1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Infection Detected in Drivers\sp**.sys

Discussion in 'Malware and Virus Removal Archive' started by Rauven, 2012/10/14.

Page 1 of 2
  1. 2012/10/14
    Rauven

    Rauven Inactive Thread Starter

    Joined:
    2012/10/14
    Messages:
    20
    Likes Received:
    0
    [Resolved] Infection Detected in Drivers\sp**.sys

    Hello. After my maintenance today, AVG has detected 7 dangerous rootkits, all related to \system327\drivers\spdy.sys. I told AVG to resolve the issue, and it asked for a reboot. After the reboot and another scan, it detected 7 rootkits again, this time related to spwm.sys, and after reboot it was related to spho.sys. I use MBytes on a weekly bases, and it has failed to find any kind of threat.
    Thank you in advance for your help

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.15.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Rauven :: ICARUS [administrator]

    15-10-2012 03:27:32
    mbam-log-2012-10-15 (03-27-32).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 193797
    Time elapsed: 3 minute(s), 6 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    _________________________________________________________

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-10-15 03:18:06
    Windows 6.1.7601 Service Pack 1
    Running: e19ndsje.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA4 0xB2 0x19 0xFF ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE2 0x29 0x8B 0x8D ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCB 0xE5 0x80 0x3B ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA4 0xB2 0x19 0xFF ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE2 0x29 0x8B 0x8D ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCB 0xE5 0x80 0x3B ...

    ---- EOF - GMER 1.0.15 ----
    ______________________________________________________________

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-15 03:19:33
    -----------------------------
    03:19:33.687 OS Version: Windows x64 6.1.7601 Service Pack 1
    03:19:33.687 Number of processors: 2 586 0x170A
    03:19:33.687 ComputerName: ICARUS UserName: Rauven
    03:19:34.826 Initialize success
    03:19:56.157 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
    03:19:56.173 Disk 0 Vendor: TOSHIBA_MK3263GSXN GC002M Size: 305245MB BusType: 3
    03:19:56.173 Disk 0 MBR read successfully
    03:19:56.189 Disk 0 MBR scan
    03:19:56.189 Disk 0 Windows 7 default MBR code
    03:19:56.189 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    03:19:56.204 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305149 MB offset 206848
    03:19:56.235 Disk 0 scanning C:\Windows\system32\drivers
    03:20:03.396 Service scanning
    03:20:18.325 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    03:20:23.723 Modules scanning
    03:20:23.723 Disk 0 trace - called modules:
    03:20:23.816 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80025922c0]<<spho.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    03:20:23.816 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002864060]
    03:20:24.331 3 CLASSPNP.SYS[fffff88001aa943f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8002710060]
    03:20:24.331 \Driver\atapi[0xfffffa80026f0060] -> IRP_MJ_CREATE -> 0xfffffa80025922c0
    03:20:24.331 Scan finished successfully
    03:22:46.701 Disk 0 MBR has been saved successfully to "C:\Users\Rauven\Desktop\MBR.dat "
    03:22:46.701 The log file has been saved successfully to "C:\Users\Rauven\Desktop\aswMBR.txt "

    _______________________________________________________________

    DDS (Ver_2012-10-14.05) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Run by Rauven at 3:23:53 on 2012-10-15
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.351.1033.18.2043.904 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\RocketDock\RocketDock.exe
    C:\Users\Rauven\Local Settings\Apps\F.lux\flux.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
    uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe "
    uRun: [F.lux] "C:\Users\Rauven\Local Settings\Apps\F.lux\flux.exe" /noshow
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe "
    mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
    StartupFolder: C:\Users\Rauven\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\THUNDE~1.LNK - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&nviar para o OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{499C736F-36E3-4F9A-BE27-54BC956DEA36} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{5A9A7E5A-0939-4DBE-8B67-66D69AD887B2} : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Rauven\AppData\Roaming\Mozilla\Firefox\Profiles\ezn0jz5v.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-09-18 00:33; foxmarks@kei.com; C:\Users\Rauven\AppData\Roaming\Mozilla\Firefox\Profiles\ezn0jz5v.default\extensions\foxmarks@kei.com
    FF - ExtSQL: 2012-09-18 01:25; {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}; C:\Users\Rauven\AppData\Roaming\Mozilla\Firefox\Profiles\ezn0jz5v.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
    FF - ExtSQL: 2012-09-18 01:52; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Rauven\AppData\Roaming\Mozilla\Firefox\Profiles\ezn0jz5v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF - ExtSQL: 2012-09-18 02:39; avg@toolbar; C:\ProgramData\AVG Secure Search\12.2.5.34
    FF - ExtSQL: 2012-09-20 13:18; support@lastpass.com; C:\Users\Rauven\AppData\Roaming\Mozilla\Firefox\Profiles\ezn0jz5v.default\extensions\support@lastpass.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-10-1 8704]
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-9-21 61792]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-9-13 151904]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-18 31080]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-10-2 5783672]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-2 193568]
    R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-18 722528]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2012-9-18 1103904]
    S2 gupdate;Serviço Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-18 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 gupdatem;Serviço Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-18 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-18 115168]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-9-18 20992]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-9-19 59392]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-19 1255736]
    S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?]
    .
    =============== Created Last 30 ================
    .
    2012-10-15 01:49:18 -------- d-----w- C:\c30b40518c76eaa24700db00
    2012-10-13 14:36:06 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
    2012-10-13 14:36:06 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
    2012-10-13 12:22:57 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
    2012-10-12 18:57:42 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-10-12 18:57:42 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-10-12 18:57:42 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-10-12 18:57:41 715776 ----a-w- C:\Windows\System32\kerberos.dll
    2012-10-12 18:57:41 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2012-10-10 12:15:19 -------- d-----w- C:\Users\Rauven\images
    2012-10-10 12:09:11 -------- d-----w- C:\Users\Rauven\AppData\Local\Virtual Playtable
    2012-10-10 12:08:45 -------- d-----w- C:\Program Files (x86)\Virtual Playtable
    2012-10-10 11:08:54 -------- d-----w- C:\ProgramData\.mono
    2012-10-09 02:24:16 -------- d-----w- C:\Users\Rauven\AppData\Roaming\.mono
    2012-10-09 01:17:11 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
    2012-10-09 01:15:01 -------- d-----w- C:\Users\Rauven\AppData\Roaming\Pokémon Trading Card Game Online
    2012-10-07 09:52:51 -------- d-----w- C:\Windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
    2012-10-07 09:52:15 -------- d--h--w- C:\Windows\msdownld.tmp
    2012-10-07 09:06:21 -------- d-----w- C:\Program Files (x86)\Mass Effect 2
    2012-10-06 05:21:14 -------- d-----w- C:\Users\Rauven\AppData\Local\Apps
    2012-10-05 02:26:22 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2012-10-04 21:22:43 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
    2012-10-03 20:07:24 -------- d-----w- C:\Program Files (x86)\Magic Workstation
    2012-10-02 19:18:14 -------- d-----w- C:\Users\Rauven\AppData\Roaming\BotArena
    2012-10-02 02:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
    2012-10-01 19:43:25 -------- d-----w- C:\Users\Rauven\AppData\Local\Chromium
    2012-10-01 15:34:42 -------- d-----w- C:\Program Files (x86)\EpochSoft
    2012-10-01 15:02:38 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls
    2012-10-01 14:52:29 -------- d-----w- C:\ProgramData\Hi-Rez Studios
    2012-10-01 14:52:03 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios
    2012-09-30 16:50:30 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-09-30 16:50:24 -------- d-----w- C:\Users\Rauven\AppData\Local\PunkBuster
    2012-09-30 16:46:34 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-09-30 16:46:34 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-09-30 16:46:31 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-09-29 00:57:46 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
    2012-09-29 00:57:46 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
    2012-09-29 00:57:46 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
    2012-09-29 00:57:46 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
    2012-09-29 00:57:42 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
    2012-09-29 00:57:42 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
    2012-09-28 15:53:23 -------- d-----w- C:\ProgramData\Media Center Programs
    2012-09-28 15:53:15 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
    2012-09-28 15:37:38 -------- d-----w- C:\Program Files (x86)\Mass Effect
    2012-09-28 12:13:29 -------- d-----w- C:\Users\Rauven\AppData\Local\Sidhe
    2012-09-23 12:55:03 419840 ----a-w- C:\Windows\System32\systemcplx64.dll
    2012-09-23 12:55:03 14848 ----a-w- C:\Windows\System32\slwga.dll
    2012-09-23 12:55:03 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
    2012-09-23 12:02:44 -------- d-----w- C:\Windows\System32\SPReview
    2012-09-23 12:01:19 -------- d-----w- C:\Windows\System32\EventProviders
    2012-09-21 16:35:59 -------- d-----w- C:\Program Files (x86)\PowerQuest
    2012-09-21 02:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2012-09-21 02:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
    2012-09-21 02:45:50 61792 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    2012-09-20 01:12:33 -------- d-----w- C:\Program Files (x86)\VideoLAN
    2012-09-19 23:17:19 -------- d-----w- C:\Users\Rauven\AppData\Local\Microsoft Games
    2012-09-19 15:34:54 -------- d-----w- C:\Users\Rauven\AppData\Local\SKIDROW
    2012-09-19 15:24:43 -------- d-----w- C:\Program Files (x86)\Wizards of the Coast LLC
    2012-09-19 15:10:59 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-09-19 15:09:59 61440 ----a-w- C:\Windows\SysWow64\tcpmonui.dll
    2012-09-19 15:08:59 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2012-09-19 15:07:59 73216 ----a-w- C:\Windows\System32\unimdmat.dll
    2012-09-19 15:06:54 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll
    2012-09-19 15:06:35 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
    2012-09-19 15:06:35 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
    2012-09-19 15:06:35 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
    2012-09-19 15:03:23 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
    2012-09-19 15:03:23 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
    2012-09-19 15:03:13 244736 ----a-w- C:\Windows\System32\sqmapi.dll
    2012-09-19 12:49:54 -------- d-----w- C:\Windows\SysWow64\Wat
    2012-09-19 12:49:54 -------- d-----w- C:\Windows\System32\Wat
    2012-09-19 11:18:30 294912 ----a-w- C:\Windows\System32\browserchoice.exe
    2012-09-19 10:56:46 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-09-19 10:56:46 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-09-19 10:56:46 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-09-19 10:56:45 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-09-19 10:56:45 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-09-18 20:10:48 666720 ----a-w- C:\Windows\SysWow64\xsherlock.xem
    2012-09-18 19:12:36 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2012-09-18 17:38:51 -------- d-----w- C:\Users\Rauven\AppData\Roaming\TS3Client
    2012-09-18 17:32:43 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
    2012-09-18 17:00:16 -------- d-----r- C:\Program Files (x86)\Skype
    2012-09-18 14:42:57 -------- d-----w- C:\Program Files (x86)\uTorrent
    2012-09-18 14:42:13 -------- d-----w- C:\Users\Rauven\AppData\Roaming\uTorrent
    2012-09-18 14:35:33 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
    2012-09-18 14:34:50 -------- d-----w- C:\Windows\PCHEALTH
    2012-09-18 14:34:50 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2012-09-18 14:21:20 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-09-18 14:21:19 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-09-18 14:20:57 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-18 14:12:53 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
    2012-09-18 14:08:04 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
    2012-09-18 14:06:12 -------- d-----w- C:\Users\Rauven\AppData\Local\Adobe
    2012-09-18 13:12:31 -------- d-----w- C:\Users\Rauven\AppData\Local\Microsoft Help
    2012-09-18 11:05:03 -------- d-----w- C:\Users\Rauven\AppData\Roaming\LolClient
    2012-09-18 11:00:58 540688 ----a-w- C:\Windows\System32\d3dx10_38.dll
    2012-09-18 10:59:48 3767504 ----a-w- C:\Windows\System32\d3dx9_26.dll
    2012-09-18 10:59:48 2297552 ----a-w- C:\Windows\SysWow64\d3dx9_26.dll
    2012-09-18 10:48:54 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2012-09-18 10:48:54 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2012-09-18 10:48:51 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2012-09-18 10:48:51 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2012-09-18 10:48:51 1118720 ----a-w- C:\Windows\System32\sbe.dll
    2012-09-18 10:48:49 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
    2012-09-18 10:48:49 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
    2012-09-18 10:48:49 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2012-09-18 10:48:16 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2012-09-18 10:48:15 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2012-09-18 10:47:28 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-09-18 10:47:28 1572864 ----a-w- C:\Windows\System32\quartz.dll
    2012-09-18 10:47:28 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
    2012-09-18 10:47:27 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-09-18 10:47:15 395776 ----a-w- C:\Windows\System32\webio.dll
    2012-09-18 10:47:15 314880 ----a-w- C:\Windows\SysWow64\webio.dll
    2012-09-18 10:47:09 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2012-09-18 10:47:09 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2012-09-18 10:47:09 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2012-09-18 10:46:38 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-09-18 10:46:37 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-09-18 10:46:35 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2012-09-18 10:46:35 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2012-09-18 10:46:35 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-09-18 10:46:35 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-09-18 10:46:33 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2012-09-18 10:44:46 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
    2012-09-18 10:43:47 642944 ----a-w- C:\Windows\System32\winload.efi
    2012-09-18 10:43:47 605552 ----a-w- C:\Windows\System32\winload.exe
    2012-09-18 10:43:47 566208 ----a-w- C:\Windows\System32\winresume.efi
    2012-09-18 10:43:47 518672 ----a-w- C:\Windows\System32\winresume.exe
    2012-09-18 10:43:46 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
    2012-09-18 10:43:46 20352 ----a-w- C:\Windows\System32\kdusb.dll
    2012-09-18 10:43:46 19328 ----a-w- C:\Windows\System32\kd1394.dll
    2012-09-18 10:43:46 17792 ----a-w- C:\Windows\System32\kdcom.dll
    2012-09-18 10:43:06 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-09-18 10:43:06 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-09-18 10:43:06 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-09-18 10:41:49 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
    2012-09-18 10:40:23 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-09-18 10:27:36 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-09-18 10:27:36 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-09-18 10:26:50 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
    2012-09-18 10:26:45 -------- d-----w- C:\Program Files (x86)\Steam
    2012-09-18 07:28:50 -------- d-----w- C:\Windows\Panther
    2012-09-18 06:32:48 0 ----a-w- C:\Windows\ativpsrm.bin
    2012-09-18 01:41:47 -------- d-----w- C:\Users\Rauven\AppData\Local\Macromedia
    2012-09-18 01:40:37 -------- d-----w- C:\Users\Rauven\AppData\Roaming\AVG2013
    2012-09-18 01:39:26 -------- d-----w- C:\Users\Rauven\AppData\Local\AVG Secure Search
    2012-09-18 01:39:23 -------- d-----w- C:\Users\Rauven\AppData\Roaming\TuneUp Software
    2012-09-18 01:39:17 -------- d-----w- C:\ProgramData\AVG Secure Search
    2012-09-18 01:39:03 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2012-09-18 01:38:59 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
    2012-09-18 01:38:58 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
    2012-09-18 01:37:42 -------- d--h--w- C:\$AVG
    2012-09-18 01:37:41 -------- d-----w- C:\ProgramData\AVG2013
    2012-09-18 01:36:52 -------- d-----w- C:\Program Files (x86)\AVG
    2012-09-18 01:33:27 -------- d--h--w- C:\ProgramData\Common Files
    2012-09-18 01:33:27 -------- d-----w- C:\Users\Rauven\AppData\Local\MFAData
    2012-09-18 01:33:27 -------- d-----w- C:\Users\Rauven\AppData\Local\Avg2013
    2012-09-18 01:33:27 -------- d-----w- C:\ProgramData\MFAData
    2012-09-18 01:29:21 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-18 01:29:21 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-18 00:54:18 -------- d-----w- C:\Users\Rauven\AppData\Local\Thunderbird
    2012-09-18 00:47:20 834544 ----a-w- C:\Windows\System32\drivers\sptd.sys
    2012-09-18 00:47:04 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
    2012-09-18 00:46:23 -------- d-----w- C:\Users\Rauven\AppData\Roaming\DAEMON Tools Lite
    2012-09-18 00:46:19 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
    2012-09-18 00:44:47 -------- d-----w- C:\Users\Rauven\AppData\Roaming\Malwarebytes
    2012-09-18 00:44:25 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2012-09-18 00:44:24 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-18 00:44:24 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-09-18 00:44:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-18 00:37:18 -------- d-----w- C:\Program Files\CCleaner
    2012-09-18 00:36:27 -------- d-----w- C:\Program Files\Defraggler
    2012-09-18 00:36:14 -------- d-sh--w- C:\Windows\Installer
    2012-09-18 00:35:58 -------- d-----w- C:\Users\Rauven\AppData\Local\Google
    2012-09-18 00:35:47 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
    2012-09-18 00:35:47 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
    2012-09-18 00:35:22 -------- d-----w- C:\Program Files (x86)\Winamp Detect
    2012-09-18 00:35:06 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
    2012-09-17 23:42:11 -------- d-----w- C:\Program Files (x86)\RocketDock
    2012-09-17 23:28:42 -------- d-----w- C:\Users\Rauven\AppData\Local\Mozilla
    2012-09-17 23:28:30 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
    2012-09-17 23:16:08 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AECE3701-6E23-42F0-969E-636A96220896}\mpengine.dll
    2012-09-17 23:15:11 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-09-17 23:15:11 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-09-17 23:15:11 20992 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
    2012-09-17 23:15:11 162816 ----a-w- C:\Windows\System32\rdpudd.dll
    2012-09-17 23:15:11 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-09-17 23:10:37 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-09-17 23:10:26 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-09-17 23:10:14 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-09-17 23:10:14 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-09-17 23:04:34 932384 ----a-w- C:\Windows\System32\drivers\rtl8192ce.sys
    2012-09-17 23:04:34 612352 ----a-w- C:\Windows\System32\drivers\rtl819xp.sys
    2012-09-17 23:04:34 450048 ----a-w- C:\Windows\System32\drivers\rtl8187B.sys
    2012-09-17 23:04:34 442368 ----a-w- C:\Windows\System32\drivers\rtl8187Se.sys
    2012-09-17 23:04:34 1103904 ----a-w- C:\Windows\System32\drivers\rtl8192se.sys
    2012-09-17 23:04:33 451072 ------w- C:\Windows\SysWow64\ISSRemoveSP.exe
    2012-09-17 23:04:33 -------- d-----w- C:\Program Files (x86)\Realtek WLAN Driver
    2012-09-17 23:03:53 -------- d-----w- C:\Users\Rauven\AppData\Roaming\WinBatch
    .
    ==================== Find3M ====================
    .
    2012-09-23 12:17:30 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2012-09-23 12:17:30 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-09-14 02:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
    2012-09-13 02:11:18 151904 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
    2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 3:24:20,79 ===============
    ______________________________________________________________

