28 13:41 7.840 Ucorevxd.vxd
2008.10.28 13:41 14.632 Ucorew64.sys
6 File(s) 1.101.696 bytes

https://www.virustotal.com/file/3d72ca990dae03244f889fad483fdbbdba4047341db7a29b3b05129b109b9aba/analysis/1350215602/
https://www.virustotal.com/file/cf8506760532a8a6679501ddd7e16d84cd873a2541c8dc870f382ea9a3ac5d16/analysis/1350215630/
https://www.virustotal.com/file/b0269ebcf8c976bcce4fc3cf7a7aaf411f7e3834f44a23aebf4e423552c5332c/analysis/1350215746/
https://www.virustotal.com/file/fd6f56189cd723b32fc06392867fcd5128e63d8b5801e4f7a83523f820531981/analysis/1350215769/
https://www.virustotal.com/file/0c30287deb78a25a4037fc3201062ddf880b06ea436550d83f47fb7fcac7dcf4/analysis/1350215788/
https://www.virustotal.com/file/a7c8f4faf3cbb088cac7753d81f8ec4c38ccb97cd9da817741f49272e8d01200/analysis/1350215803/


4) Directory of \Program Files\BIOS Update\BIOS Update\Image

2012.10.02 13:08 <DIR> .
2012.10.02 13:08 <DIR> ..
2007.12.07 17:49 19.256 BackupMD.bmp
2007.12.07 17:48 19.256 BackupMU.bmp
2008.06.23 11:36 4.422 online1.gif
2008.06.23 11:36 4.437 online2.gif
2007.12.07 17:45 20.728 restart-01.bmp
2007.12.07 17:45 20.728 restart-02.bmp
2007.12.07 17:50 19.256 UpdateMD.bmp
2007.12.07 17:50 19.256 UpdateMU.bmp
8 File(s) 127.339 bytes

https://www.virustotal.com/file/a667823f23abce186a9174551d6e378d4e06322448ff17682e07fb1e76343962/analysis/1350216094/
https://www.virustotal.com/file/9bd7d53635f7e95f76a037f716fbf70d6ad64f390c1eb1c3ea38ba38c9f32c75/analysis/1350216130/
https://www.virustotal.com/file/f794a2bcb70636df8f5f389b6869c5e2494e957a504fedd1f9f50d72e9b98cd7/analysis/1350216141/
https://www.virustotal.com/file/e652d85b123e75e873b82dfc29f3cb73e3242aabc6b2d2b4f331fce4811ca124/analysis/1350216184/
https://www.virustotal.com/file/e16820e192ce77a8c9c82ae0f9ef870951fce073d8b38e1f5bb9cb8691036df9/analysis/1350216153/
https://www.virustotal.com/file/2696224c752dfc546b3f539a544089c759899267afe95a651dfa9ae15e910b69/analysis/1350216161/
https://www.virustotal.com/file/14c6818c948d6dabf37568b4bddc9814bd1388ed2145e0cca65af6b16f75fc59/analysis/1350216168/
https://www.virustotal.com/file/6330ac8503e732cf864956fd267d7be4045fab2fa37785b2f103b21e622d42e5/analysis/1350216174/


5) Directory of \Program Files\BIOS Update\BIOS Update\Award\Image\Skin_1

2012.10.02 13:08 <DIR> .
2012.10.02 13:08 <DIR> ..
2007.12.07 17:49 19.256 BackupMD.bmp
2007.12.07 17:48 19.256 BackupMU.bmp
2007.12.17 17:42 27.702 BigOut5.bmp
2007.12.07 17:44 20.728 CCMOS.bmp
2007.12.07 17:43 20.728 NCMOS.bmp
2007.12.07 17:45 20.728 restart-01.bmp
2007.12.07 17:45 20.728 restart-02.bmp
2007.12.07 17:50 19.256 UpdateMD.bmp
2007.12.07 17:50 19.256 UpdateMU.bmp
9 File(s) 187.638 bytes

https://www.virustotal.com/file/a667823f23abce186a9174551d6e378d4e06322448ff17682e07fb1e76343962/analysis/1350216426/
https://www.virustotal.com/file/9bd7d53635f7e95f76a037f716fbf70d6ad64f390c1eb1c3ea38ba38c9f32c75/analysis/1350216425/
https://www.virustotal.com/file/03f065445b5c6571fd90fdb269f03ea74e18e1e923bddb77bd7e4be692f3678b/analysis/1350216394/
https://www.virustotal.com/file/426ef037b6ff4010a73d7bb3c7c4df6d9c105ea02c447ddee51c320324178f7b/analysis/1350216393/
https://www.virustotal.com/file/3c5fe788c2a5b0cbd1a29d99dd73b169d74a86bc108f085d058789d92d90c540/analysis/1350216436/
https://www.virustotal.com/file/e16820e192ce77a8c9c82ae0f9ef870951fce073d8b38e1f5bb9cb8691036df9/analysis/1350216471/
https://www.virustotal.com/file/2696224c752dfc546b3f539a544089c759899267afe95a651dfa9ae15e910b69/analysis/1350216470/
https://www.virustotal.com/file/14c6818c948d6dabf37568b4bddc9814bd1388ed2145e0cca65af6b16f75fc59/analysis/1350216456/
https://www.virustotal.com/file/6330ac8503e732cf864956fd267d7be4045fab2fa37785b2f103b21e622d42e5/analysis/1350216467/


Thanks again.

Edited by domino loto, 14 October 2012 - 07:55 AM.


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:27 PM

Posted 14 October 2012 - 06:07 PM

To my knowledge there was no big change in the system, applications and antivirus


So, to your knowledge, they did not update the signatures on the bios.exe file? Could you explain how you could know this?

Here's some info about the files in "BIOS Update" directory (I have a copy of this whole directory on my flash drive). I have just rescanned these files from my flash drive with virustotal.com. TrendMicro finds TROJ_GEN in both BIOS.exe files.


Yes it does, but 43 other trusted scanners found nothing. It seems that TrendMicro is presenting a false positive on this file.