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-14.05)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 17-09-2012 23:56:11
    System Uptime: 15-10-2012 02:31:34 (1 hours ago)
    .
    Motherboard: TOSHIBA | | KSWAA
    Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | U2E1 | 2200/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 298 GiB total, 150,257 GiB free.
    D: is CDROM ()
    G: is CDROM ()
    H: is FIXED (NTFS) - 0 GiB total, 0,06 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: ACPI\TOS1900\2&DABA3FF&1
    Manufacturer:
    Name:
    PNP Device ID: ACPI\TOS1900\2&DABA3FF&1
    Service:
    .
    ==== System Restore Points ===================
    .
    RP34: 10-10-2012 18:31:23 - Scheduled Checkpoint
    RP35: 12-10-2012 19:59:43 - Windows Update
    RP36: 13-10-2012 13:21:07 - Installed DirectX
    RP37: 13-10-2012 13:22:12 - Installed NVIDIA PhysX
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 Plugin
    Adobe Photoshop CS5.1
    Adobe Reader X (10.1.4) - Português
    µTorrent
    AVG 2013
    BotArena
    C9
    CCleaner
    Defraggler
    Dota 2 Test
    F.lux
    Google Chrome
    Google Update Helper
    Hi-Rez Studios Authenticate and Update Service
    Java 7 Update 7
    Java Auto Updater
    Lyrics Plugin for Winamp
    Magic Workstation 0.94f
    Malwarebytes Anti-Malware version 1.65.0.1400
    Mass Effect
    Mass Effect 2
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
    Microsoft Office Access MUI (Portuguese (Portugal)) 2010
    Microsoft Office Excel MUI (Portuguese (Portugal)) 2010
    Microsoft Office Groove MUI (Portuguese (Portugal)) 2010
    Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (Portuguese (Portugal)) 2010
    Microsoft Office Outlook MUI (Portuguese (Portugal)) 2010
    Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Portuguese (Portugal)) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (Portuguese (Portugal)) 2010
    Microsoft Office Publisher MUI (Portuguese (Portugal)) 2010
    Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2010
    Microsoft Office Shared MUI (Portuguese (Portugal)) 2010
    Microsoft Office Word MUI (Portuguese (Portugal)) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Microsoft_VC90_MFCLOC_x86_x64
    Mozilla Firefox 16.0.1 (x86 pt-PT)
    Mozilla Maintenance Service
    Mozilla Thunderbird 16.0.1 (x86 pt-PT)
    MTG Card Images for Magic Workstation
    MTG GamePack for Magic Workstation
    NVIDIA PhysX
    PartitionMagic
    PDF Settings CS5
    Pokémon Trading Card Game Online
    PowerQuest PartitionMagic 8.0
    PunkBuster Services
    Realtek High Definition Audio Driver
    Realtek WLAN Driver
    RocketDock 1.3.5
    Sanctum
    Shatter
    Skypeâ„¢ 5.10
    Steam
    TeamSpeak 3 Client
    Virtual Playtable version 0.8.1
    Visual Studio 2010 x64 Redistributables
    VLC media player 2.0.3
    Winamp
    Winamp Detector Plug-in
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    15-10-2012 02:32:14, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    15-10-2012 02:32:01, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    15-10-2012 02:32:01, Error: atikmdag [43029] - Display is not active
    15-10-2012 02:31:43, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\PQNTDrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    13-10-2012 13:23:53, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    13-10-2012 13:23:53, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    13-10-2012 10:53:15, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.
    13-10-2012 10:53:15, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10-10-2012 10:43:40, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    .
    ==== End Of File ===========================
     
    Rauven,
    #1
  2. 2012/10/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
     
    broni,
    #2


  3. to hide this advert.

  4. 2012/10/16
    Rauven

    Rauven Inactive Thread Starter

    Joined:
    2012/10/14
    Messages:
    20
    Likes Received:
    0
    10:32:07.0509 3824 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    10:32:07.0774 3824 ============================================================
    10:32:07.0774 3824 Current date / time: 2012/10/16 10:32:07.0774
    10:32:07.0774 3824 SystemInfo:
    10:32:07.0774 3824
    10:32:07.0774 3824 OS Version: 6.1.7601 ServicePack: 1.0
    10:32:07.0774 3824 Product type: Workstation
    10:32:07.0774 3824 ComputerName: ICARUS
    10:32:07.0774 3824 UserName: Rauven
    10:32:07.0774 3824 Windows directory: C:\Windows
    10:32:07.0774 3824 System windows directory: C:\Windows
    10:32:07.0774 3824 Running under WOW64
    10:32:07.0774 3824 Processor architecture: Intel x64
    10:32:07.0774 3824 Number of processors: 2
    10:32:07.0774 3824 Page size: 0x1000
    10:32:07.0774 3824 Boot type: Normal boot
    10:32:07.0774 3824 ============================================================
    10:32:09.0037 3824 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    10:32:09.0053 3824 ============================================================
    10:32:09.0053 3824 \Device\Harddisk0\DR0:
    10:32:09.0053 3824 MBR partitions:
    10:32:09.0053 3824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    10:32:09.0053 3824 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FED82
    10:32:09.0053 3824 ============================================================
    10:32:09.0084 3824 C: <-> \Device\Harddisk0\DR0\Partition2
    10:32:09.0131 3824 H: <-> \Device\Harddisk0\DR0\Partition1
    10:32:09.0131 3824 ============================================================
    10:32:09.0131 3824 Initialize success
    10:32:09.0131 3824 ============================================================
    10:32:11.0175 2920 ============================================================
    10:32:11.0175 2920 Scan started
    10:32:11.0175 2920 Mode: Manual;
    10:32:11.0175 2920 ============================================================
    10:32:12.0017 2920 ================ Scan system memory ========================
    10:32:12.0017 2920 System memory - ok
    10:32:12.0017 2920 ================ Scan services =============================
    10:32:12.0173 2920 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    10:32:12.0173 2920 1394ohci - ok
    10:32:12.0220 2920 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    10:32:12.0220 2920 ACPI - ok
    10:32:12.0251 2920 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    10:32:12.0251 2920 AcpiPmi - ok
    10:32:12.0391 2920 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    10:32:12.0391 2920 AdobeARMservice - ok
    10:32:12.0454 2920 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    10:32:12.0454 2920 adp94xx - ok
    10:32:12.0485 2920 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    10:32:12.0485 2920 adpahci - ok
    10:32:12.0501 2920 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    10:32:12.0501 2920 adpu320 - ok
    10:32:12.0532 2920 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    10:32:12.0532 2920 AeLookupSvc - ok
    10:32:12.0594 2920 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    10:32:12.0594 2920 AFD - ok
    10:32:12.0641 2920 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    10:32:12.0641 2920 agp440 - ok
    10:32:12.0657 2920 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    10:32:12.0657 2920 ALG - ok
    10:32:12.0688 2920 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    10:32:12.0688 2920 aliide - ok
    10:32:12.0735 2920 [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    10:32:12.0735 2920 AMD External Events Utility - ok
    10:32:12.0750 2920 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    10:32:12.0750 2920 amdide - ok
    10:32:12.0813 2920 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    10:32:12.0813 2920 AmdK8 - ok
    10:32:12.0828 2920 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    10:32:12.0828 2920 AmdPPM - ok
    10:32:12.0859 2920 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
    10:32:12.0875 2920 amdsata - ok
    10:32:12.0891 2920 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    10:32:12.0891 2920 amdsbs - ok
    10:32:12.0891 2920 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    10:32:12.0891 2920 amdxata - ok
    10:32:12.0937 2920 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    10:32:12.0937 2920 AppID - ok
    10:32:13.0015 2920 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    10:32:13.0015 2920 AppIDSvc - ok
    10:32:13.0078 2920 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    10:32:13.0093 2920 Appinfo - ok
    10:32:13.0125 2920 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    10:32:13.0125 2920 AppMgmt - ok
    10:32:13.0156 2920 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    10:32:13.0156 2920 arc - ok
    10:32:13.0171 2920 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    10:32:13.0171 2920 arcsas - ok
    10:32:13.0203 2920 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    10:32:13.0203 2920 AsyncMac - ok
    10:32:13.0234 2920 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    10:32:13.0234 2920 atapi - ok
    10:32:13.0639 2920 [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    10:32:13.0671 2920 atikmdag - ok
    10:32:13.0733 2920 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
     
    Rauven,
    #3
  5. 2012/10/16
    Rauven

    Rauven Inactive Thread Starter

    Joined:
    2012/10/14
    Messages:
    20
    Likes Received:
    0
    10:32:13.0733 2920 AudioEndpointBuilder - ok
    10:32:13.0780 2920 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    10:32:13.0780 2920 AudioSrv - ok
    10:32:14.0154 2920 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    10:32:14.0185 2920 AVGIDSAgent - ok
    10:32:14.0232 2920 [ F1A99DA71E6549D7D944596E15142866 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    10:32:14.0232 2920 AVGIDSDriver - ok
    10:32:14.0248 2920 [ E6CB84918C1ABE84AAAF749D2EA4E764 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    10:32:14.0248 2920 AVGIDSHA - ok
    10:32:14.0279 2920 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    10:32:14.0279 2920 Avgldx64 - ok
    10:32:14.0295 2920 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
    10:32:14.0310 2920 Avgloga - ok
    10:32:14.0341 2920 [ EAFF19168F26FA225EB679547B718051 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    10:32:14.0341 2920 Avgmfx64 - ok
    10:32:14.0373 2920 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    10:32:14.0373 2920 Avgrkx64 - ok
    10:32:14.0373 2920 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    10:32:14.0373 2920 Avgtdia - ok
    10:32:14.0404 2920 [ DE24B2CA078FC6A7EAA53B1DFD3F61CF ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
    10:32:14.0404 2920 avgtp - ok
    10:32:14.0451 2920 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    10:32:14.0466 2920 avgwd - ok
    10:32:14.0529 2920 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    10:32:14.0529 2920 AxInstSV - ok
    10:32:14.0591 2920 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    10:32:14.0591 2920 b06bdrv - ok
    10:32:14.0638 2920 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    10:32:14.0653 2920 b57nd60a - ok
    10:32:14.0700 2920 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    10:32:14.0700 2920 BDESVC - ok
    10:32:14.0716 2920 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    10:32:14.0716 2920 Beep - ok
    10:32:14.0763 2920 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    10:32:14.0778 2920 BFE - ok
    10:32:14.0872 2920 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    10:32:14.0887 2920 BITS - ok
    10:32:14.0934 2920 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    10:32:14.0934 2920 blbdrive - ok
    10:32:14.0965 2920 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    10:32:14.0965 2920 bowser - ok
    10:32:14.0997 2920 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    10:32:14.0997 2920 BrFiltLo - ok
    10:32:15.0028 2920 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    10:32:15.0028 2920 BrFiltUp - ok
    10:32:15.0075 2920 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    10:32:15.0075 2920 Browser - ok
    10:32:15.0090 2920 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    10:32:15.0090 2920 Brserid - ok
    10:32:15.0106 2920 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    10:32:15.0121 2920 BrSerWdm - ok
    10:32:15.0153 2920 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    10:32:15.0153 2920 BrUsbMdm - ok
    10:32:15.0168 2920 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    10:32:15.0168 2920 BrUsbSer - ok
    10:32:15.0184 2920 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    10:32:15.0184 2920 BTHMODEM - ok
    10:32:15.0231 2920 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    10:32:15.0231 2920 bthserv - ok
    10:32:15.0277 2920 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    10:32:15.0277 2920 cdfs - ok
    10:32:15.0340 2920 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    10:32:15.0340 2920 cdrom - ok
    10:32:15.0387 2920 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    10:32:15.0387 2920 CertPropSvc - ok
    10:32:15.0433 2920 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    10:32:15.0433 2920 circlass - ok
    10:32:15.0480 2920 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    10:32:15.0480 2920 CLFS - ok
    10:32:15.0605 2920 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    10:32:15.0605 2920 clr_optimization_v2.0.50727_32 - ok
    10:32:15.0730 2920 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    10:32:15.0730 2920 clr_optimization_v2.0.50727_64 - ok
    10:32:15.0761 2920 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    10:32:15.0761 2920 CmBatt - ok
    10:32:15.0792 2920 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    10:32:15.0792 2920 cmdide - ok
    10:32:15.0917 2920 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    10:32:15.0933 2920 CNG - ok
    10:32:15.0964 2920 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    10:32:15.0964 2920 Compbatt - ok
    10:32:16.0011 2920 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    10:32:16.0011 2920 CompositeBus - ok
    10:32:16.0026 2920 COMSysApp - ok
    10:32:16.0057 2920 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    10:32:16.0057 2920 crcdisk - ok
    10:32:16.0120 2920 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    10:32:16.0120 2920 CryptSvc - ok
    10:32:16.0151 2920 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
     
    Rauven,
    #4
  6. 2012/10/16
    Rauven

    Rauven Inactive Thread Starter

    Joined:
    2012/10/14
    Messages:
    20
    Likes Received:
    0
    10:32:16.0151 2920 CSC - ok
    10:32:16.0245 2920 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
    10:32:16.0245 2920 CscService - ok
    10:32:16.0307 2920 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    10:32:16.0307 2920 DcomLaunch - ok
    10:32:16.0369 2920 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    10:32:16.0369 2920 defragsvc - ok
    10:32:16.0416 2920 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    10:32:16.0416 2920 DfsC - ok
    10:32:16.0463 2920 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    10:32:16.0463 2920 Dhcp - ok
    10:32:16.0494 2920 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    10:32:16.0494 2920 discache - ok
    10:32:16.0510 2920 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    10:32:16.0510 2920 Disk - ok
    10:32:16.0541 2920 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    10:32:16.0541 2920 Dnscache - ok
    10:32:16.0603 2920 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    10:32:16.0603 2920 dot3svc - ok
    10:32:16.0666 2920 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    10:32:16.0666 2920 DPS - ok
    10:32:16.0728 2920 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    10:32:16.0728 2920 drmkaud - ok
    10:32:16.0853 2920 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    10:32:16.0869 2920 DXGKrnl - ok
    10:32:16.0931 2920 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    10:32:16.0931 2920 EapHost - ok
    10:32:17.0196 2920 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    10:32:17.0212 2920 ebdrv - ok
    10:32:17.0259 2920 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    10:32:17.0259 2920 EFS - ok
    10:32:17.0305 2920 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    10:32:17.0305 2920 ehRecvr - ok
    10:32:17.0337 2920 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    10:32:17.0337 2920 ehSched - ok
    10:32:17.0415 2920 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    10:32:17.0430 2920 elxstor - ok
    10:32:17.0446 2920 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    10:32:17.0446 2920 ErrDev - ok
    10:32:17.0508 2920 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    10:32:17.0508 2920 EventSystem - ok
    10:32:17.0555 2920 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    10:32:17.0555 2920 exfat - ok
    10:32:17.0571 2920 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    10:32:17.0586 2920 fastfat - ok
    10:32:17.0649 2920 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    10:32:17.0649 2920 Fax - ok
    10:32:17.0711 2920 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    10:32:17.0727 2920 fdc - ok
    10:32:17.0758 2920 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    10:32:17.0758 2920 fdPHost - ok
    10:32:17.0773 2920 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    10:32:17.0773 2920 FDResPub - ok
    10:32:17.0789 2920 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    10:32:17.0805 2920 FileInfo - ok
    10:32:17.0820 2920 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    10:32:17.0820 2920 Filetrace - ok
    10:32:17.0836 2920 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    10:32:17.0836 2920 flpydisk - ok
    10:32:17.0867 2920 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    10:32:17.0883 2920 FltMgr - ok
    10:32:17.0976 2920 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
    10:32:18.0007 2920 FontCache - ok
    10:32:18.0054 2920 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    10:32:18.0054 2920 FontCache3.0.0.0 - ok
    10:32:18.0085 2920 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    10:32:18.0085 2920 FsDepends - ok
    10:32:18.0163 2920 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    10:32:18.0179 2920 Fs_Rec - ok
    10:32:18.0210 2920 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    10:32:18.0226 2920 fvevol - ok
    10:32:18.0241 2920 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    10:32:18.0241 2920 gagp30kx - ok
    10:32:18.0288 2920 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    10:32:18.0288 2920 gpsvc - ok
    10:32:18.0351 2920 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    10:32:18.0366 2920 gupdate - ok
    10:32:18.0366 2920 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    10:32:18.0366 2920 gupdatem - ok
    10:32:18.0397 2920 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    10:32:18.0397 2920 hcw85cir - ok
    10:32:18.0491 2920 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    10:32:18.0491 2920 HdAudAddService - ok
    10:32:18.0538 2920 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    10:32:18.0538 2920 HDAudBus - ok
    10:32:18.0553 2920 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    10:32:18.0553 2920 HidBatt - ok
    10:32:18.0585 2920 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    10:32:18.0585 2920 HidBth - ok
    10:32:18.0616 2920 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    10:32:18.0616 2920 HidIr - ok
    10:32:18.0647 2920 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    10:32:18.0663 2920 hidserv - ok
    10:32:18.0741 2920 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
    10:32:18.0741 2920 HidUsb - ok
    10:32:18.0819 2920 [ 00C71C3FB915BA353740999ADF447927 ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    10:32:18.0819 2920 HiPatchService - ok
    10:32:18.0834 2920 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    10:32:18.0850 2920 hkmsvc - ok
    10:32:18.0912 2920 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    10:32:18.0912 2920 HomeGroupListener - ok
    10:32:18.0943 2920 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    10:32:18.0959 2920 HomeGroupProvider - ok
    10:32:18.0990 2920 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    10:32:18.0990 2920 HpSAMD - ok
    10:32:19.0053 2920 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    10:32:19.0053 2920 HTTP - ok
    10:32:19.0084 2920 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    10:32:19.0084 2920 hwpolicy - ok
    10:32:19.0131 2920 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    10:32:19.0131 2920 i8042prt - ok
    10:32:19.0193 2920 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    10:32:19.0193 2920 iaStorV - ok
    10:32:19.0302 2920 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    10:32:19.0333 2920 idsvc - ok
    10:32:19.0365 2920 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    10:32:19.0365 2920 iirsp - ok
    10:32:19.0411 2920 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    10:32:19.0427 2920 IKEEXT - ok
    10:32:19.0521 2920 [ E8017F1662D9142F45CEAB694D013C00 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    10:32:19.0567 2920 IntcAzAudAddService - ok
    10:32:19.0599 2920 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    10:32:19.0599 2920 intelide - ok
    10:32:19.0645 2920 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    10:32:19.0645 2920 intelppm - ok
    10:32:19.0677 2920 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    10:32:19.0692 2920 IPBusEnum - ok
    10:32:19.0708 2920 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    10:32:19.0723 2920 IpFilterDriver - ok
    10:32:19.0755 2920 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    10:32:19.0755 2920 iphlpsvc - ok
    10:32:19.0801 2920 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    10:32:19.0817 2920 IPMIDRV - ok
    10:32:19.0848 2920 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    10:32:19.0848 2920 IPNAT - ok
     
    Rauven,
    #5
  7. 2012/10/16
    Rauven

    Rauven Inactive Thread Starter

    Joined:
    2012/10/14
    Messages:
    20
    Likes Received:
    0
    10:32:19.0879 2920 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    10:32:19.0879 2920 IRENUM - ok
    10:32:19.0911 2920 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    10:32:19.0911 2920 isapnp - ok
    10:32:19.0942 2920 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    10:32:19.0942 2920 iScsiPrt - ok
    10:32:19.0957 2920 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    10:32:19.0973 2920 kbdclass - ok
    10:32:20.0020 2920 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    10:32:20.0020 2920 kbdhid - ok
    10:32:20.0035 2920 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    10:32:20.0035 2920 KeyIso - ok
    10:32:20.0082 2920 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    10:32:20.0082 2920 KSecDD - ok
    10:32:20.0098 2920 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    10:32:20.0098 2920 KSecPkg - ok
    10:32:20.0129 2920 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    10:32:20.0129 2920 ksthunk - ok
    10:32:20.0207 2920 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    10:32:20.0207 2920 KtmRm - ok
    10:32:20.0238 2920 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    10:32:20.0254 2920 LanmanServer - ok
    10:32:20.0269 2920 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    10:32:20.0285 2920 LanmanWorkstation - ok
    10:32:20.0316 2920 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    10:32:20.0316 2920 lltdio - ok
    10:32:20.0347 2920 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    10:32:20.0347 2920 lltdsvc - ok
    10:32:20.0363 2920 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    10:32:20.0379 2920 lmhosts - ok
    10:32:20.0394 2920 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    10:32:20.0394 2920 LSI_FC - ok
    10:32:20.0410 2920 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    10:32:20.0410 2920 LSI_SAS - ok
    10:32:20.0441 2920 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    10:32:20.0441 2920 LSI_SAS2 - ok
    10:32:20.0457 2920 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    10:32:20.0457 2920 LSI_SCSI - ok
    10:32:20.0457 2920 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    10:32:20.0472 2920 luafv - ok
    10:32:20.0488 2920 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    10:32:20.0503 2920 Mcx2Svc - ok
    10:32:20.0519 2920 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    10:32:20.0535 2920 megasas - ok
    10:32:20.0535 2920 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    10:32:20.0535 2920 MegaSR - ok
    10:32:20.0613 2920 Microsoft SharePoint Workspace Audit Service - ok
    10:32:20.0644 2920 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    10:32:20.0644 2920 MMCSS - ok
    10:32:20.0659 2920 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    10:32:20.0675 2920 Modem - ok
    10:32:20.0706 2920 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    10:32:20.0706 2920 monitor - ok
    10:32:20.0753 2920 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
    10:32:20.0753 2920 mouclass - ok
    10:32:20.0784 2920 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    10:32:20.0784 2920 mouhid - ok
    10:32:20.0815 2920 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    10:32:20.0815 2920 mountmgr - ok
    10:32:20.0862 2920 [ 24409A2A9F0351E208E14F609340FB25 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    10:32:20.0878 2920 MozillaMaintenance - ok
    10:32:20.0925 2920 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    10:32:20.0925 2920 mpio - ok
    10:32:20.0956 2920 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    10:32:20.0956 2920 mpsdrv - ok
    10:32:21.0003 2920 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    10:32:21.0018 2920 MpsSvc - ok
    10:32:21.0049 2920 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    10:32:21.0049 2920 MRxDAV - ok
    10:32:21.0112 2920 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    10:32:21.0112 2920 mrxsmb - ok
    10:32:21.0127 2920 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    10:32:21.0127 2920 mrxsmb10 - ok
    10:32:21.0159 2920 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    10:32:21.0159 2920 mrxsmb20 - ok
    10:32:21.0190 2920 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    10:32:21.0190 2920 msahci - ok
    10:32:21.0205 2920 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    10:32:21.0205 2920 msdsm - ok
    10:32:21.0268 2920 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    10:32:21.0283 2920 MSDTC - ok
    10:32:21.0315 2920 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    10:32:21.0315 2920 Msfs - ok
    10:32:21.0330 2920 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    10:32:21.0346 2920 mshidkmdf - ok
    10:32:21.0361 2920 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    10:32:21.0361 2920 msisadrv - ok
    10:32:21.0408 2920 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    10:32:21.0408 2920 MSiSCSI - ok
    10:32:21.0408 2920 msiserver - ok
    10:32:21.0439 2920 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    10:32:21.0439 2920 MSKSSRV - ok
    10:32:21.0439 2920 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    10:32:21.0455 2920 MSPCLOCK - ok
    10:32:21.0455 2920 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    10:32:21.0455 2920 MSPQM - ok
    10:32:21.0517 2920 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    10:32:21.0517 2920 MsRPC - ok
    10:32:21.0549 2920 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    10:32:21.0549 2920 mssmbios - ok
    10:32:21.0580 2920 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    10:32:21.0580 2920 MSTEE - ok
    10:32:21.0611 2920 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    10:32:21.0611 2920 MTConfig - ok
    10:32:21.0642 2920 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    10:32:21.0642 2920 Mup - ok
    10:32:21.0689 2920 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    10:32:21.0705 2920 napagent - ok
    10:32:21.0767 2920 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    10:32:21.0767 2920 NativeWifiP - ok
    10:32:21.0798 2920 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
    10:32:21.0814 2920 NDIS - ok
    10:32:21.0845 2920 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    10:32:21.0845 2920 NdisCap - ok
    10:32:21.0876 2920 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    10:32:21.0876 2920 NdisTapi - ok
    10:32:21.0892 2920 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    10:32:21.0892 2920 Ndisuio - ok
    10:32:21.0923 2920 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    10:32:21.0923 2920 NdisWan - ok
    10:32:21.0954 2920 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    10:32:21.0954 2920 NDProxy - ok
    10:32:21.0985 2920 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    10:32:21.0985 2920 NetBIOS - ok
    10:32:22.0048 2920 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    10:32:22.0048 2920 NetBT - ok
    10:32:22.0063 2920 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    10:32:22.0063 2920 Netlogon - ok
    10:32:22.0110 2920 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    10:32:22.0110 2920 Netman - ok
    10:32:22.0141 2920 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    10:32:22.0141 2920 netprofm - ok
    10:32:22.0173 2920 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    10:32:22.0173 2920 NetTcpPortSharing - ok
    10:32:22.0204 2920 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    10:32:22.0219 2920 nfrd960 - ok
    10:32:22.0266 2920 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    10:32:22.0266 2920 NlaSvc - ok
    10:32:22.0282 2920 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    10:32:22.0282 2920 Npfs - ok
    10:32:22.0313 2920 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    10:32:22.0313 2920 nsi - ok
    10:32:22.0360 2920 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    10:32:22.0360 2920 nsiproxy - ok
    10:32:22.0594 2920 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    10:32:22.0609 2920 Ntfs - ok
    10:32:22.0641 2920 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    10:32:22.0641 2920 Null - ok
    10:32:22.0672 2920 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    10:32:22.0672 2920 nvraid - ok
    10:32:22.0719 2920 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    10:32:22.0719 2920 nvstor - ok
    10:32:22.0734 2920 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    10:32:22.0734 2920 nv_agp - ok
    10:32:22.0765 2920 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    10:32:22.0765 2920 ohci1394 - ok
    10:32:22.0828 2920 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    10:32:22.0828 2920 ose - ok
    10:32:23.0171 2920 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    10:32:23.0202 2920 osppsvc - ok
    10:32:23.0249 2920 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    10:32:23.0249 2920 p2pimsvc - ok
    10:32:23.0311 2920 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    10:32:23.0327 2920 p2psvc - ok
    10:32:23.0374 2920 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    10:32:23.0374 2920 Parport - ok
    10:32:23.0421 2920 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    10:32:23.0421 2920 partmgr - ok
    10:32:23.0514 2920 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    10:32:23.0530 2920 PcaSvc - ok
    10:32:23.0608 2920 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    10:32:23.0608 2920 pci - ok
    10:32:23.0639 2920 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    10:32:23.0639 2920 pciide - ok
    10:32:23.0686 2920 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    10:32:23.0686 2920 pcmcia - ok
    10:32:23.0717 2920 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    10:32:23.0717 2920 pcw - ok
    10:32:23.0779 2920 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    10:32:23.0779 2920 PEAUTH - ok
     