You are, understandably, looking for ghosts. Your machine is clean and the files you have detected as possibly malicious are not malicious. You are safe to boot from the drive.
Posted Image
m0le is a proud member of UNITE

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:27 PM

Posted 19 October 2012 - 08:36 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:27 PM

Posted 20 October 2012 - 01:27 PM

This topic has been re-opened at the request of the person who originally posted.
Posted Image
m0le is a proud member of UNITE

#13 domino loto

domino loto
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 20 October 2012 - 04:15 PM

Hi,

Here's ESET Online Scan log:
C:\dlP3\CDRW\Alcohol 120% v.1.4.7.1005.rar a variant of Win32/Tool.TPE.A application deleted - quarantined
C:\dlP3\img\photoshop 8.0 CS\Adobe Photoshop Cs 8.0Fhotoshop'as.iso probably a variant of Win32/TrojanDownloader.Agent.IPGQQOF trojan deleted - quarantined
C:\dlP3\Security\gal itartini\tds3setup.exe Win32/Qhost.OTR trojan cleaned by deleting - quarantined
C:\Documents and Settings\Giedrius\Local Settings\Temp\ICReinstall\cnet2_copernicdesktopsearch-home_exe (1).exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Giedrius\My Documents\Downloads\any-audio-converter (2).exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\Giedrius\My Documents\Downloads\bs_Orbit_Downloader.exe Win32/Amonetize application cleaned by deleting - quarantined
C:\Documents and Settings\Giedrius\My Documents\Downloads\cnet2_copernicdesktopsearch-home_exe (1).exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Giedrius\My Documents\Downloads\cnet2_copernicdesktopsearch-home_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Giedrius\My Documents\Downloads\DTLite4454-0315.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\Giedrius\My Documents\Downloads\HC2Setup.exe Win32/Somoto application deleted - quarantined
C:\Documents and Settings\Giedrius\My Documents\Downloads\Hirens.BootCD.12.0.zip Win32/PSWTool.KonBoot.A application deleted - quarantined
C:\Documents and Settings\Giedrius\My Documents\Downloads\OrbitDownloaderSetup.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\Giedrius\My Documents\Downloads\Setup_FreeVideoConverter.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Documents and Settings\Giedrius\My Documents\Downloads\SUPERsetup.exe Win32/OpenCandy application cleaned by deleting - quarantined

What I else did was - I just rebooted a few times:

I've disabled Avast realtime protection, enabled AVG2013 Free realtime protection, and rebooted a few times.
Then I noticed later today that AVG realtime Identity protection has made a few process kills/quarantines automatically while Windows was locked, and without internet connection for at least 1 day (taskbar was showing wireless network disconnected and the router had a rule of not allowing this IP to connect to internet). Was it a false positive again? :(
AVG Free realtime protection has never been showing me such messages in like 10 years.. Should I just throw AVG away or ignore it completely? I've already read that AVG Free is no more good these times, but is it really bad like this at recognizing malware? Or is it just in my case?..
Here are the messages:
Detection name: Unknown, Severity: Medium
C:\WINDOWS\ALCFDRTM.EXE - deleted, moved to virus vault; file or directory; 2012.10.20, 16:04:25
C:\WINDOWS\ALCFDRTM.EXE - deleted; process; 2012.10.20, 16:04:25
C:\Documents and Settings\Giedrius\Application Data\Dropbox\bin\Dropbox.exe - deleted; process; 2012.10.20, 16:04:25
AVG2013 did it automatically while I was away from PC.

virustotal.com shows no viruses on ALCFDRTM.EXE file: https://www.virustotal.com/file/76b8a30bc508f1164b8e2b396feee6fc0eb9db056d51ee39826843b08253bacb/analysis/1350741250/
So I've unquarantined ALCFDRTM.EXE afterwards.

Also, since you said this PC is practically clean, I thought it's no problem to scan with a few more free antivirus scanners I have on this machine (without any installing/fixing):

I've tried to scan this PC with


- AVG2013, and I've seen messages like this:
"The file is signed with a broken digital signature, issued by: Microsoft Corporation." - "C:\WINDOWS\Installer\cfb74413.msi" - "Infected"
"The file is signed with a broken digital signature, issued by: Microsoft Corporation." - "C:\dlP3\Music\Recording\mp3-wma-recorder.exe" - "Infected"

- Avast boot mode, it shows messages like these:
various 'Error 42125 {ZIP archive is corrupted.}' messages
various '{Installer archive is corrupted.}' messages - e.g. File C:\dlP3\Music\Cubase_VST24_Demo.exe|>%MAINDIR%\Cubase.exe Error 42145 {Installer archive is corrupted.}
File C:\Documents and Settings\Giedrius\My Documents\Downloads\dap10.exe|>[Embedded_R#001280]|>%TEMPCABFULLDIR%\DapLang.cab|>DAP.exe|>[Armadillo] is infected by Win32:Dropper-gen [Drp]
File C:\System Volume Information\_restore{0381261C-4BE4-4CA4-96B3-4CCA6B5C5743}\RP67\A0016593.exe|>$INSTDIR\SetupDTSB.exe|>VVSN.exe is infected by Win32:Whenu-I [PUP]
File C:\System Volume Information\_restore{0381261C-4BE4-4CA4-96B3-4CCA6B5C5743}\RP67\A0016593.exe|>$INSTDIR\SetupDTSB.exe is infected by Win32:PUP-gen [PUP]
File C:\WINDOWS\SoftwareDistribution\Download\d8d19e7b16e1dafba6906abfdd61b4f9\BIT173.tmp|>legitcheckcontrol.dll Error 42127 {CAB archive is corrupted.}

- Avast normal mode, it shows some similar messages, like these:
C:\dlP3\emergency\ERD Commander 2005\Erd2005.iso|>I386\SYSTEM32\DISKPART.EXE [L] Win32:Malware-gen (0)
C:\Documents and Settings\Giedrius\My Documents\Downloads\dap10.exe|>[Embedded_R#001280]|>%TEMPCABFULLDIR%\DapLang.cab|>DAP.exe|>[Armadillo] [L] Win32:Dropper-gen [Drp] (0)
C:\System Volume Information\_restore{0381261C-4BE4-4CA4-96B3-4CCA6B5C5743}\RP67\A0016593.exe|>$INSTDIR\SetupDTSB.exe|>VVSN.exe [L] Win32:Whenu-I [PUP] (0)
C:\System Volume Information\_restore{0381261C-4BE4-4CA4-96B3-4CCA6B5C5743}\RP67\A0016593.exe|>$INSTDIR\SetupDTSB.exe [L] Win32:PUP-gen [PUP] (0)

- MBAM (nothing found)

I have a few more questions:

Do I have to care about some of messages like these seen above?

Can I use DeFogger? Can I then run DDS and GMER on this PC just to be sure I haven't skipped something?

There are a few 'driver corrupted or missing' marks in Device manager seen (ASUS Other Devices>Enhanced Display Driver Helper Service, Processors>AMD Athlon™ 64 X2 Dual Core Processor BE-2350 (two lines), System devices>AMD Special Tools Driver), which are probably related to the unknown files mentioned in the original post. Should I fix it by uninstalling and reinstalling the corresponding drivers, or installing on top of the corrupted ones, or fix it in some other way?

Do you know some online guide on how to investigate Windows XP/7 PC for unknown malware/zero day malware?
What tools would you recommend to use when doing such an investigation? (tools like process explorer etc., so that one could also understand better in general what is going on in the system and what are the causes of some system behaviour)

I forgot to note - there are a few more things which I observe for at least a few months - these could be related with this topic, but I'm not sure, just to let you know:
  • After logging in, I usually see a message: found new hardware 'Net'. I always ignore it or choose "cancel". Maybe it's related to vmware virtual box, but I doubt it, since this message started to appear later than I've started to use vmware.
  • After logging in, the red Windows security shield with a tooltip "no firewall is turned on" usually shows for about 30-60 seconds.
  • Shut-down (or restart) closes many programs, but usually still doesn't shut the Windows down. It does shut-down (restart) after the second time I initiate it though.
  • Hibernate also didn't work lately (it would just show preparing to hibernate message)
  • I used to have some winlogon and other image errors, and I've used windows system file checker
And one last thing: I noticed that my BIOS has a MBR write protection setting set to On. :thumbup2:

Thank you for reopening the thread, and for sticking with this.