    Rauven,
    #6
  8. 2012/10/16
    Rauven

    Rauven Inactive Thread Starter

    Joined:
    2012/10/14
    Messages:
    20
    Likes Received:
    0
    10:32:23.0935 2920 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    10:32:23.0951 2920 PeerDistSvc - ok
    10:32:24.0076 2920 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    10:32:24.0107 2920 PerfHost - ok
    10:32:24.0216 2920 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    10:32:24.0232 2920 pla - ok
    10:32:24.0372 2920 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    10:32:24.0372 2920 PlugPlay - ok
    10:32:24.0435 2920 PnkBstrA - ok
    10:32:24.0466 2920 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    10:32:24.0466 2920 PNRPAutoReg - ok
    10:32:24.0497 2920 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    10:32:24.0497 2920 PNRPsvc - ok
    10:32:24.0528 2920 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    10:32:24.0544 2920 PolicyAgent - ok
    10:32:24.0591 2920 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    10:32:24.0591 2920 Power - ok
    10:32:24.0653 2920 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    10:32:24.0653 2920 PptpMiniport - ok
    10:32:24.0684 2920 PQNTDrv - ok
    10:32:24.0715 2920 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    10:32:24.0715 2920 Processor - ok
    10:32:24.0762 2920 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
    10:32:24.0762 2920 ProfSvc - ok
    10:32:24.0778 2920 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    10:32:24.0778 2920 ProtectedStorage - ok
    10:32:24.0825 2920 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    10:32:24.0825 2920 Psched - ok
    10:32:24.0965 2920 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    10:32:24.0981 2920 ql2300 - ok
    10:32:25.0043 2920 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    10:32:25.0043 2920 ql40xx - ok
    10:32:25.0090 2920 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    10:32:25.0090 2920 QWAVE - ok
    10:32:25.0121 2920 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    10:32:25.0121 2920 QWAVEdrv - ok
    10:32:25.0137 2920 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    10:32:25.0137 2920 RasAcd - ok
    10:32:25.0183 2920 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    10:32:25.0183 2920 RasAgileVpn - ok
    10:32:25.0199 2920 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    10:32:25.0199 2920 RasAuto - ok
    10:32:25.0230 2920 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    10:32:25.0230 2920 Rasl2tp - ok
    10:32:25.0261 2920 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    10:32:25.0277 2920 RasMan - ok
    10:32:25.0293 2920 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    10:32:25.0308 2920 RasPppoe - ok
    10:32:25.0339 2920 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    10:32:25.0339 2920 RasSstp - ok
    10:32:25.0402 2920 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    10:32:25.0402 2920 rdbss - ok
    10:32:25.0433 2920 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    10:32:25.0433 2920 rdpbus - ok
    10:32:25.0495 2920 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    10:32:25.0495 2920 RDPCDD - ok
    10:32:25.0527 2920 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    10:32:25.0527 2920 RDPDR - ok
    10:32:25.0542 2920 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    10:32:25.0542 2920 RDPENCDD - ok
    10:32:25.0558 2920 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    10:32:25.0558 2920 RDPREFMP - ok
    10:32:25.0636 2920 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    10:32:25.0636 2920 RdpVideoMiniport - ok
    10:32:25.0698 2920 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    10:32:25.0698 2920 RDPWD - ok
    10:32:25.0745 2920 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    10:32:25.0745 2920 rdyboost - ok
    10:32:25.0776 2920 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    10:32:25.0776 2920 RemoteAccess - ok
    10:32:25.0823 2920 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    10:32:25.0823 2920 RemoteRegistry - ok
    10:32:25.0870 2920 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    10:32:25.0870 2920 RpcEptMapper - ok
    10:32:25.0901 2920 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    10:32:25.0901 2920 RpcLocator - ok
    10:32:25.0948 2920 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    10:32:25.0948 2920 RpcSs - ok
    10:32:25.0979 2920 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    10:32:25.0979 2920 rspndr - ok
    10:32:26.0041 2920 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    10:32:26.0041 2920 RTL8167 - ok
    10:32:26.0104 2920 [ 7475548B0BA58EBA4D12414FC9E9DFE6 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
    10:32:26.0104 2920 rtl8192se - ok
    10:32:26.0135 2920 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    10:32:26.0135 2920 s3cap - ok
    10:32:26.0151 2920 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    10:32:26.0151 2920 SamSs - ok
    10:32:26.0166 2920 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    10:32:26.0166 2920 sbp2port - ok
    10:32:26.0213 2920 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    10:32:26.0229 2920 SCardSvr - ok
    10:32:26.0275 2920 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    10:32:26.0275 2920 scfilter - ok
    10:32:26.0400 2920 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    10:32:26.0416 2920 Schedule - ok
    10:32:26.0447 2920 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    10:32:26.0447 2920 SCPolicySvc - ok
    10:32:26.0494 2920 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    10:32:26.0494 2920 SDRSVC - ok
    10:32:26.0525 2920 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    10:32:26.0525 2920 secdrv - ok
    10:32:26.0572 2920 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    10:32:26.0587 2920 seclogon - ok
    10:32:26.0619 2920 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    10:32:26.0634 2920 SENS - ok
    10:32:26.0650 2920 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    10:32:26.0650 2920 SensrSvc - ok
    10:32:26.0665 2920 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    10:32:26.0665 2920 Serenum - ok
    10:32:26.0681 2920 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    10:32:26.0681 2920 Serial - ok
    10:32:26.0697 2920 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    10:32:26.0712 2920 sermouse - ok
    10:32:26.0759 2920 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    10:32:26.0759 2920 SessionEnv - ok
    10:32:26.0790 2920 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    10:32:26.0790 2920 sffdisk - ok
    10:32:26.0806 2920 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    10:32:26.0806 2920 sffp_mmc - ok
    10:32:26.0821 2920 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    10:32:26.0821 2920 sffp_sd - ok
    10:32:26.0853 2920 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    10:32:26.0853 2920 sfloppy - ok
    10:32:26.0884 2920 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    10:32:26.0884 2920 SharedAccess - ok
    10:32:26.0931 2920 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    10:32:26.0931 2920 ShellHWDetection - ok
    10:32:26.0946 2920 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    10:32:26.0946 2920 SiSRaid2 - ok
    10:32:26.0977 2920 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    10:32:26.0977 2920 SiSRaid4 - ok
    10:32:27.0024 2920 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    10:32:27.0024 2920 SkypeUpdate - ok
    10:32:27.0055 2920 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    10:32:27.0055 2920 Smb - ok
    10:32:27.0118 2920 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    10:32:27.0118 2920 SNMPTRAP - ok
    10:32:27.0149 2920 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    10:32:27.0149 2920 spldr - ok
    10:32:27.0196 2920 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
    10:32:27.0211 2920 Spooler - ok
    10:32:27.0321 2920 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    10:32:27.0430 2920 sppsvc - ok
    10:32:27.0461 2920 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    10:32:27.0461 2920 sppuinotify - ok
    10:32:27.0523 2920 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
    10:32:27.0523 2920 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
    10:32:27.0539 2920 sptd ( LockedFile.Multi.Generic ) - warning
    10:32:27.0539 2920 sptd - detected LockedFile.Multi.Generic (1)
    10:32:27.0601 2920 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    10:32:27.0601 2920 srv - ok
    10:32:27.0633 2920 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    10:32:27.0633 2920 srv2 - ok
    10:32:27.0648 2920 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    10:32:27.0648 2920 srvnet - ok
    10:32:27.0679 2920 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    10:32:27.0695 2920 SSDPSRV - ok
    10:32:27.0711 2920 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    10:32:27.0711 2920 SstpSvc - ok
    10:32:27.0726 2920 Steam Client Service - ok
    10:32:27.0757 2920 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    10:32:27.0757 2920 stexstor - ok
    10:32:27.0820 2920 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    10:32:27.0835 2920 stisvc - ok
    10:32:27.0867 2920 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    10:32:27.0882 2920 storflt - ok
    10:32:27.0882 2920 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    10:32:27.0898 2920 storvsc - ok
    10:32:27.0898 2920 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    10:32:27.0913 2920 swenum - ok
    10:32:28.0023 2920 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    10:32:28.0054 2920 SwitchBoard - ok
    10:32:28.0085 2920 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    10:32:28.0085 2920 swprv - ok
    10:32:28.0101 2920 Synth3dVsc - ok
    10:32:28.0179 2920 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    10:32:28.0194 2920 SysMain - ok
    10:32:28.0225 2920 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    10:32:28.0225 2920 TabletInputService - ok
    10:32:28.0257 2920 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    10:32:28.0272 2920 TapiSrv - ok
    10:32:28.0303 2920 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    10:32:28.0303 2920 TBS - ok
    10:32:28.0397 2920 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    10:32:28.0397 2920 Tcpip - ok
    10:32:28.0491 2920 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    10:32:28.0506 2920 TCPIP6 - ok
    10:32:28.0569 2920 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    10:32:28.0569 2920 tcpipreg - ok
    10:32:28.0615 2920 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    10:32:28.0615 2920 TDPIPE - ok
    10:32:28.0647 2920 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    10:32:28.0662 2920 TDTCP - ok
    10:32:28.0709 2920 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    10:32:28.0725 2920 tdx - ok
    10:32:28.0740 2920 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    10:32:28.0756 2920 TermDD - ok
    10:32:28.0787 2920 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    10:32:28.0803 2920 TermService - ok
    10:32:28.0834 2920 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    10:32:28.0834 2920 Themes - ok
    10:32:28.0865 2920 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    10:32:28.0865 2920 THREADORDER - ok
    10:32:28.0896 2920 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    10:32:28.0896 2920 TrkWks - ok
    10:32:28.0943 2920 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    10:32:28.0943 2920 TrustedInstaller - ok
    10:32:28.0974 2920 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    10:32:28.0974 2920 tssecsrv - ok
    10:32:29.0005 2920 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    10:32:29.0005 2920 TsUsbFlt - ok
    10:32:29.0005 2920 tsusbhub - ok
    10:32:29.0037 2920 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    10:32:29.0052 2920 tunnel - ok
    10:32:29.0083 2920 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    10:32:29.0083 2920 uagp35 - ok
    10:32:29.0115 2920 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    10:32:29.0115 2920 udfs - ok
    10:32:29.0161 2920 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    10:32:29.0177 2920 UI0Detect - ok
    10:32:29.0177 2920 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    10:32:29.0177 2920 uliagpkx - ok
    10:32:29.0239 2920 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    10:32:29.0239 2920 umbus - ok
    10:32:29.0271 2920 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    10:32:29.0271 2920 UmPass - ok
     