Edit reason: added note about BIOS MBR protection setting.

Edited by domino loto, 20 October 2012 - 04:34 PM.


#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:27 PM

Posted 20 October 2012 - 09:03 PM

Detection name: Unknown, Severity: Medium
C:\WINDOWS\ALCFDRTM.EXE - deleted, moved to virus vault; file or directory; 2012.10.20, 16:04:25
C:\WINDOWS\ALCFDRTM.EXE - deleted; process; 2012.10.20, 16:04:25
C:\Documents and Settings\Giedrius\Application Data\Dropbox\bin\Dropbox.exe - deleted; process; 2012.10.20, 16:04:25

False positives. The ALCFRDRTM.EXE file is a Realtek file. Dropbox is a legit program

So I've unquarantined ALCFDRTM.EXE afterwards.

:thumbup2:


- AVG2013, and I've seen messages like this:
"The file is signed with a broken digital signature, issued by: Microsoft Corporation." - "C:\WINDOWS\Installer\cfb74413.msi" - "Infected"
"The file is signed with a broken digital signature, issued by: Microsoft Corporation." - "C:\dlP3\Music\Recording\mp3-wma-recorder.exe" - "Infected"


AVG seems to like flagging any broken digital signature file as infected. This is not always the case and here they are Microsoft corp files that may be corrupt.


- Avast boot mode, it shows messages like these:
various 'Error 42125 {ZIP archive is corrupted.}' messages
various '{Installer archive is corrupted.}' messages - e.g. File C:\dlP3\Music\Cubase_VST24_Demo.exe|>%MAINDIR%\Cubase.exe Error 42145 {Installer archive is corrupted.}


Corruption seems to be a bit of a theme on your machine

File C:\Documents and Settings\Giedrius\My Documents\Downloads\dap10.exe|>[Embedded_R#001280]|>%TEMPCABFULLDIR%\DapLang.cab|>DAP.exe|>[Armadillo] is infected by Win32:Dropper-gen [Drp]
File C:\System Volume Information\_restore{0381261C-4BE4-4CA4-96B3-4CCA6B5C5743}\RP67\A0016593.exe|>$INSTDIR\SetupDTSB.exe|>VVSN.exe is infected by Win32:Whenu-I [PUP]
File C:\System Volume Information\_restore{0381261C-4BE4-4CA4-96B3-4CCA6B5C5743}\RP67\A0016593.exe|>$INSTDIR\SetupDTSB.exe is infected by Win32:PUP-gen [PUP]
File C:\WINDOWS\SoftwareDistribution\Download\d8d19e7b16e1dafba6906abfdd61b4f9\BIT173.tmp|>legitcheckcontrol.dll Error 42127 {CAB archive is corrupted.}

The System Restore files would have been removed at the end of the fix. The corrupt CAB again shows the damage on your machine



Can I use DeFogger? Can I then run DDS and GMER on this PC just to be sure I haven't skipped something?

Defogger just halts the processes for the CD emulator making the Gmer log much shorter. It's a perfectly safe tool

There are a few 'driver corrupted or missing' marks in Device manager. Should I fix it by uninstalling and reinstalling the corresponding drivers, or installing on top of the corrupted ones, or fix it in some other way?

Reinstallation should be able to fix most damage

Do you know some online guide on how to investigate Windows XP/7 PC for unknown malware/zero day malware?

Unknown malware, by definition, isn't going to have a guide because it isn't known. Every malware attack differs from the previous one so there isn't anywhere specific I can point you. The other reason is that these attacks are getting smarter and involve areas of the machine that are not as well known as others. The MBR is a good example of a new area for recent TDL4 infections.

What tools would you recommend to use when doing such an investigation? (tools like process explorer etc., so that one could also understand better in general what is going on in the system and what are the causes of some system behaviour)

This completely depends on the infection. Some tools are intuitive and others autocheck and remove. I would suggest you look at Autoruns if you want to see a good scanner for troubleshooting.

  • Please download AutoRuns and save it to your desktop.
  • Right click on the downloaded file and choose Extract All Files.
  • Once extracted, open the program named Autoruns.
  • Click on Options and then Hide Microsoft and Windows Entries.
  • Press F5 to refresh the startup list.
  • Next go to File -> Save and choose the file type to Text File (.txt).
  • Please attach the text file to your next reply.

Be careful what you act on though, as you can see all companies flag fps.



  • After logging in, I usually see a message: found new hardware 'Net'. I always ignore it or choose "cancel". Maybe it's related to vmware virtual box, but I doubt it, since this message started to appear later than I've started to use vmware.
  • After logging in, the red Windows security shield with a tooltip "no firewall is turned on" usually shows for about 30-60 seconds.
  • Shut-down (or restart) closes many programs, but usually still doesn't shut the Windows down. It does shut-down (restart) after the second time I initiate it though.
  • Hibernate also didn't work lately (it would just show preparing to hibernate message)


1) Might be .net
2) But then it switches on? Nothing worrying if that's the case
3) Strange behaviour but as I observed before, your machine has a lot of corruption. It could be an idea to do a file repair

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Posted Image



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Posted Image


Go to Step 4 and under "System Restore" click on Create button:

Posted Image


Go to Start Repairs tab and click Start button.

Posted Image


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Posted Image

Click on box next to the Restart System when Finished. Then click on Start.


You may have to run sfc/ scannow for system files search and repair


4) See answer 3
Posted Image
m0le is a proud member of UNITE

#15 domino loto

domino loto
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 22 October 2012 - 08:13 AM

Hi,

I've just checked some of these corrupt files and it seems there are quite a few cases where these files are simply unfinished Windows-initiated or user-initiated downloads or temp files, and even some archives which are perfectly OK when tested with WinRAR or 7zip (while e.g. Avast shows it's corrupted - I suspect that some of them might be showing corrupt to Avast because they are multipart archives).

(1) Regarding http://support.microsoft.com/kb/918608
1. Click Start, click Run, type DEVMGMT.MSC, and then click OK.
2. Right-click .NET Runtime Optimization Service V2.0.Number_Number if the device appears, and then click Uninstall.
I don't see such a device, so I've stopped here at step 2. On the other hand, I see that this "Net" message I see is related to another item in device manager, which is Network Adapters>Unknown Device (device status is: This device is not configured correctly. (Code 1)). I haven't added any physical device when this message appeared for the first time.

(4) I've just tried hibernating a few times, and it worked. However hibernate would hang and logging/switching into one more account (via fast user switching) would usually not work when a large number of programs are open. I quite often have like 30 windows opened, most of which are browser windows with a dozen of tabs in each (and I see "virtual memory low" messages sometimes), so maybe this explains it and it's quite normal that the system gets unstable and does weird things in such situations?