    Rauven,
    #7
  9. 2012/10/16
    Rauven

    Rauven Inactive Thread Starter

    Joined:
    2012/10/14
    Messages:
    20
    Likes Received:
    0
    10:32:29.0317 2920 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    10:32:29.0317 2920 UmRdpService - ok
    10:32:29.0364 2920 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    10:32:29.0364 2920 upnphost - ok
    10:32:29.0427 2920 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
    10:32:29.0427 2920 usbccgp - ok
    10:32:29.0473 2920 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    10:32:29.0473 2920 usbcir - ok
    10:32:29.0489 2920 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
    10:32:29.0489 2920 usbehci - ok
    10:32:29.0520 2920 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
    10:32:29.0520 2920 usbhub - ok
    10:32:29.0536 2920 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    10:32:29.0536 2920 usbohci - ok
    10:32:29.0583 2920 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    10:32:29.0583 2920 usbprint - ok
    10:32:29.0614 2920 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    10:32:29.0614 2920 USBSTOR - ok
    10:32:29.0645 2920 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    10:32:29.0645 2920 usbuhci - ok
    10:32:29.0707 2920 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    10:32:29.0707 2920 usbvideo - ok
    10:32:29.0739 2920 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    10:32:29.0739 2920 UxSms - ok
    10:32:29.0770 2920 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    10:32:29.0770 2920 VaultSvc - ok
    10:32:29.0801 2920 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    10:32:29.0801 2920 vdrvroot - ok
    10:32:29.0832 2920 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    10:32:29.0832 2920 vds - ok
    10:32:29.0879 2920 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    10:32:29.0879 2920 vga - ok
    10:32:29.0895 2920 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    10:32:29.0895 2920 VgaSave - ok
    10:32:29.0926 2920 VGPU - ok
    10:32:29.0957 2920 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    10:32:29.0957 2920 vhdmp - ok
    10:32:29.0973 2920 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    10:32:29.0988 2920 viaide - ok
    10:32:30.0004 2920 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    10:32:30.0004 2920 vmbus - ok
    10:32:30.0035 2920 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    10:32:30.0035 2920 VMBusHID - ok
    10:32:30.0066 2920 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    10:32:30.0066 2920 volmgr - ok
    10:32:30.0160 2920 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    10:32:30.0160 2920 volmgrx - ok
    10:32:30.0207 2920 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    10:32:30.0207 2920 volsnap - ok
    10:32:30.0253 2920 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    10:32:30.0253 2920 vsmraid - ok
    10:32:30.0425 2920 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    10:32:30.0441 2920 VSS - ok
    10:32:30.0581 2920 [ 40DBA03782BCC10685A8C200C5EBDCD0 ] vToolbarUpdater12.2.6 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    10:32:30.0581 2920 vToolbarUpdater12.2.6 - ok
    10:32:30.0612 2920 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    10:32:30.0612 2920 vwifibus - ok
    10:32:30.0643 2920 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    10:32:30.0643 2920 vwififlt - ok
    10:32:30.0675 2920 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    10:32:30.0690 2920 W32Time - ok
    10:32:30.0721 2920 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    10:32:30.0721 2920 WacomPen - ok
    10:32:30.0768 2920 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    10:32:30.0768 2920 WANARP - ok
    10:32:30.0784 2920 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    10:32:30.0784 2920 Wanarpv6 - ok
    10:32:30.0893 2920 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    10:32:30.0893 2920 WatAdminSvc - ok
    10:32:31.0096 2920 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    10:32:31.0111 2920 wbengine - ok
    10:32:31.0189 2920 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    10:32:31.0205 2920 WbioSrvc - ok
    10:32:31.0236 2920 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    10:32:31.0236 2920 wcncsvc - ok
    10:32:31.0267 2920 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    10:32:31.0267 2920 WcsPlugInService - ok
    10:32:31.0299 2920 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    10:32:31.0299 2920 Wd - ok
    10:32:31.0361 2920 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    10:32:31.0377 2920 Wdf01000 - ok
    10:32:31.0408 2920 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    10:32:31.0408 2920 WdiServiceHost - ok
    10:32:31.0423 2920 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    10:32:31.0423 2920 WdiSystemHost - ok
    10:32:31.0470 2920 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    10:32:31.0486 2920 WebClient - ok
    10:32:31.0501 2920 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    10:32:31.0501 2920 Wecsvc - ok
    10:32:31.0548 2920 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    10:32:31.0548 2920 wercplsupport - ok
    10:32:31.0564 2920 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    10:32:31.0564 2920 WerSvc - ok
    10:32:31.0595 2920 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    10:32:31.0595 2920 WfpLwf - ok
    10:32:31.0626 2920 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    10:32:31.0642 2920 WIMMount - ok
    10:32:31.0657 2920 WinDefend - ok
    10:32:31.0657 2920 WinHttpAutoProxySvc - ok
    10:32:31.0720 2920 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    10:32:31.0735 2920 Winmgmt - ok
    10:32:31.0813 2920 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    10:32:31.0829 2920 WinRM - ok
    10:32:31.0923 2920 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    10:32:31.0938 2920 Wlansvc - ok
    10:32:31.0954 2920 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    10:32:31.0954 2920 WmiAcpi - ok
    10:32:32.0016 2920 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    10:32:32.0032 2920 wmiApSrv - ok
    10:32:32.0063 2920 WMPNetworkSvc - ok
    10:32:32.0094 2920 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    10:32:32.0110 2920 WPCSvc - ok
    10:32:32.0141 2920 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    10:32:32.0141 2920 WPDBusEnum - ok
    10:32:32.0172 2920 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    10:32:32.0172 2920 ws2ifsl - ok
    10:32:32.0188 2920 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    10:32:32.0203 2920 wscsvc - ok
    10:32:32.0203 2920 WSearch - ok
    10:32:32.0359 2920 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    10:32:32.0422 2920 wuauserv - ok
    10:32:32.0437 2920 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    10:32:32.0437 2920 WudfPf - ok
    10:32:32.0500 2920 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    10:32:32.0500 2920 WUDFRd - ok
    10:32:32.0562 2920 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    10:32:32.0562 2920 wudfsvc - ok
    10:32:32.0593 2920 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    10:32:32.0609 2920 WwanSvc - ok
    10:32:32.0625 2920 xsherlock - ok
    10:32:32.0640 2920 ================ Scan global ===============================
    10:32:32.0671 2920 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    10:32:32.0718 2920 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    10:32:32.0734 2920 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    10:32:32.0765 2920 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    10:32:32.0843 2920 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    10:32:32.0843 2920 [Global] - ok
    10:32:32.0843 2920 ================ Scan MBR ==================================
    10:32:32.0874 2920 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    10:32:33.0155 2920 \Device\Harddisk0\DR0 - ok
    10:32:33.0155 2920 ================ Scan VBR ==================================
    10:32:33.0186 2920 [ 5D9327FDBA2724F5557A0DE85ECA4FAA ] \Device\Harddisk0\DR0\Partition1
    10:32:33.0186 2920 \Device\Harddisk0\DR0\Partition1 - ok
    10:32:33.0217 2920 [ 84F4AFD43AD1E6A479375125BD9DED5E ] \Device\Harddisk0\DR0\Partition2
    10:32:33.0217 2920 \Device\Harddisk0\DR0\Partition2 - ok
    10:32:33.0217 2920 ============================================================
    10:32:33.0217 2920 Scan finished
    10:32:33.0217 2920 ============================================================
    10:32:33.0233 2212 Detected object count: 1
    10:32:33.0233 2212 Actual detected object count: 1
    10:32:38.0131 2212 sptd ( LockedFile.Multi.Generic ) - skipped by user
    10:32:38.0131 2212 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
     
    Rauven,
    #8
  10. 2012/10/16
    Rauven

    Rauven Inactive Thread Starter

    Joined:
    2012/10/14
    Messages:
    20
    Likes Received:
    0
    RogueKiller

    RogueKiller V8.1.1 [10/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Rauven [Admin rights]
    Mode : Remove -- Date : 10/16/2012 10:43:23

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [TASK][SUSP PATH] {A09DE14E-77EF-4DAB-B885-6CBE01881D6E} : C:\Windows\system32\pcalua.exe -a "C:\Users\Rauven\Desktop\Magic Workstation\unins000.exe" -d "C:\Users\Rauven\Desktop\Magic Workstation" -> DELETED
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK3263GSXN ATA Device +++++
    --- User ---
    [MBR] 20579eadd4544032ed95725383a2d62f
    [BSP] b019380edf9680f5bf5fcabaff06a80d : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305149 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
    Last edited by a moderator: 2012/10/16
    Rauven,
    #9
  11. 2012/10/16
    Rauven

    Rauven Inactive Thread Starter

    Joined:
    2012/10/14
    Messages:
    20
    Likes Received:
    0
    Also I don't know if important for you to know, or even related to the case, my Laptop keeps overheating, even with a cooling pad, resulting in a shutdown. This only happened when I was playing high-consuming games without the pad, but is now happening even outside of games, with the pad.
     
    Rauven,
    #10
  12. 2012/10/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That would be a subject to a different forum.
    For now avoid playing games, get a can of compressed air and clean well all vents.

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
    broni,
    #11
  13. 2012/10/16
    Rauven

    Rauven Inactive Thread Starter

    Joined:
    2012/10/14
    Messages:
    20
    Likes Received:
    0
    ComboFix

    ComboFix 12-10-16.02 - Rauven 17-10-2012 3:25.1.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.351.1033.18.2043.1079 [GMT 1:00]
    Executando de: c:\users\Rauven\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((( Arquivos/Ficheiros criados de 2012-09-17 to 2012-10-17 ))))))))))))))))))))))))))))
    .
    .
    2012-10-17 02:31 . 2012-10-17 02:31 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-15 13:13 . 2012-09-27 23:18 65309168 ----a-w- c:\windows\system32\MRT.exe
    2012-10-13 12:22 . 2012-10-13 12:22 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
    2012-10-12 18:57 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-10-12 18:57 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-10-12 18:57 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-10-12 18:57 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
    2012-10-12 18:57 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
    2012-10-10 12:08 . 2012-10-11 10:52 -------- d-----w- c:\program files (x86)\Virtual Playtable
    2012-10-10 11:08 . 2012-10-10 11:08 -------- d-----w- c:\programdata\.mono
    2012-10-09 01:17 . 2012-10-09 01:17 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
    2012-10-07 09:52 . 2012-10-07 09:52 -------- d-----w- c:\windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
    2012-10-07 09:52 . 2012-10-07 09:52 -------- d--h--w- c:\windows\msdownld.tmp
    2012-10-07 09:06 . 2012-10-07 09:49 -------- d-----w- c:\program files (x86)\Mass Effect 2
    2012-10-05 02:26 . 2012-10-05 02:26 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
    2012-10-04 21:22 . 2012-10-04 21:23 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2012-10-03 20:07 . 2012-10-03 20:12 -------- d-----w- c:\program files (x86)\Magic Workstation
    2012-10-02 02:30 . 2012-10-02 02:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
    2012-10-01 15:34 . 2012-10-01 15:34 -------- d-----w- c:\program files (x86)\EpochSoft
    2012-10-01 15:02 . 2012-10-01 15:02 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls
    2012-10-01 14:52 . 2012-10-01 17:13 -------- d-----w- c:\programdata\Hi-Rez Studios
    2012-10-01 14:52 . 2012-10-01 14:52 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
    2012-09-30 16:50 . 2012-09-30 17:29 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-09-30 16:46 . 2012-09-30 17:29 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-09-30 16:46 . 2012-09-30 17:10 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-09-30 16:46 . 2012-09-30 16:46 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-09-29 00:57 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
    2012-09-29 00:57 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
    2012-09-29 00:57 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
    2012-09-29 00:57 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
    2012-09-29 00:57 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
    2012-09-29 00:57 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
    2012-09-28 15:53 . 2012-09-28 15:53 -------- d-----w- c:\programdata\Media Center Programs
    2012-09-28 15:53 . 2012-10-07 09:49 -------- d-----w- c:\program files (x86)\Common Files\BioWare
    2012-09-28 15:37 . 2012-09-28 15:58 -------- d-----w- c:\program files (x86)\Mass Effect
    2012-09-24 16:13 . 2012-09-24 16:13 -------- d-----w- c:\program files\Microsoft Silverlight
    2012-09-24 16:13 . 2012-09-24 16:13 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2012-09-23 12:55 . 2012-09-23 12:55 419840 ----a-w- c:\windows\system32\systemcplx64.dll
    2012-09-23 12:55 . 2012-09-23 12:55 14848 ----a-w- c:\windows\system32\slwga.dll
    2012-09-23 12:55 . 2012-09-23 12:55 13824 ----a-w- c:\windows\SysWow64\slwga.dll
    2012-09-23 12:20 . 2012-08-24 10:31 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-09-23 12:02 . 2012-09-23 12:02 -------- d-----w- c:\windows\system32\SPReview
    2012-09-23 12:01 . 2012-09-23 12:01 -------- d-----w- c:\windows\system32\EventProviders
    2012-09-21 16:35 . 2012-09-21 16:35 -------- d-----w- c:\program files (x86)\PowerQuest
    2012-09-21 13:57 . 2012-09-21 13:57 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
    2012-09-21 02:46 . 2012-09-21 02:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
    2012-09-21 02:46 . 2012-09-21 02:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
    2012-09-21 02:45 . 2012-09-21 02:45 61792 ----a-w- c:\windows\system32\drivers\avgidsha.sys
    2012-09-20 01:12 . 2012-09-20 01:12 -------- d-----w- c:\program files (x86)\VideoLAN
    2012-09-19 15:24 . 2012-09-19 15:24 -------- d-----w- c:\program files (x86)\Wizards of the Coast LLC
    2012-09-19 15:10 . 2010-11-20 13:27 485888 ----a-w- c:\windows\system32\secproc_isv.dll
    2012-09-19 15:09 . 2010-11-20 13:25 299520 ----a-w- c:\windows\system32\rdpshell.exe
    2012-09-19 15:08 . 2010-11-20 13:24 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-09-19 15:07 . 2010-11-20 13:27 182784 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2012-09-19 15:06 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
    2012-09-19 15:06 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
    2012-09-19 15:06 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
    2012-09-19 15:06 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
    2012-09-19 15:03 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
    2012-09-19 15:03 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
    2012-09-19 15:03 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
    2012-09-19 12:49 . 2012-09-19 12:49 -------- d-----w- c:\windows\SysWow64\Wat
    2012-09-19 12:49 . 2012-09-19 12:49 -------- d-----w- c:\windows\system32\Wat
    2012-09-19 11:18 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
    2012-09-19 10:56 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-09-19 10:56 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2012-09-19 10:56 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-09-19 10:56 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-09-19 10:56 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-09-18 20:10 . 2012-09-30 20:29 666720 ----a-w- c:\windows\SysWow64\xsherlock.xem
    2012-09-18 19:12 . 2012-10-13 12:22 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2012-09-18 17:32 . 2012-09-18 17:32 -------- d-----w- c:\program files\TeamSpeak 3 Client
    2012-09-18 17:00 . 2012-09-18 17:00 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-09-18 17:00 . 2012-09-18 17:00 -------- d-----r- c:\program files (x86)\Skype
    2012-09-18 16:59 . 2012-09-18 17:00 -------- d-----w- c:\programdata\Skype
    2012-09-18 14:42 . 2012-09-18 14:42 -------- d-----w- c:\program files (x86)\uTorrent
    2012-09-18 14:35 . 2012-09-18 14:35 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
    2012-09-18 14:34 . 2012-09-18 14:34 -------- d-----w- c:\windows\PCHEALTH
    2012-09-18 14:34 . 2012-09-18 14:34 -------- d-----w- c:\program files (x86)\Microsoft.NET
    2012-09-18 14:34 . 2012-09-18 14:34 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
    2012-09-18 14:34 . 2012-09-18 14:34 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
    2012-09-18 14:21 . 2012-09-18 14:21 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-09-18 14:21 . 2012-09-18 14:20 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-09-18 14:21 . 2012-09-18 14:20 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-09-18 14:20 . 2012-09-18 14:20 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-18 14:20 . 2012-09-18 14:20 -------- d-----w- c:\program files (x86)\Java
    2012-09-18 14:12 . 2012-09-18 14:12 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
    2012-09-18 14:09 . 2012-09-18 14:09 -------- d-----w- c:\program files\Microsoft Office
    2012-09-18 14:08 . 2012-09-18 14:08 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
    2012-09-18 13:11 . 2012-09-18 14:47 -------- d-----w- c:\programdata\Microsoft Help
    2012-09-18 13:05 . 2012-10-01 12:09 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2012-09-18 13:02 . 2012-09-18 13:02 -------- d-----w- c:\program files\WinRAR
    2012-09-18 11:00 . 2008-05-30 13:11 540688 ----a-w- c:\windows\system32\d3dx10_38.dll
    2012-09-18 10:59 . 2006-02-03 07:43 3830992 ----a-w- c:\windows\system32\d3dx9_29.dll
    2012-09-18 10:59 . 2005-12-05 17:09 3815120 ----a-w- c:\windows\system32\d3dx9_28.dll
    2012-09-18 10:59 . 2005-07-22 18:59 3807440 ----a-w- c:\windows\system32\d3dx9_27.dll
    2012-09-18 10:59 . 2005-05-26 14:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll
    2012-09-18 10:59 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
    2012-09-18 10:59 . 2005-03-18 16:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll
    2012-09-18 10:59 . 2005-02-05 18:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll
    2012-09-18 10:48 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
    2012-09-18 10:48 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
    2012-09-18 10:48 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll
    2012-09-18 10:48 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
    2012-09-18 10:48 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
    2012-09-18 10:48 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax
    2012-09-18 10:48 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll
    2012-09-18 10:48 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
    2012-09-18 10:48 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
    2012-09-18 10:48 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
    2012-09-18 10:47 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
    2012-09-18 10:47 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-09-18 10:47 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
    2012-09-18 10:47 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-09-18 10:47 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
    2012-09-18 10:47 . 2011-11-17 05:35 314880 ----a-w- c:\windows\SysWow64\webio.dll
    2012-09-18 10:47 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2012-09-18 10:47 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2012-09-18 10:47 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2012-09-18 10:46 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-09-18 10:46 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-09-18 10:46 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-09-18 10:46 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-09-18 10:46 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2012-09-18 10:46 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-23 12:17 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2012-09-23 12:17 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2012-09-14 02:05 . 2012-09-14 02:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
    2012-09-13 02:11 . 2012-09-13 02:11 151904 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
    .
    .
    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-09-18 01:38 1734240 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233} "= "c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll" [2012-09-18 1734240]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock "= "c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "F.lux "= "c:\users\Rauven\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AVG_UI "= "c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-10-10 3116152]
    "vProt "= "c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-09-18 947808]
    "ROC_ROC_NT "= "c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-18 856160]
    .
    c:\users\Rauven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    thunderbird - Shortcut.lnk - c:\program files (x86)\Mozilla Thunderbird\thunderbird.exe [2012-9-18 388576]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableUIADesktopToggle "= 0 (0x0)
    "PromptOnSecureDesktop "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs "=0 (0x0)
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-10-02 5783672]
    R2 gupdate;Serviço Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-18 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 gupdatem;Serviço Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-18 136176]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-12 115168]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-19 1255736]
    R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-09-21 61792]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-09-18 834544]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-09-13 151904]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-18 31080]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-02 193568]
    S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-18 722528]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
    S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-27 1103904]
    .
    .
    --- =Outros Serviços/Drivers Na Memória ---
    .
    *NewlyCreated* - 84768559
    *NewlyCreated* - 94705124
    *Deregistered* - 84768559
    *Deregistered* - 94705124
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-18 00:35]
    .
    2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-18 00:35]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
    .
    ------- Scan Suplementar -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&nviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
    FF - ProfilePath - c:\users\Rauven\AppData\Roaming\Mozilla\Firefox\Profiles\ezn0jz5v.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - ExtSQL: 2012-09-18 00:33; foxmarks@kei.com; c:\users\Rauven\AppData\Roaming\Mozilla\Firefox\Profiles\ezn0jz5v.default\extensions\foxmarks@kei.com
    FF - ExtSQL: 2012-09-18 01:25; {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}; c:\users\Rauven\AppData\Roaming\Mozilla\Firefox\Profiles\ezn0jz5v.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
    FF - ExtSQL: 2012-09-18 01:52; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Rauven\AppData\Roaming\Mozilla\Firefox\Profiles\ezn0jz5v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF - ExtSQL: 2012-09-18 02:39; avg@toolbar; c:\programdata\AVG Secure Search\12.2.5.34
    FF - ExtSQL: 2012-09-20 13:18; support@lastpass.com; c:\users\Rauven\AppData\Roaming\Mozilla\Firefox\Profiles\ezn0jz5v.default\extensions\support@lastpass.com
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock]
    "ImagePath "= "c:\windows\system32\xsherlock.xem "
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @= "?????????????????? v1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @= "{E23FE9C6-778E-49D4-B537-38FCDE4887D8} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @= "?????????????????? v2 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @= "{9BE31822-FDAD-461B-AD51-BE1D1C159921} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution "= "{15727DE6-F92D-4E46-ACB4-0E2C58B31A18} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key "= "ActionsPane3 "
    "Location "= "c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Tempo para conclusão: 2012-10-17 03:34:18
    ComboFix-quarantined-files.txt 2012-10-17 02:34
    .
    Pré-execução: 184.521.584.640 bytes free
    Pós execução: 184.385.826.816 bytes free
    .
    - - End Of File - - 05B702844039B5FD8CE360ABD73D0352
     