I've also now tried shutting down:
* after loading the login screen - it worked.
* after logging in (without any programs started manually) - same problem
so it must be some startup programs or services.

Sorry for following your instructions so slowly (I'm ill again).

At the moment, here goes the autoruns log file. Is there anything abnormal in it?
Autoruns looks like a great tool. :thumbsup: Thanks for tool suggestions and everything else.


"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Acronis Scheduler2 Service" "Acronis Scheduler Helper" "Acronis" "c:\program files\common files\acronis\schedule2\schedhlp.exe"
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "Alcmtr" "Realtek Azalia Audio - Event Monitor" "Realtek Semiconductor Corp." "c:\windows\alcmtr.exe"
+ "amd_dc_opt" "AMD Dual-Core Optimizer" "AMD" "c:\program files\amd\dual-core optimizer\amd_dc_opt.exe"
+ "avast" "avast! Antivirus" "AVAST Software" "c:\program files\avast software\avast\avastui.exe"
+ "AVG_UI" "AVG User Interface" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgui.exe"
+ "DivXUpdate" "DivX Update" "" "c:\program files\divx\divx update\divxupdate.exe"
+ "EM_EXEC" "Control Center" "Logitech Inc. " "c:\program files\logitech\mouseware\system\em_exec.exe"
+ "MaxMenuMgr" "FreeAgent™ Launcher" "Seagate LLC" "c:\program files\seagate\seagatemanager\freeagent status\stxmenumgr.exe"
+ "NeroFilterCheck" "NeroCheck" "Nero AG" "c:\windows\system32\nerocheck.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "RTHDCPL" "Realtek HD Audio Control Panel" "Realtek Semiconductor Corp." "c:\windows\rthdcpl.exe"
+ "snp325" "CameraMonitor Application" "" "c:\windows\vsnp325.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "TrueImageMonitor.exe" "Acronis True Image Monitor" "Acronis" "c:\program files\acronis\trueimagehome\trueimagemonitor.exe"
+ "tsnp325" "tsnp2std Microsoft " "" "c:\windows\tsnp325.exe"
+ "tvncontrol" "TightVNC Server for Windows" "GlavSoft LLC." "c:\program files\tightvnc\tvnserver.exe"
+ "WinVNC" "TightVNC Win32 Server" "TightVNC Group" "c:\program files\tightvnc\winvnc.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "Adobe Gamma Loader.lnk" "Adobe Gamma Loader" "Adobe Systems, Inc." "c:\program files\common files\adobe\calibration\adobe gamma loader.exe"
+ "Microsoft Office.lnk" "Microsoft Office 2000 component" "Microsoft Corporation" "c:\program files\microsoft office\office\osa9.exe"
+ "SPB Backup Sync.lnk.disabled" "" "" "c:\documents and settings\all users\start menu\programs\startup\spb backup sync.lnk.disabled"
+ "Windows Search.lnk" "Windows Search System Tray" "Microsoft Corporation" "c:\program files\windows desktop search\windowssearch.exe"
"C:\Documents and Settings\Giedrius\Start Menu\Programs\Startup" "" "" ""
+ "Dropbox.lnk" "Dropbox" "Dropbox, Inc." "c:\documents and settings\giedrius\application data\dropbox\bin\dropbox.exe"
+ "Shortcut to DXPort.exe.lnk" "" "" "File not found: C:\c\Documents and Settings\Vida\Desktop\Gie\DXport 2352-2361\DXPort.exe"
+ "T-Utility Fan Control.lnk" "" "BIOSTAR MICROTECH INT'L CORP." "c:\program files\biostar\t-utility fan control\fanconditioner.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "$Volumouse$" "Volumouse Utility" "NirSoft" "c:\program files\volumouse\volumouse.exe"
+ "ASUS SmartDoctor" "SmartDoctor" "ASUSTeK Inc." "c:\program files\asus\smartdoctor\smartdoctor.exe"
+ "Copernic Desktop Search - Home" "Copernic Desktop Search Service" "Copernic Inc." "c:\program files\copernic desktop search - home\desktopsearchservice.exe"
+ "DAEMON Tools Lite" "DAEMON Tools Lite" "DT Soft Ltd" "c:\program files\daemon tools lite\dtlite.exe"
+ "Google Update" "Google Installer" "Google Inc." "c:\documents and settings\giedrius\local settings\application data\google\update\googleupdate.exe"
+ "H/PC Connection Agent" "ActiveSync Connection Manager" "Microsoft Corporation" "c:\program files\microsoft activesync\wcescomm.exe"
+ "Skype" "Skype " "Skype Technologies S.A." "c:\program files\skype\phone\skype.exe"
+ "WinClicker.exe" "Salling Clicker" "Salling Software AB" "c:\program files\salling software ab\salling clicker\winclicker.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "linkscanner" "" "" "File not found: C:\Program Files\AVG\AVG2012\avgpp.dll"
+ "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8117.0416.dll"
+ "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8117.0416.dll"
+ "skype-ie-addon-data" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Windows Desktop Search Namespace Manager" "Windows Search Namespace Manager" "Microsoft Corporation" "c:\program files\windows desktop search\msnlnamespacemgr.dll"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Acronis True Image Shell Context Menu Extension" "Acronis True Image Shell Extensions" "Acronis" "c:\program files\acronis\trueimagehome\tishell.dll"
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\giedrius\application data\dropbox\bin\dropboxext.14.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgse.dll"
+ "FineReader9ContextMenu" "ABBYY FineReader Integration" "ABBYY Software Ltd" "c:\program files\abbyy finereader 9.0\frintegration.dll"
+ "LavasoftShellExt" "Shell Extension " "Lavasoft Limited" "c:\program files\lavasoft\ad-aware\shellext.dll"
+ "PSPad" "" "" "c:\program files\pspad editor\pspadshell.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\giedrius\application data\dropbox\bin\dropboxext.14.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers" "" "" ""
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "FileZilla3CopyHook" "fzshellext Dynamic Link Library" "" "c:\program files\filezilla client\fzshellext.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\giedrius\application data\dropbox\bin\dropboxext.14.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll"
+ "ContextMenu" "ASUS Display Property Page" "ASUSTeK COMPUTER INC." "c:\windows\system32\atkdispcpl.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "OpenOffice.org" "c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
"HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Acronis True Image Shell Context Menu Extension" "Acronis True Image Shell Extensions" "Acronis" "c:\program files\acronis\trueimagehome\tishell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgse.dll"
+ "Fast Explorer" "Fast Explorer shell extension" "Alex Yakovlev" "c:\documents and settings\all users\application data\alldup\feshlext.dll"
+ "LavasoftShellExt" "Shell Extension " "Lavasoft Limited" "c:\program files\lavasoft\ad-aware\shellext.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "1TortoiseNormal" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "2TortoiseModified" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "3TortoiseConflict" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "4TortoiseLocked" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "5TortoiseReadOnly" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "6TortoiseDeleted" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "7TortoiseAdded" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "8TortoiseIgnored" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "9TortoiseUnversioned" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\giedrius\application data\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\giedrius\application data\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\giedrius\application data\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\giedrius\application data\dropbox\bin\dropboxext.14.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll"