    Rauven,
    #12
  14. 2012/10/16
    Rauven

    Rauven Inactive Thread Starter

    Joined:
    2012/10/14
    Messages:
    20
    Likes Received:
    0
    Regarding the cleaning of the vents, I already thoroughly cleaned them, that is why I find so strange this sudden overheating. Also I won't play games as I can't play them without causing a overheat shutdown
     
    Rauven,
    #13
  15. 2012/10/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Combofix log looks good.

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #14
  16. 2012/10/16
    Rauven

    Rauven Inactive Thread Starter

    Joined:
    2012/10/14
    Messages:
    20
    Likes Received:
    0
    OTL.txt

    OTL logfile created on: 10/17/2012 3:55:37 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rauven\Downloads
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

    1.99 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 35.91% Memory free
    3.99 Gb Paging File | 2.42 Gb Available in Paging File | 60.75% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 297.99 Gb Total Space | 171.66 Gb Free Space | 57.61% Space Free | Partition Type: NTFS
    Drive H: | 100.00 Mb Total Space | 61.46 Mb Free Space | 61.46% Space Free | Partition Type: NTFS

    Computer Name: ICARUS | User Name: Rauven | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/17 03:53:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rauven\Downloads\OTL.exe
    PRC - [2012/10/13 15:36:06 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/10/12 10:53:52 | 000,388,576 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    PRC - [2012/10/10 14:22:32 | 003,116,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    PRC - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    PRC - [2012/09/30 17:46:31 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012/09/18 02:39:00 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    PRC - [2012/09/18 02:38:58 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/03/15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/10/13 15:36:05 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/10/12 10:53:54 | 002,111,456 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
    MOD - [2012/10/12 10:53:53 | 000,157,664 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
    MOD - [2012/10/12 10:53:53 | 000,021,984 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
    MOD - [2012/09/18 02:39:05 | 000,564,832 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
    MOD - [2012/09/18 02:39:01 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
    MOD - [2012/09/18 02:38:58 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    MOD - [2012/07/17 21:07:18 | 000,970,240 | ---- | M] () -- C:\Users\Rauven\AppData\Roaming\Mozilla\Firefox\Profiles\ezn0jz5v.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
    MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


    ========== Services (SafeList) ==========

    SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/10/12 10:53:54 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/05 15:09:25 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/09/30 21:29:15 | 000,666,720 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\xsherlock.xem -- (xsherlock)
    SRV - [2012/09/30 17:46:31 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/09/18 02:39:00 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
    SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/06/26 15:35:20 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/10/05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2012/09/21 03:45:50 | 000,061,792 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/09/18 02:39:03 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2012/09/18 01:47:20 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2012/09/13 03:11:18 | 000,151,904 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/04/27 01:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
    DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\PQNTDRV.sys -- (PQNTDrv)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1424633695-1939472065-3266516597-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt
    IE - HKU\S-1-5-21-1424633695-1939472065-3266516597-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 96 9A A9 29 95 CD 01 [binary data]
    IE - HKU\S-1-5-21-1424633695-1939472065-3266516597-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-1424633695-1939472065-3266516597-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1424633695-1939472065-3266516597-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={00BC88B0-FCD0-4E4E-89D5-C72C73A5B958}&mid=0c4bdf9c373347d08fd6a113f020363d-c6c737c54f894d4127836d0da62d5df6a5985ec5&lang=en&ds=AVG&pr=fr&d=2012-09-18 02:39:06&v=12.2.5.34&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-1424633695-1939472065-3266516597-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google "
    FF - prefs.js..browser.search.selectedEngine: "Google "
    FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3
    FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
    FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012/09/18 02:39:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/13 15:36:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/13 15:35:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/09/18 01:52:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

    [2012/09/18 00:28:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rauven\AppData\Roaming\Mozilla\Extensions
    [2012/09/21 14:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rauven\AppData\Roaming\Mozilla\Firefox\Profiles\ezn0jz5v.default\extensions
    [2012/09/18 00:33:01 | 000,000,000 | ---D | M] ( "Xmarks ") -- C:\Users\Rauven\AppData\Roaming\Mozilla\Firefox\Profiles\ezn0jz5v.default\extensions\foxmarks@kei.com
    [2012/09/20 13:18:34 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Rauven\AppData\Roaming\Mozilla\Firefox\Profiles\ezn0jz5v.default\extensions\support@lastpass.com
    [2012/09/18 01:52:51 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Rauven\AppData\Roaming\Mozilla\Firefox\Profiles\ezn0jz5v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012/09/18 01:25:48 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Rauven\AppData\Roaming\Mozilla\Firefox\Profiles\ezn0jz5v.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
    [2012/10/13 15:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/10/13 15:36:06 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/07/11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
    [2012/09/06 04:23:16 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/09/18 02:38:55 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/09/06 04:23:16 | 000,001,529 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\priberam.xml
    [2012/09/06 04:23:16 | 000,002,071 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\sapo.xml
    [2012/09/06 04:23:16 | 000,000,942 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-ptpt.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
    CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - Extension: AVG Secure Search = C:\Users\Rauven\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.34_0\