+ "AVG Safe Search" "" "" "File not found: C:\Program Files\AVG\AVG2012\avgssie.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "Octh Class" "Orbitcth" "Orbitdownloader.com" "c:\program files\orbitdownloader\orbitcth.dll"
+ "Skype Browser Helper" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "SpeedBit Link Verification Helper" "DAP Link Verification Extension" "Speedbit Ltd." "c:\program files\dap\linkverifier.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll"
+ "DAEMON Tools Toolbar" "ToolBand Module" "" "c:\program files\daemon tools toolbar\dttoolbar.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Add to Evernote" "Web Clipper extension tool for IE" "Evernote Corporation" "c:\program files\evernote\evernote3\enbar.dll"
+ "Create Mobile Favorite" "ActiveSync Favorite Synchronization" "Microsoft Corporation" "c:\program files\microsoft activesync\inetrepl.dll"
+ "Create Mobile Favorite..." "ActiveSync Favorite Synchronization" "Microsoft Corporation" "c:\program files\microsoft activesync\inetrepl.dll"
+ "Skype Click to Call" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Spybot - Search & Destroy Configuration" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Ad-Aware Update (Weekly).job" "Ad-Aware Admin Application " "Lavasoft Limited " "c:\program files\lavasoft\ad-aware\ad-awareadmin.exe"
+ "avast! Emergency Update.job" "avast! Emergency Update" "AVAST Software" "c:\program files\avast software\avast\avastemupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-789336058-682003330-839522115-1004Core.job" "Google Installer" "Google Inc." "c:\documents and settings\giedrius\local settings\application data\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-789336058-682003330-839522115-1004UA.job" "Google Installer" "Google Inc." "c:\documents and settings\giedrius\local settings\application data\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-789336058-682003330-839522115-1007Core.job" "Google Installer" "Google Inc." "c:\documents and settings\kristina\local settings\application data\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-789336058-682003330-839522115-1007UA.job" "Google Installer" "Google Inc." "c:\documents and settings\kristina\local settings\application data\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-789336058-682003330-839522115-1009Core.job" "Google Installer" "Google Inc." "c:\documents and settings\giedrius2\local settings\application data\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-789336058-682003330-839522115-1009UA.job" "Google Installer" "Google Inc." "c:\documents and settings\giedrius2\local settings\application data\google\update\googleupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ABBYY.Licensing.FineReader.Professional.9.0" "This service is required for the operation of the ABBYY FineReader 9.0 Professional Edition licensing mechanism." "ABBYY (BIT Software)" "c:\program files\common files\abbyy\finereader\9.00\licensing\pe\networklicenseserver.exe"
+ "AcrSch2Svc" "Task scheduling for Acronis applications." "Acronis" "c:\program files\common files\acronis\schedule2\schedul2.exe"
+ "Ati HotKey Poller" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe"
+ "ATKKeyboardService" "ASUS Keyboard Service " "ASUSTeK COMPUTER INC." "c:\windows\atkkbservice.exe"
+ "avast! Antivirus" "Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler." "AVAST Software" "c:\program files\avast software\avast\avastsvc.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgwdsvc.exe"
+ "bgsvcgen" "Provides CD/DVD writing interface for B's Recorder" "B.H.A Corporation" "c:\windows\system32\bgsvcgen.exe"
+ "Capture Device Service" "Manages device arrival and removal event. This service is provided by InterVideo." "InterVideo Inc." "c:\program files\common files\intervideo\deviceservice\devsvc.exe"
+ "FreeAgentGoNext Service" "Seagate Service" "Seagate Technology LLC" "c:\program files\seagate\seagatemanager\sync\freeagentservice.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "Lavasoft Ad-Aware Service" "Ad-Aware Service" "Lavasoft Limited" "c:\program files\lavasoft\ad-aware\aawservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files\skype\updater\updater.exe"
+ "tvnserver" "TightVNC Server for Windows" "GlavSoft LLC." "c:\program files\tightvnc\tvnserver.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "z2 R2PC Server" "Allows authorized mobile device user securely connects to this computer, interactively controls applications and transfers files." "z2 Software" "c:\program files\z2 remote2pc\r2pcserv.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Aavmker4" "avast! Asynchronous Virus Monitor" "AVAST Software" "c:\windows\system32\drivers\aavmker4.sys"
+ "AIDA32Driver" "" "" "File not found: C:\d\Downloads\Benchmark\AIDA3942\aida32.sys"
+ "Aken" "" "" "File not found: C:\Games\0ad\binaries\system\aken.sys"
+ "AmdK8" "" "" "File not found: system32\DRIVERS\AmdK8.sys"
+ "AmdLLD" "AMD Low Level Device Driver" "AMD, Inc." "c:\windows\system32\drivers\amdlld.sys"
+ "AMDPCI" "" "" "File not found: C:\DOCUME~1\Giedrius\LOCALS~1\Temp\AMDPCI.sys"
+ "amdtools" "" "" "File not found: system32\DRIVERS\AmdTools.sys"
+ "asusgsb" "ASUS Virtual Video Capture Device Driver" "ASUSTeK Computer Inc." "c:\windows\system32\drivers\asusgsb.sys"
+ "asuskbnt" "" "" "File not found: system32\drivers\atkkbnt.sys"
+ "aswFsBlk" "avast! mini-filter driver (aswFsBlk)" "AVAST Software" "c:\windows\system32\drivers\aswfsblk.sys"
+ "aswMon2" "avast! Standard Shield Support" "AVAST Software" "c:\windows\system32\drivers\aswmon2.sys"
+ "AswRdr" "avast! TDI Redirect driver" "AVAST Software" "c:\windows\system32\drivers\aswrdr.sys"
+ "aswSnx" "avast! virtualization driver (aswSnx)" "AVAST Software" "c:\windows\system32\drivers\aswsnx.sys"
+ "aswSP" "avast! Self Protection" "AVAST Software" "c:\windows\system32\drivers\aswsp.sys"
+ "aswTdi" "avast! Network Shield TDI driver" "AVAST Software" "c:\windows\system32\drivers\aswtdi.sys"
+ "ati2mtag" "ATI Radeon WindowsNT Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\ati2mtag.sys"
+ "AtiHdmiService" "Ati High Definition Audio Function Driver" "ATI Research Inc." "c:\windows\system32\drivers\atihdmi.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdriverx.sys"
+ "AVGIDSHX" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidshx.sys"
+ "AVGIDSShim" "AVG Technologies IDS Application Activity Monitor Shim Loader Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsshimx.sys"
+ "Avgldx86" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx86.sys"
+ "Avglogx" "AVG Logging Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avglogx.sys"
+ "Avgmfx86" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx86.sys"
+ "Avgrkx86" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx86.sys"
+ "Avgtdix" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdix.sys"
+ "BIOS" "" "" "File not found: C:\WINDOWS\system32\drivers\BIOS.sys"
+ "BS_Flash" "" "" "File not found: C:\Program Files\BIOS Update\BIOS Update\Award\BS_Flash.sys"
+ "BS_I2cIo" "I/O Interface driver file" "BIOSTAR Group" "c:\windows\system32\drivers\bs_i2cio.sys"
+ "BUFADPT" "" "" "File not found: C:\WINDOWS\system32\BUFADPT.SYS"
+ "CBBCM300" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\cbg300n.sys"
+ "cdrbsdrv" "CD-ROM Filter Driver for Windows2000/xp" "B.H.A Corporation" "c:\windows\system32\drivers\cdrbsdrv.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "cpuz135" "" "" "File not found: C:\DOCUME~1\Giedrius\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys"
+ "EIO_XP" "IDS Universal Driver." "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\eio_xp.sys"
+ "epmntdrv" "" "" "c:\windows\system32\epmntdrv.sys"
+ "EuGdiDrv" "" "" "c:\windows\system32\eugdidrv.sys"
+ "fltsrv" "Acronis Storage Filter Management Driver" "Acronis" "c:\windows\system32\drivers\fltsrv.sys"
+ "GarenaPEngine" "" "" "File not found: C:\DOCUME~1\Giedrius\LOCALS~1\Temp\JMC64.tmp"
+ "GemCCID" "" "" "File not found: System32\Drivers\GemCCID.sys"
+ "giveio" "" "" "c:\windows\system32\giveio.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkhdaud.sys"
+ "IOMap" "ASUS Kernel Mode Driver for NT " "ASUSTeK Computer Inc." "c:\windows\system32\drivers\iomap.sys"
+ "l8042pr2" "Logitech PS/2 Mouse Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\l8042pr2.sys"
+ "Lavasoft Kernexplorer" "" "" "c:\program files\lavasoft\ad-aware\kernexplorer.sys"
+ "Lbd" "Ad-Aware mini-filter driver" "Lavasoft AB" "c:\windows\system32\drivers\lbd.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "LHidFlt2" "Logitech HID Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lhidflt2.sys"
+ "LHidUsb" "Logitech USB Receiver" "Logitech, Inc." "c:\windows\system32\drivers\lhidusb.sys"
+ "LKbdFlt2" "Logitech Filter Driver for Keyboard Class." "Logitech, Inc." "c:\windows\system32\drivers\lkbdflt2.sys"
+ "LMouFlt2" "Logitech Filter Driver for Mouse Class." "Logitech, Inc." "c:\windows\system32\drivers\lmouflt2.sys"
+ "MxlW2k" "MusicMatch Access Layer KMD" "MusicMatch, Inc." "c:\windows\system32\drivers\mxlw2k.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "RTHDMIAzAudService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rthdmi.sys"
+ "RTLE8023xp" "Realtek 10/100/1000 NDIS 5.1 Driver " "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtenicxp.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "snapman" "Acronis Snapshot API" "Acronis" "c:\windows\system32\drivers\snapman.sys"
+ "snapman612" "" "" "File not found: system32\DRIVERS\snman612.sys"
+ "SNP325" "USB PC Camera driver" "Sonix Co. Ltd." "c:\windows\system32\drivers\snp325.sys"
+ "sonypvs1" "Sony Digital Imaging" "Sony Corporation" "c:\windows\system32\drivers\sonypvs1.sys"
+ "speedfan" "SpeedFan Device Driver" "Windows ® 2000 DDK provider" "c:\windows\system32\speedfan.sys"
+ "sptd" "" "" "c:\windows\system32\drivers\sptd.sys"
+ "timounter" "Acronis Backup Archive Explorer" "Acronis" "c:\windows\system32\drivers\timntr.sys"
+ "VBoxDrv" "VirtualBox Support Driver" "Oracle Corporation" "c:\windows\system32\drivers\vboxdrv.sys"
+ "VBoxNetAdp" "VirtualBox Host-Only Network Adapter Driver" "Oracle Corporation" "c:\windows\system32\drivers\vboxnetadp.sys"
+ "VBoxNetFlt" "VirtualBox Bridged Networking Driver" "Oracle Corporation" "c:\windows\system32\drivers\vboxnetflt.sys"
+ "VBoxUSB" "VirtualBox USB Driver" "Oracle Corporation" "c:\windows\system32\drivers\vboxusb.sys"
+ "VBoxUSBMon" "VirtualBox USB Monitor Driver" "Oracle Corporation" "c:\windows\system32\drivers\vboxusbmon.sys"
+ "Video3D" "ASUS Video3D driver" "ASUSTeK COMPUTER INC." "c:\windows\system32\drivers\video3d32.sys"
+ "vididr" "Virtual Disk Driver Service" "Acronis" "c:\windows\system32\drivers\vididr.sys"
+ "vidsflt53" "Acronis Virtual Disk Storage Filter" "Acronis" "c:\windows\system32\drivers\vsflt53.sys"
+ "WDC_SAM" "Manages WD external storage products." "Western Digital Technologies" "c:\windows\system32\drivers\wdcsam.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "WINFLASH" "" "" "c:\program files\biostar\t-utility bios live update\winflash.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.ac3acm" "AC-3 ACM Codec" "fccHandler" "c:\windows\system32\ac3acm.acm"
+ "msacm.divxa32" "DivX WMA Audio6 FileVersion" "Kristal StudioDFileDescription" "c:\windows\system32\divxa32.acm"
+ "msacm.dvacm" "Ulead DV Audio ACM Driver" "InterVideo Digital Technology Corporation" "c:\program files\common files\ulead systems\vio\dvacm.acm"
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.l3fhg" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\mp3fhg.acm"
+ "msacm.lameacm" "Lame MP3 codec engine" "http://www.mp3dev.org/" "c:\windows\system32\lameacm.acm"
+ "msacm.MPEGacm" "Ulead MPEG1 Layer2 Audio ACM Driver" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\mpegacm.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "msacm.ulmp3acm" "Ulead MP3 codec engine" "Ulead systems" "c:\program files\common files\ulead systems\mpeg\ulmp3acm.acm"
+ "msacm.vorbis" "Ogg Vorbis CODEC for MSACM" "HMS http://hp.vector.co.jp/authors/VA012897/" "c:\windows\system32\vorbis.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
+ "VIDC.FFDS" "" "" "c:\windows\system32\ff_vfw.dll"
+ "VIDC.FPS1" "Fraps" "Beepa P/L" "c:\windows\system32\frapsvid.dll"
+ "VIDC.HFYU" "Huffyuv lossless video codec" "Disappearing Inc." "c:\windows\system32\huffyuv.dll"
+ "vidc.i263" "Intel I.263 Video Driver 2.55.012" "Intel Corporation" "c:\windows\system32\i263_32.drv"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video Interactive 32-bit Driver" "Intel Corporation" "c:\windows\system32\ir41_32.dll"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "VIDC.LAGS" "Lagarith" " " "c:\windows\system32\lagarith.dll"
+ "vidc.tscc" "TechSmith Screen Capture Codec" "TechSmith Corporation" "c:\windows\system32\tsccvid.dll"
+ "VIDC.VP60" "VP6 VIDEO FOR WINDOWS CODEC " "On2.com" "c:\windows\system32\vp6vfw.dll"
+ "VIDC.VP61" "VP6 VIDEO FOR WINDOWS CODEC " "On2.com" "c:\windows\system32\vp6vfw.dll"
+ "VIDC.VP62" "VP6 VIDEO FOR WINDOWS CODEC " "On2.com" "c:\windows\system32\vp6vfw.dll"
+ "VIDC.VP70" "VP70 VIDEO FOR WINDOWS CODEC " "On2.com" "c:\windows\system32\vp7vfw.dll"
+ "VIDC.X264" "" "" "c:\windows\system32\x264vfw.dll"
+ "VIDC.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
+ "VIDC.YV12" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "iZotope Consumer Restoration" "iZotope Consumer Restoration" "iZotope, Inc." "c:\program files\common files\techsmith shared\izotope\izotope_consumerrestoration.dll"
+ "iZotope Consumer Restoration" "iZotope Consumer Restoration" "iZotope, Inc." "c:\program files\common files\techsmith shared\izotope\izotope_consumerrestoration.dll"
+ "iZotope Vocal Enhancement" "iZotope Vocal Enhancement" "iZotope, Inc." "c:\program files\common files\techsmith shared\izotope\izotope_vocalenhancement.dll"
+ "iZotope Vocal Enhancement" "iZotope Vocal Enhancement" "iZotope, Inc." "c:\program files\common files\techsmith shared\izotope\izotope_vocalenhancement.dll"
+ "LAME Audio Encoder" "LAME Audio Encoder" "" "c:\program files\techsmith\camtasia studio 7\lame_dshow.ax"