    O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    O4 - HKU\S-1-5-21-1424633695-1939472065-3266516597-1000..\Run: [F.lux] C:\Users\Rauven\Local Settings\Apps\F.lux\flux.exe ()
    O4 - HKU\S-1-5-21-1424633695-1939472065-3266516597-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
    O4 - Startup: C:\Users\Rauven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird - Shortcut.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1424633695-1939472065-3266516597-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1424633695-1939472065-3266516597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1424633695-1939472065-3266516597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{499C736F-36E3-4F9A-BE27-54BC956DEA36}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A9A7E5A-0939-4DBE-8B67-66D69AD887B2}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/17 03:34:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/10/17 03:24:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/17 03:24:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/17 03:24:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/17 03:23:54 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/17 03:23:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/17 03:19:05 | 004,981,258 | R--- | C] (Swearware) -- C:\Users\Rauven\Desktop\ComboFix.exe
    [2012/10/16 10:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/10/15 16:04:22 | 000,000,000 | ---D | C] -- C:\Users\Rauven\Magicka-SKIDROW
    [2012/10/15 03:50:34 | 000,000,000 | ---D | C] -- C:\Users\Rauven\Desktop\Logs
    [2012/10/13 15:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/10/13 13:22:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
    [2012/10/10 13:15:19 | 000,000,000 | ---D | C] -- C:\Users\Rauven\images
    [2012/10/10 13:09:11 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Local\Virtual Playtable
    [2012/10/10 13:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Playtable
    [2012/10/10 13:08:45 | 000,000,000 | ---D | C] -- C:\Users\Rauven\Documents\Virtual Playtable
    [2012/10/10 13:08:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Playtable
    [2012/10/10 12:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\.mono
    [2012/10/09 03:24:16 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\.mono
    [2012/10/09 02:17:11 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
    [2012/10/09 02:15:01 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\Pokémon Trading Card Game Online
    [2012/10/09 02:15:01 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online
    [2012/10/07 12:26:49 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mass Effect 2
    [2012/10/07 10:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect 2
    [2012/10/06 06:21:16 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
    [2012/10/06 06:21:14 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Local\Apps
    [2012/10/05 03:26:22 | 000,111,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
    [2012/10/04 22:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
    [2012/10/03 21:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Workstation
    [2012/10/03 21:07:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Magic Workstation
    [2012/10/02 20:18:14 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\BotArena
    [2012/10/02 03:30:38 | 000,185,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
    [2012/10/01 20:43:25 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Local\Chromium
    [2012/10/01 18:11:25 | 000,000,000 | ---D | C] -- C:\Users\Rauven\Documents\My Games
    [2012/10/01 16:34:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BotArena
    [2012/10/01 16:34:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpochSoft
    [2012/10/01 16:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls
    [2012/10/01 15:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
    [2012/10/01 15:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
    [2012/10/01 15:52:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
    [2012/09/30 17:50:24 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Local\PunkBuster
    [2012/09/30 00:42:31 | 000,000,000 | R--D | C] -- C:\Users\Rauven\Desktop\Pen
    [2012/09/28 16:56:34 | 000,000,000 | ---D | C] -- C:\Users\Rauven\Documents\BioWare
    [2012/09/28 16:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
    [2012/09/28 16:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect
    [2012/09/28 16:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
    [2012/09/28 16:37:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect
    [2012/09/28 13:13:29 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Local\Sidhe
    [2012/09/24 17:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2012/09/24 17:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2012/09/24 17:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2012/09/23 13:02:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
    [2012/09/23 13:01:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
    [2012/09/21 17:36:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerQuest PartitionMagic 8.0
    [2012/09/21 17:35:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerQuest
    [2012/09/21 03:46:04 | 000,200,032 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
    [2012/09/21 03:46:00 | 000,225,120 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
    [2012/09/21 03:45:50 | 000,061,792 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
    [2012/09/20 02:13:39 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\vlc
    [2012/09/20 02:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2012/09/20 02:12:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
    [2012/09/20 00:17:19 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Local\Microsoft Games
    [2012/09/19 16:35:41 | 000,000,000 | ---D | C] -- C:\Users\Rauven\Documents\Wizards of the Coast
    [2012/09/19 16:34:54 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Local\SKIDROW
    [2012/09/19 16:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wizards of the Coast LLC
    [2012/09/19 16:08:43 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
    [2012/09/19 16:08:07 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
    [2012/09/19 13:49:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
    [2012/09/19 13:49:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
    [2012/09/18 21:10:48 | 000,666,720 | ---- | C] (Wellbia.com Co., Ltd.) -- C:\Windows\SysWow64\xsherlock.xem
    [2012/09/18 20:40:09 | 000,000,000 | ---D | C] -- C:\Users\Rauven\Documents\C9
    [2012/09/18 20:12:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2012/09/18 18:38:51 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\TS3Client
    [2012/09/18 18:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
    [2012/09/18 18:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
    [2012/09/18 18:00:32 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\Skype
    [2012/09/18 18:00:16 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
    [2012/09/18 18:00:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/09/18 18:00:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2012/09/18 17:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
    [2012/09/18 16:41:21 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    [2012/09/18 16:35:15 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    [2012/09/18 15:42:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
    [2012/09/18 15:42:13 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\uTorrent
    [2012/09/18 15:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
    [2012/09/18 15:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    [2012/09/18 15:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
    [2012/09/18 15:35:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2012/09/18 15:34:50 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2012/09/18 15:34:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
    [2012/09/18 15:34:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
    [2012/09/18 15:34:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    [2012/09/18 15:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2012/09/18 15:21:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/09/18 15:20:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2012/09/18 15:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2012/09/18 15:12:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
    [2012/09/18 15:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2012/09/18 15:08:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
    [2012/09/18 15:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
    [2012/09/18 15:06:12 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Local\Adobe
    [2012/09/18 14:12:31 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Local\Microsoft Help
    [2012/09/18 14:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
    [2012/09/18 14:11:19 | 000,000,000 | ---D | C] -- C:\Users\Rauven\Desktop\****
    [2012/09/18 14:08:14 | 000,000,000 | ---D | C] -- C:\Users\Rauven\Desktop\LoL
    [2012/09/18 14:07:53 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\WinRAR
    [2012/09/18 14:05:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2012/09/18 14:02:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2012/09/18 14:02:48 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2012/09/18 14:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2012/09/18 12:05:03 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\LolClient
    [2012/09/18 11:45:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
    [2012/09/18 11:26:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
    [2012/09/18 11:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    [2012/09/18 11:26:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
    [2012/09/18 08:28:50 | 000,000,000 | ---D | C] -- C:\Windows\Panther
    [2012/09/18 07:33:17 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2012/09/18 07:30:12 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2012/09/18 02:41:47 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\Macromedia
    [2012/09/18 02:41:47 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Local\Macromedia
    [2012/09/18 02:41:47 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\Adobe
    [2012/09/18 02:40:37 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\AVG2013
    [2012/09/18 02:39:26 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Local\AVG Secure Search
    [2012/09/18 02:39:23 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\TuneUp Software
    [2012/09/18 02:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
    [2012/09/18 02:39:03 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2012/09/18 02:38:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
    [2012/09/18 02:38:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
    [2012/09/18 02:37:42 | 000,000,000 | ---D | C] -- C:\$AVG
    [2012/09/18 02:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
    [2012/09/18 02:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2012/09/18 02:33:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2012/09/18 02:33:27 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Local\MFAData
    [2012/09/18 02:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2012/09/18 02:33:27 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Local\Avg2013
    [2012/09/18 02:29:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
    [2012/09/18 02:29:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2012/09/18 02:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2012/09/18 01:54:18 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\Thunderbird
    [2012/09/18 01:54:18 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Local\Thunderbird
    [2012/09/18 01:52:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
    [2012/09/18 01:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
    [2012/09/18 01:47:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
    [2012/09/18 01:46:23 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\DAEMON Tools Lite
    [2012/09/18 01:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
    [2012/09/18 01:44:47 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\Malwarebytes
    [2012/09/18 01:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/09/18 01:44:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2012/09/18 01:44:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/09/18 01:44:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/09/18 01:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/09/18 01:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2012/09/18 01:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/09/18 01:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/09/18 01:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
    [2012/09/18 01:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
    [2012/09/18 01:36:14 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
    [2012/09/18 01:35:58 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Local\Google
    [2012/09/18 01:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2012/09/18 01:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
    [2012/09/18 01:35:22 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
    [2012/09/18 01:35:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
    [2012/09/18 01:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
    [2012/09/18 01:35:05 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\Winamp
    [2012/09/18 01:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
    [2012/09/18 00:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
    [2012/09/18 00:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RocketDock
    [2012/09/18 00:28:42 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\Mozilla
    [2012/09/18 00:28:42 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Local\Mozilla
    [2012/09/18 00:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/09/18 00:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012/09/18 00:04:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek WLAN Driver
    [2012/09/18 00:03:53 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\WinBatch
    [2012/09/18 00:02:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
    [2012/09/18 00:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
    [2012/09/18 00:02:37 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
    [2012/09/18 00:02:37 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
    [2012/09/18 00:02:37 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
    [2012/09/18 00:02:37 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
    [2012/09/18 00:02:37 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
    [2012/09/18 00:02:37 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
    [2012/09/18 00:02:37 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
    [2012/09/18 00:02:37 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
    [2012/09/18 00:02:37 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
    [2012/09/18 00:02:36 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
    [2012/09/18 00:02:36 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
    [2012/09/18 00:02:36 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
    [2012/09/18 00:02:36 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
    [2012/09/18 00:02:36 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
    [2012/09/18 00:02:36 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
    [2012/09/18 00:02:35 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
    [2012/09/18 00:02:35 | 001,756,160 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
    [2012/09/18 00:02:35 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
    [2012/09/18 00:02:35 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
    [2012/09/18 00:02:35 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
    [2012/09/18 00:02:35 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
    [2012/09/18 00:02:35 | 000,489,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
    [2012/09/18 00:02:35 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
    [2012/09/18 00:02:35 | 000,334,848 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
    [2012/09/18 00:02:35 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
    [2012/09/18 00:02:35 | 000,330,656 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
    [2012/09/18 00:02:35 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
    [2012/09/18 00:02:35 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
    [2012/09/18 00:02:35 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
    [2012/09/18 00:02:35 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
    [2012/09/18 00:02:35 | 000,124,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
    [2012/09/18 00:02:35 | 000,124,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
    [2012/09/18 00:02:35 | 000,123,104 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
    [2012/09/18 00:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
    [2012/09/18 00:02:34 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
    [2012/09/18 00:02:31 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
    [2012/09/18 00:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
    [2012/09/17 23:59:00 | 000,000,000 | R--D | C] -- C:\Users\Rauven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2012/09/17 23:59:00 | 000,000,000 | R--D | C] -- C:\Users\Rauven\Searches
    [2012/09/17 23:59:00 | 000,000,000 | R--D | C] -- C:\Users\Rauven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2012/09/17 23:58:59 | 000,000,000 | -H-D | C] -- C:\Users\Rauven\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2012/09/17 23:58:48 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\Identities
    [2012/09/17 23:58:41 | 000,000,000 | R--D | C] -- C:\Users\Rauven\Contacts
    [2012/09/17 23:58:39 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Local\VirtualStore
    [2012/09/17 23:58:01 | 000,000,000 | -HSD | C] -- C:\Users\Rauven\AppData\Local\Temporary Internet Files
    [2012/09/17 23:58:01 | 000,000,000 | -HSD | C] -- C:\Users\Rauven\Templates
    [2012/09/17 23:58:01 | 000,000,000 | -HSD | C] -- C:\Users\Rauven\Start Menu
    [2012/09/17 23:58:01 | 000,000,000 | -HSD | C] -- C:\Users\Rauven\SendTo
    [2012/09/17 23:58:01 | 000,000,000 | -HSD | C] -- C:\Users\Rauven\Recent
    [2012/09/17 23:58:01 | 000,000,000 | -HSD | C] -- C:\Users\Rauven\PrintHood
    [2012/09/17 23:58:01 | 000,000,000 | -HSD | C] -- C:\Users\Rauven\NetHood
    [2012/09/17 23:58:01 | 000,000,000 | -HSD | C] -- C:\Users\Rauven\Documents\My Videos
    [2012/09/17 23:58:01 | 000,000,000 | -HSD | C] -- C:\Users\Rauven\Documents\My Pictures
    [2012/09/17 23:58:01 | 000,000,000 | -HSD | C] -- C:\Users\Rauven\Documents\My Music
    [2012/09/17 23:58:01 | 000,000,000 | -HSD | C] -- C:\Users\Rauven\My Documents
    [2012/09/17 23:58:01 | 000,000,000 | -HSD | C] -- C:\Users\Rauven\Local Settings
    [2012/09/17 23:58:01 | 000,000,000 | -HSD | C] -- C:\Users\Rauven\AppData\Local\History
    [2012/09/17 23:58:01 | 000,000,000 | -HSD | C] -- C:\Users\Rauven\Cookies
    [2012/09/17 23:58:01 | 000,000,000 | -HSD | C] -- C:\Users\Rauven\Application Data
    [2012/09/17 23:58:01 | 000,000,000 | -HSD | C] -- C:\Users\Rauven\AppData\Local\Application Data
    [2012/09/17 23:57:58 | 000,000,000 | R--D | C] -- C:\Users\Rauven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2012/09/17 23:57:58 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Local\Temp
    [2012/09/17 23:57:58 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Local\Microsoft
    [2012/09/17 23:57:58 | 000,000,000 | ---D | C] -- C:\Users\Rauven\AppData\Roaming\Media Center Programs
    [2012/09/17 23:57:57 | 000,000,000 | --SD | C] -- C:\Users\Rauven\AppData\Roaming\Microsoft
    [2012/09/17 23:57:57 | 000,000,000 | R--D | C] -- C:\Users\Rauven\Videos
    [2012/09/17 23:57:57 | 000,000,000 | R--D | C] -- C:\Users\Rauven\Saved Games
    [2012/09/17 23:57:57 | 000,000,000 | R--D | C] -- C:\Users\Rauven\Pictures
    [2012/09/17 23:57:57 | 000,000,000 | R--D | C] -- C:\Users\Rauven\Music
    [2012/09/17 23:57:57 | 000,000,000 | R--D | C] -- C:\Users\Rauven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2012/09/17 23:57:57 | 000,000,000 | R--D | C] -- C:\Users\Rauven\Links
    [2012/09/17 23:57:57 | 000,000,000 | R--D | C] -- C:\Users\Rauven\Favorites
    [2012/09/17 23:57:57 | 000,000,000 | R--D | C] -- C:\Users\Rauven\Downloads
    [2012/09/17 23:57:57 | 000,000,000 | R--D | C] -- C:\Users\Rauven\Documents
    [2012/09/17 23:57:57 | 000,000,000 | R--D | C] -- C:\Users\Rauven\Desktop
    [2012/09/17 23:57:57 | 000,000,000 | -H-D | C] -- C:\Users\Rauven\AppData
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
     
    Rauven,
    #15
  17. 2012/10/16
    Rauven

    Rauven Inactive Thread Starter

    Joined:
    2012/10/14
    Messages:
    20
    Likes Received:
    0
    ========== Files - Modified Within 30 Days ==========

    [2012/10/17 03:51:01 | 000,001,012 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/17 03:51:01 | 000,001,008 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/17 03:49:39 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/17 03:49:39 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/17 03:19:24 | 004,981,258 | R--- | M] (Swearware) -- C:\Users\Rauven\Desktop\ComboFix.exe
    [2012/10/16 10:19:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/16 10:19:05 | 1606,582,272 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/15 15:19:22 | 000,000,220 | ---- | M] () -- C:\Users\Rauven\Desktop\Champions Online Free For All.url
    [2012/10/15 02:50:04 | 000,002,324 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/10/12 10:54:02 | 000,002,114 | ---- | M] () -- C:\Users\Rauven\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
    [2012/10/12 01:43:41 | 000,001,586 | ---- | M] () -- C:\Users\Rauven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird - Shortcut.lnk
    [2012/10/10 13:09:01 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Virtual Playtable.lnk
    [2012/10/09 02:16:43 | 000,001,252 | ---- | M] () -- C:\Users\Rauven\Desktop\Pokémon Trading Card Game Online.lnk
    [2012/10/07 12:26:32 | 000,001,006 | ---- | M] () -- C:\Users\Rauven\Application Data\Microsoft\Internet Explorer\Quick Launch\Mass Effect 2.lnk
    [2012/10/05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
    [2012/10/03 21:07:28 | 000,001,032 | ---- | M] () -- C:\Users\Rauven\Desktop\Magic Workstation.lnk
    [2012/10/03 21:07:28 | 000,000,985 | ---- | M] () -- C:\Users\Rauven\Desktop\MWS Online Play.lnk
    [2012/10/03 11:42:48 | 3102,713,715 | ---- | M] () -- C:\Users\Rauven\Magic Workstation.rar
    [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
    [2012/10/01 18:23:18 | 004,968,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/09/30 21:29:15 | 000,666,720 | ---- | M] (Wellbia.com Co., Ltd.) -- C:\Windows\SysWow64\xsherlock.xem
    [2012/09/30 18:29:29 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2012/09/30 18:29:29 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/09/30 18:10:51 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
    [2012/09/30 17:46:31 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012/09/30 00:07:01 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/09/30 00:07:01 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/09/30 00:07:01 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/09/25 18:23:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2012/09/21 15:46:00 | 000,000,036 | ---- | M] () -- C:\Windows\avgui.INI
    [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
    [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
    [2012/09/21 03:45:50 | 000,061,792 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
    [2012/09/19 13:56:48 | 000,001,441 | ---- | M] () -- C:\Users\Rauven\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/09/19 12:15:43 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2012/09/19 12:15:28 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2012/09/18 18:32:56 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
    [2012/09/18 15:43:02 | 000,000,971 | ---- | M] () -- C:\Users\Rauven\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2012/09/18 07:35:24 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
    [2012/09/18 07:35:24 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
    [2012/09/18 07:32:48 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
    [2012/09/18 02:39:03 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2012/09/18 01:47:20 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
    [2012/09/18 01:37:14 | 000,002,243 | ---- | M] () -- C:\Users\Rauven\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/09/18 01:35:48 | 000,001,007 | ---- | M] () -- C:\Users\Rauven\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========
    [2012/10/17 03:24:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/17 03:24:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/17 03:24:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/17 03:24:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/17 03:24:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/15 15:19:22 | 000,000,220 | ---- | C] () -- C:\Users\Rauven\Desktop\Champions Online Free For All.url
    [2012/10/15 02:50:04 | 000,002,324 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/10/12 01:43:41 | 000,001,586 | ---- | C] () -- C:\Users\Rauven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird - Shortcut.lnk
    [2012/10/10 13:09:01 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Virtual Playtable.lnk
    [2012/10/09 02:16:43 | 000,001,252 | ---- | C] () -- C:\Users\Rauven\Desktop\Pokémon Trading Card Game Online.lnk
    [2012/10/07 12:26:32 | 000,001,006 | ---- | C] () -- C:\Users\Rauven\Application Data\Microsoft\Internet Explorer\Quick Launch\Mass Effect 2.lnk
    [2012/10/03 21:07:28 | 000,001,032 | ---- | C] () -- C:\Users\Rauven\Desktop\Magic Workstation.lnk
    [2012/10/03 21:07:28 | 000,000,985 | ---- | C] () -- C:\Users\Rauven\Desktop\MWS Online Play.lnk
    [2012/10/03 10:40:08 | 3102,713,715 | ---- | C] () -- C:\Users\Rauven\Magic Workstation.rar
    [2012/10/01 13:09:18 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2012/09/30 17:50:30 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2012/09/30 17:46:34 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/09/30 17:46:34 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
    [2012/09/30 17:46:31 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012/09/25 18:23:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2012/09/21 15:46:00 | 000,000,036 | ---- | C] () -- C:\Windows\avgui.INI
    [2012/09/19 16:11:11 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
    [2012/09/19 16:10:39 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
    [2012/09/19 16:08:45 | 000,232,448 | ---- | C] () -- C:\Windows\SysNative\sppcomapi.dll
    [2012/09/19 16:07:36 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
    [2012/09/19 16:07:16 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
    [2012/09/19 16:07:16 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
    [2012/09/19 16:06:52 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
    [2012/09/19 16:06:51 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
    [2012/09/19 12:15:43 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2012/09/19 12:15:28 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2012/09/18 18:32:56 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
    [2012/09/18 15:43:02 | 000,000,971 | ---- | C] () -- C:\Users\Rauven\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2012/09/18 15:28:12 | 000,001,227 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
    [2012/09/18 15:26:25 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
    [2012/09/18 15:25:47 | 000,001,282 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
    [2012/09/18 15:22:33 | 000,001,383 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
    [2012/09/18 15:22:19 | 000,001,555 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
    [2012/09/18 07:35:07 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2012/09/18 07:34:53 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2012/09/18 07:32:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012/09/18 07:29:38 | 1606,582,272 | -HS- | C] () -- C:\hiberfil.sys
    [2012/09/18 01:52:42 | 000,002,114 | ---- | C] () -- C:\Users\Rauven\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
    [2012/09/18 01:52:41 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
    [2012/09/18 01:47:20 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
    [2012/09/18 01:37:14 | 000,002,243 | ---- | C] () -- C:\Users\Rauven\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/09/18 01:36:12 | 000,001,012 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/18 01:36:06 | 000,001,008 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/18 01:35:48 | 000,001,007 | ---- | C] () -- C:\Users\Rauven\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
    [2012/09/18 00:28:32 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/09/18 00:10:38 | 000,001,441 | ---- | C] () -- C:\Users\Rauven\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/09/18 00:04:33 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
    [2012/09/17 23:59:14 | 000,001,413 | ---- | C] () -- C:\Users\Rauven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    [2012/09/17 23:59:03 | 000,001,447 | ---- | C] () -- C:\Users\Rauven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2012/09/17 23:57:59 | 000,000,290 | ---- | C] () -- C:\Users\Rauven\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2012/09/17 23:57:59 | 000,000,272 | ---- | C] () -- C:\Users\Rauven\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    " " = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    " " = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    " " = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    " " = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    " " = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/09/21 14:57:58 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2012/09/21 14:57:58 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
    [2012/10/09 03:24:16 | 000,000,000 | ---D | M] -- C:\Users\Rauven\AppData\Roaming\.mono
    [2012/09/18 02:40:37 | 000,000,000 | ---D | M] -- C:\Users\Rauven\AppData\Roaming\AVG2013
    [2012/10/02 20:18:14 | 000,000,000 | ---D | M] -- C:\Users\Rauven\AppData\Roaming\BotArena
    [2012/10/01 12:07:40 | 000,000,000 | ---D | M] -- C:\Users\Rauven\AppData\Roaming\DAEMON Tools Lite
    [2012/09/18 12:05:03 | 000,000,000 | ---D | M] -- C:\Users\Rauven\AppData\Roaming\LolClient
    [2012/10/10 12:05:27 | 000,000,000 | ---D | M] -- C:\Users\Rauven\AppData\Roaming\Pokémon Trading Card Game Online
    [2012/09/18 01:54:18 | 000,000,000 | ---D | M] -- C:\Users\Rauven\AppData\Roaming\Thunderbird
    [2012/10/15 01:06:46 | 000,000,000 | ---D | M] -- C:\Users\Rauven\AppData\Roaming\TS3Client
    [2012/09/18 02:39:23 | 000,000,000 | ---D | M] -- C:\Users\Rauven\AppData\Roaming\TuneUp Software
    [2012/10/15 16:05:41 | 000,000,000 | ---D | M] -- C:\Users\Rauven\AppData\Roaming\uTorrent
    [2012/09/18 00:03:53 | 000,000,000 | ---D | M] -- C:\Users\Rauven\AppData\Roaming\WinBatch