+ "LAME Audio Encoder" "LAME Audio Encoder" "" "c:\program files\techsmith\camtasia studio 7\lame_dshow.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "AC3File" "" "" "c:\program files\k-lite codec pack\filters\ac3file.ax"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "APE DirectShow Filter" "" "Matthew T. Ashland (adopted from RadLight plugin)" "c:\program files\k-lite codec pack\filters\ape.ax"
+ "ASUS SBS RTP Render Filter" "NetVideo for SBS" "ASUSTeK Computer Inc." "c:\windows\system32\netvideo_sbs.ax"
+ "ASUS SBS RTP Source Filter" "NetVideo for SBS" "ASUSTeK Computer Inc." "c:\windows\system32\netvideo_sbs.ax"
+ "ATI MPEG Audio Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG File Writer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Multiplexer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Video Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Video Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI Video Rotation Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI Video Scaler Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CDXA Reader" "CDXA Reader Filter" "Gabest" "c:\program files\k-lite codec pack\filters\cdxareader.ax"
+ "CoreVorbis Audio Decoder" "CoreVorbis" "-" "c:\program files\k-lite codec pack\filters\corevorbis.ax"
+ "CyberLink Video/SP Decoder (PDVD8)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\k-lite codec pack\filters\clvsd.ax"
+ "DC-Bass Source" "DirectShow™ Audio Decoder" "http://www.dsp-worx.de" "c:\program files\k-lite codec pack\filters\dcbasssource.ax"
+ "Dib Output" "" "InterVideo Digital Technology Corporation" "c:\program files\common files\ulead systems\filters\diboutput.ax"
+ "Dib Receive" "" "InterVideo Digital Technology Corporation" "c:\program files\common files\ulead systems\filters\dibreceive.ax"
+ "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "DivX AAC Decoder" "AAC audio decoder filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\daac.ax"
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files\divx\divx codec\divxdec.ax"
+ "DivX Demux Filter" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX Demux Filter (Unrestricted Edition)" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX H.264 Decoder" "DivX H.264 Decoder Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\divxdech264.ax"
+ "DV ACM V/A Source Filter" "" "InterVideo Digital Technology Corporation" "c:\program files\common files\ulead systems\filters\dvsf.ax"
+ "DV V/A Source Filter" "" "InterVideo Digital Technology Corporation" "c:\program files\common files\ulead systems\filters\dvsf.ax"
+ "DV Video Source Filter" "" "InterVideo Digital Technology Corporation" "c:\program files\common files\ulead systems\filters\dvsf.ax"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "FLV Source" "FLV Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "FLV Splitter" "FLV Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "FLV4 Video Decoder" "FLV Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Video Renderer" "" "" "c:\program files\k-lite codec pack\filters\haali\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "LAME Audio Encoder" "LAME Audio Encoder" "" "c:\program files\techsmith\camtasia studio 7\lame_dshow.ax"
+ "madFlac Decoder" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "madFlac Source" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "MONOGRAM AMR Decoder" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM AMR Encoder" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM AMR Mux" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM AMR Splitter" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM Musepack Decoder" "mmmpcdec" "" "c:\program files\k-lite codec pack\filters\mmmpcdec.ax"
+ "MONOGRAM Musepack Splitter" "mmmpcdmx" "" "c:\program files\k-lite codec pack\filters\mmmpcdmx.ax"
+ "MP4 Source" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MP4 Splitter" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPC - Mpeg Source (Gabest)" "Mpeg Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mpegsplitter.ax"
+ "MPC - Mpeg Splitter (Gabest)" "Mpeg Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mpegsplitter.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "MPEG4 Video Source" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPEG4 Video Splitter" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "Nero Audio CD Filter" "Nero Audio CD Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudcd.ax"
+ "Nero Audio CD Navigator" "Nero Audio CD Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudcd.ax"
+ "Nero Audio Processor" "Nero Audio Processor" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudioconv.ax"
+ "Nero Audio Source" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Digital Audio Decoder" "Nero Audio Decoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudio.ax"
+ "Nero Digital AVC Audio Encoder" "AAC LC/HE Audio Encoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendaud.ax"
+ "Nero Digital AVC File Writer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Muxer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Null Renderer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Subpicture Enc" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital Parser" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero DV Splitter" "DV Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nedvsplitter.ax"
+ "Nero DVD Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero DVD Navigator" "DVD Navigator Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nedvd.ax"
+ "Nero ES Video Reader" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero File Source" "Nero SVCD source filter" "Nero AG " "c:\program files\common files\ahead\dsfilter\nefilesrc.ax"
+ "Nero File Source (Async.)" "NeFileSourceAsync" "Nero AG" "c:\program files\common files\ahead\dsfilter\nefilesourceasync.ax"
+ "Nero File Source / Splitter" "Push Mode VOB Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nefsource.ax"
+ "Nero Format Converter" "Frame rate / Color space converter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neroformatconv.ax"
+ "Nero Frame Capture" "Direct Show frame grabber filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\necapture.ax"
+ "Nero Mpeg2 Encoder" "MPEG 1/2 Video Encoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevcr.ax"
+ "Nero Photo Source" "NePhotoSource" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nephotosource.ax"
+ "Nero PS Muxer" "PS Muxer Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nepsmuxer.ax"
+ "Nero QuickTime™ Audio Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero QuickTime™ Video Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero Resize" "Nero Resizing Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neresize.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Splitter" "Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nesplitter.ax"
+ "Nero Vcd Navigator" "Nero Vcd Navigator Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevcd.ax"
+ "Nero Video Analyzer" "Nero Video Analyzer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideoanalyzer.ax"
+ "Nero Video Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero Video Processor" "Resize / Deinterlace / Color Correction / Film Effect / Frame Capture Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerovideoproc.ax"
+ "Nero Video Source" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Ogg Multiplexer" "Ogg DirectShow™ Filter Collection" "" "c:\windows\system32\oggds.dll"
+ "Ogg Splitter" "Ogg DirectShow™ Filter Collection" "" "c:\windows\system32\oggds.dll"
+ "RadLight OptimFROG DirectShow Filter" "RLOFRDec" "RadLight" "c:\program files\k-lite codec pack\filters\rlofrdec.ax"
+ "RealAudio Decoder" "RealMedia Splitter" "Gabest" "c:\program files\real alternative\realmediasplitter.ax"
+ "RealMedia Source" "RealMedia Splitter" "Gabest" "c:\program files\real alternative\realmediasplitter.ax"
+ "RealMedia Splitter" "RealMedia Splitter" "Gabest" "c:\program files\real alternative\realmediasplitter.ax"
+ "RealVideo Decoder" "RealMedia Splitter" "Gabest" "c:\program files\real alternative\realmediasplitter.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "T" "VP7 Decompression Filter" "On2.com Inc." "c:\program files\k-lite codec pack\filters\vp7dec.ax"
+ "TechSmith Camera Adjust" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith File Source" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith Floating Point Wave Filter" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith Flv Key Frame Setter" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith Force Color32A" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith ForceColor 24" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith ForceColor 32" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith ForceColor 555" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith ForceColor 565" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith ForceColor 8" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith Frame Rate Tuner" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith Frame Skip Filter" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith Image Source" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith Overlay" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith Perf Skip Filter" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith PushBitmap Source" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith PushBitmap Source" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith PushVMR Source" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "Techsmith Quicktime MOV Source" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith Simple PIP" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith SimplePushBitmap Source" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith Sound Effects Filter" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith Splitter Filter" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "Techsmith Structured Storage Writer" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith SWF Writer" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith Time Adjust" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith Title Source" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith Wave Buffer" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith Wave Dest" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith WMFSDK Writer" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "TechSmith ZoomPIP Filter" "Camtasia Studio DirectShow Filters" "TechSmith Corporation" "c:\program files\techsmith\camtasia studio 7\camtasiafilters.dll"
+ "Ulead AMR Audio Decoder" "MP4 AMR Audio Decoder Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uladamr.ax"
+ "Ulead Audio Dual Channel Filter" "Ulead Audio Dual Channel Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uaudiodcfilter.ax"
+ "Ulead DV Scene Detect" "ulDvScDt" "Ulead system Inc." "c:\program files\common files\ulead systems\capture\uldvscdt.ax"
+ "Ulead DV Writer" "ulDVWriter" "Ulead System Inc." "c:\program files\common files\ulead systems\capture\uldvrite.ax"
+ "Ulead DVD Audio Decoder 2" "Audio Decoder" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uldvdaudio.ax"
+ "Ulead DVD Navigator" "DVD Navigator filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\dvd\uleaddvdnavigator.ax"
+ "Ulead DVD Video decoder 2" "DVD Video Decoder with DxVA Support" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uldvdvideo.ax"
+ "ULead File Source (Async.)" "Ulead Async Filter" "Ulead Systems" "c:\program files\common files\ulead systems\mpeg\ulasync.ax"
+ "Ulead H264 Decoder" "uldsh264" "uleadivi" "c:\program files\common files\ulead systems\mpeg\uldsh264.ax"
+ "Ulead IEEE Push Source Filter" "Ulead IEEE Push Source Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\ulieeepushsource.ax"
+ "ULead Infinite Pin Tee" "Ulead Infinite Tee Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uinftee.ax"
+ "Ulead LPCM Audio Encoder" "LPCM Audio Encoder" "ULead Systems" "c:\program files\common files\ulead systems\mpeg\ulpcmpeg.ax"
+ "Ulead Mp3 Decoder" "MP3 Decoder" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uldamp3.ax"
+ "Ulead MPEG Audio Decoder" "Audio Decoder" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uldvdaudio.ax"
+ "Ulead MPEG Audio Encoder" "DS MPEG Audio Encoder" "Ulead Systems" "c:\program files\common files\ulead systems\mpeg\uleampeg.ax"
+ "Ulead MPEG Encoder" "MPEG Encoder and Muxer" "ULead Systems" "c:\program files\common files\ulead systems\mpeg\ulesmpeg.ax"
+ "Ulead MPEG Muxer" "MPEG Muxer" "ULead Systems" "c:\program files\common files\ulead systems\mpeg\ulmxmpeg.ax"
+ "Ulead MPEG Splitter" "ULead Mpeg I/II Splitter" "ULead Systems" "c:\program files\common files\ulead systems\mpeg\ulspmpeg.ax"
+ "Ulead MPEG Video Decoder" "MPEG Video and Audio Decoder" "ULead Systems" "c:\program files\common files\ulead systems\mpeg\uldsmpeg.ax"
+ "Ulead MPEG-4 ASP Video Decoder" "MP4 ASP Video Decoder Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\ulaspvdmp4.ax"
+ "Ulead MPEG-4 Audio Decoder" "MP4 AAC Audio Decoder Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uladmp4.ax"
+ "Ulead MPEG-4 Encoder" "MP4 Encoder Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\ulmp4enc.ax"
+ "Ulead MPEG-4 Splitter" "MP4 Splitter Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\ulspmp4.ax"
+ "Ulead MPEG-4 Video Decoder" "MP4 Video Decoder Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\ulvdmp4.ax"
+ "Vorbis Decoder" "Ogg DirectShow™ Filter Collection" "" "c:\windows\system32\oggds.dll"
+ "Vorbis Encoder" "Ogg DirectShow™ Filter Collection" "" "c:\windows\system32\oggds.dll"
+ "WavPack Audio Decoder" "WavPack Audio DirectShow Decoder" "-" "c:\program files\k-lite codec pack\filters\wavpackdsdecoder.ax"
+ "WavPack Audio Splitter" "WavPack Audio DirectShow Splitter" "-" "c:\program files\k-lite codec pack\filters\wavpackdssplitter.ax"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "XviD MPEG-4 Video Decoder" "" "" "c:\windows\system32\xvid.ax"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart" "AVG Resident Shield Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgrsx.exe"
+ "lsdelete" "" "" "c:\windows\system32\lsdelete.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "AtiExtEvent" "ATI External Event Utility DLL Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.dll"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users