    ========== Purity Check ==========



    < End of report >
     
    Rauven,
    #16
  18. 2012/10/16
    Rauven

    Rauven Inactive Thread Starter

    Joined:
    2012/10/14
    Messages:
    20
    Likes Received:
    0
    Extras.txt

    OTL Extras logfile created on: 10/17/2012 3:55:37 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rauven\Downloads
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

    1.99 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 35.91% Memory free
    3.99 Gb Paging File | 2.42 Gb Available in Paging File | 60.75% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 297.99 Gb Total Space | 171.66 Gb Free Space | 57.61% Space Free | Partition Type: NTFS
    Drive H: | 100.00 Mb Total Space | 61.46 Mb Free Space | 61.46% Space Free | Partition Type: NTFS

    Computer Name: ICARUS | User Name: Rauven | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1424633695-1939472065-3266516597-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{D879FBDA-6B45-49A3-B8BA-96ED4CBC1ABD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{032DF103-83B1-4A86-A00B-DB714B184519}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{173ADF5E-8FE7-4619-98ED-9DAD5AED3F5F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{17C09D79-96C6-413E-9F2D-D80787BBED13}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shatter\shattersettingseditor.exe |
    "{2B87C0CB-F52B-4D55-A4CD-2659E7B13F1B}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |
    "{2C40569B-088B-4E09-8B6F-98965F9F7B74}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\c9\c9mappingaccount.exe |
    "{342477D8-CF9D-4B0F-B91E-F7A2CB7899B4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{57EC6F64-C1F8-45AE-B0EA-FFA7B5BA5EED}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{58F6DF57-08D8-4E87-831A-061A221EB975}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{5C6EB0D8-4ED3-4FF1-A650-711ECED68215}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{5C85C727-E634-46FA-8325-042826CAF8B9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{6D02B62C-C72F-4300-91E6-9A23E801DB11}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{6D9F29C1-A4B7-4CC0-9499-65FEC70605F5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\c9\c9mappingaccount.exe |
    "{6EEC3E17-B3A9-405B-9E38-83DE591C7F9E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shatter\shatter.exe |
    "{807242AA-56C8-4DF4-A5EC-400BD8B5F42F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shatter\shattersettingseditor.exe |
    "{82C3ECD3-CFB2-494A-8FF5-B0032D7F534F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{8476405C-FBA1-4DF6-8B3A-ACB25C3FD6DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe |
    "{902A19DD-AFD2-4CB4-9670-532448EBF9C8}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{984FDFEC-476A-4C25-B9CB-1F235B37372E}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |
    "{9864B7FA-AED0-445C-85D5-18CCBB0FE9EB}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |
    "{9C0276C0-D5C0-462D-8AE7-FB262C80B420}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{A12F091F-0B26-4DD0-8546-9601325F6D74}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{A7C36FFE-F41E-41A8-B073-BD12C1655FEF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{BDA78E43-6554-4701-B7E4-C76A4B17F022}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |
    "{CE3A9598-3E10-44A3-AAF9-7D3389B71F44}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{D015EDFA-37F1-4749-B41A-02D00E472B5F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{D7EF2387-F6A5-4DF5-9AF3-1957735BD8AD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\champions online\champions online.exe |
    "{E1314560-B780-4AD5-B90D-B70D5A412355}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{EA2F090B-CFAE-45D1-9A4F-6CDC4015515F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{ECC4CC6F-EBE4-4162-AADA-406F7FC0DF73}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{EDE272A7-8C38-48E3-9132-A9221CC7F812}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{F0F117CA-918B-4598-9D2A-84A3FCCA7D50}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{F1A2734D-8920-4608-A3E6-DFDEED68201D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shatter\shatter.exe |
    "{F7370B78-2D8A-43D1-8692-894F30A5EE38}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe |
    "{F745AD51-E1F7-429A-AB8F-32816930702C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\champions online\champions online.exe |
    "{F85D9DD5-2501-4588-BCD8-CC4C680103E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "TCP Query User{012482F2-50AF-4F6A-85F6-F90A608FFD47}C:\program files (x86)\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
    "TCP Query User{27C5319C-F71D-43EA-BFF7-E0BEC9E72ECF}C:\program files (x86)\epochsoft\botarena\botarena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epochsoft\botarena\botarena.exe |
    "TCP Query User{7E87F856-ECDF-494D-9501-CE357044626B}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    "TCP Query User{A1EE41D0-76CD-43D5-9CD5-14DF0CF03237}C:\program files (x86)\virtual playtable\playtable.exe" = protocol=6 | dir=in | app=c:\program files (x86)\virtual playtable\playtable.exe |
    "UDP Query User{0F225ABC-0C22-47BB-AB64-9359B484226D}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    "UDP Query User{28AF0B6D-6794-4388-9D97-42C42859F050}C:\program files (x86)\epochsoft\botarena\botarena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epochsoft\botarena\botarena.exe |
    "UDP Query User{53F85182-8FBF-47F6-BE8F-ADEA1B9E4FBD}C:\program files (x86)\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
    "UDP Query User{EA8B9E81-F937-4DC9-A4BF-C36D527132C7}C:\program files (x86)\virtual playtable\playtable.exe" = protocol=17 | dir=in | app=c:\program files (x86)\virtual playtable\playtable.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{1FB1AA7C-9ECD-4350-AE3D-3CB3698C5CEB}" = AVG 2013
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{2C43E67B-0CDC-48BE-A374-23BEB0E48A72}" = AVG 2013
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0816-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2010
    "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "AVG" = AVG 2013
    "CCleaner" = CCleaner
    "Defraggler" = Defraggler
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
    "{4189BE5F-AFB3-4DC3-91B8-48787A031A67}" = Pokémon Trading Card Game Online
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5ED57CDB-1299-4E24-B398-83615404DB3E}" = BotArena
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
    "{75E9A522-65D2-4200-A95F-C3EF89703263}" = Lyrics Plugin for Winamp
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{88216653-C378-4091-AF17-2A0F5B056A23}_is1" = Virtual Playtable version 0.8.1
    "{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2010
    "{90140000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2010
    "{90140000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2010
    "{90140000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2010
    "{90140000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2010
    "{90140000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2010
    "{90140000-0044-0816-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2010
    "{90140000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2010
    "{90140000-00A1-0816-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Portugal)) 2010
    "{90140000-00BA-0816-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Portugal)) 2010
    "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1046-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Português
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D85A387E-6EC0-40E5-9D89-A148B3E93968}_is1" = Mass Effect 2
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Google Chrome" = Google Chrome
    "InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
    "Magic Workstation_is1" = Magic Workstation 0.94f
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Mozilla Firefox 16.0.1 (x86 pt-PT)" = Mozilla Firefox 16.0.1 (x86 pt-PT)
    "Mozilla Thunderbird 16.0.1 (x86 pt-PT)" = Mozilla Thunderbird 16.0.1 (x86 pt-PT)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MTG Card Images for Magic Workstation_is1" = MTG Card Images for Magic Workstation
    "MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "PunkBusterSvc" = PunkBuster Services
    "RocketDock_is1" = RocketDock 1.3.5
    "Steam App 205790" = Dota 2 Test
    "Steam App 20820" = Shatter
    "Steam App 212390" = C9
    "Steam App 9880" = Champions Online: Free For All
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 2.0.3
    "Winamp" = Winamp

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1424633695-1939472065-3266516597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Flux" = F.lux
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/14/2012 9:09:39 PM | Computer Name = Icarus | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x00000000.

    Error - 10/14/2012 9:32:03 PM | Computer Name = Icarus | Source = Software Protection Platform Service | ID = 8198
    Description = License Activation (slui.exe) failed with the following error code:
    0x80070005

    Error - 10/14/2012 9:32:03 PM | Computer Name = Icarus | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x00000000.

    Error - 10/14/2012 9:50:05 PM | Computer Name = Icarus | Source = Microsoft Security Client Setup | ID = 100
    Description = HRESULT:0x8004FF66 Description:Windows did not pass genuine validation.
    You may be a victim of software counterfeiting.. Security Essentials is available
    for use on genuine licensed Windows PCs. To complete installation of Security
    Essentials, click Go online and resolve now and get genuine Windows. After validating
    your system, run the Security Essentials Installation Wizard. <a id=link1>Go
    online and resolve now</a> Error code:0x8004FF66.

    Error - 10/15/2012 7:44:30 AM | Computer Name = Icarus | Source = Software Protection Platform Service | ID = 8198
    Description = License Activation (slui.exe) failed with the following error code:
    0x80070005

    Error - 10/15/2012 7:44:37 AM | Computer Name = Icarus | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x00000000.

    Error - 10/15/2012 12:06:39 PM | Computer Name = Icarus | Source = Software Protection Platform Service | ID = 8198
    Description = License Activation (slui.exe) failed with the following error code:
    0x80070005

    Error - 10/15/2012 12:06:39 PM | Computer Name = Icarus | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x00000000.

    Error - 10/16/2012 5:19:19 AM | Computer Name = Icarus | Source = Software Protection Platform Service | ID = 8198
    Description = License Activation (slui.exe) failed with the following error code:
    0x80070005

    Error - 10/16/2012 5:19:19 AM | Computer Name = Icarus | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x00000000.

    [ System Events ]
    Error - 10/15/2012 12:36:57 PM | Computer Name = Icarus | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
    Error Reporting Service service to connect.

    Error - 10/15/2012 8:15:00 PM | Computer Name = Icarus | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 10/16/2012 5:18:42 AM | Computer Name = Icarus | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\Drivers\PQNTDrv.SYS has been blocked from loading
    due to incompatibility with this system. Please contact your software vendor for
    a compatible version of the driver.

    Error - 10/16/2012 5:19:08 AM | Computer Name = Icarus | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 10/16/2012 5:19:08 AM | Computer Name = Icarus | Source = atikmdag | ID = 43029
    Description = Display is not active

    Error - 10/16/2012 5:19:31 AM | Computer Name = Icarus | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 10/16/2012 5:19:46 AM | Computer Name = Icarus | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 10/16/2012 10:18:09 PM | Computer Name = Icarus | Source = VDS Basic Provider | ID = 33554433
    Description =

    Error - 10/16/2012 10:28:51 PM | Computer Name = Icarus | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 10/16/2012 10:31:58 PM | Computer Name = Icarus | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >
     
    Rauven,
    #17
  19. 2012/10/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
" " = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
 "ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
 "ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
 "ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
 "ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
 "ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.



    ====================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan ".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #18
  20. 2012/10/17
    Rauven

    Rauven Inactive Thread Starter

    Joined:
    2012/10/14
    Messages:
    20
    Likes Received:
    0
    I very dumbly copied the Code: part to the OTL hope it doesn't affect anything, but I can run the check again if needed (this kind of stupid things is what happens when you wake up and start doing smart things right away hehe)

    OTL.txt

    All processes killed
    Error: Unable to interpret <Code:> in the current context!
    ========== OTL ==========
    C:\Windows\assembly\Desktop.ini moved successfully.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Rauven
    ->Temp folder emptied: 46599 bytes
    ->Temporary Internet Files folder emptied: 442502 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 1267069704 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 3581 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 200704 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 6376 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46403185 bytes
    RecycleBin emptied: 4981258 bytes

    Total Files Cleaned = 1,258.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Rauven
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Rauven
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10172012_115850

    Files\Folders moved on Reboot...
    C:\Users\Rauven\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
    Rauven,
    #19
  21. 2012/10/17
    Rauven

    Rauven Inactive Thread Starter

    Joined:
    2012/10/14
    Messages:
    20
    Likes Received:
    0
    Checkup.txt

    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG Anti-Virus Free Edition 2013
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.0.1400
    Java 7 Update 7
    Adobe Flash Player 11.4.402.287
    Adobe Reader X (10.1.4)
    Mozilla Firefox (16.0.1)
    Mozilla Thunderbird (16.0.1)
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

    _______________________________________________________________


    FSS.txt

    Farbar Service Scanner Version: 07-10-2012
    Ran by Rauven (administrator) on 17-10-2012 at 12:22:17
    Running from "C:\Users\Rauven\Downloads "
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware "=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll
    [2012-10-12 19:58] - [2012-06-02 06:41] - 0184320 ____A (Microsoft Corporation) 9C01375BE382E834CC26D1B7EAF2C4FE

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
    Rauven,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...