PDA

View Full Version : Lots of lag spikes



rudebadger
2012-10-16, 04:26
Over time I have begun to experience more and more frequent lag spikes, both whilst browsing and gaming. Comodo also recently has picked up a couple of malicious URL's. I have run the anti spyware & antivirus software that I have installed but I'm still having problems.

Here is my dds and aswMBR logs, hopefully someone can help:


DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by Ollie at 1:57:55 on 2012-10-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8190.4707 [GMT 1:00]
.
AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\EDIMAX\Common\RaUI.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Users\Ollie\AppData\Local\Apps\2.0\DGT9GH18.WHK\WM1XLJ7T.ZAB\curs..tion_9e9e83ddf3ed3ead_0005.0001_161f1f0e4761792c\CurseClient.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files\Logitech\SetPoint II\SetPointII.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\EDIMAX\Common\RaUI.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{5C567097-D9AB-40FC-84C3-A0211C6F8046} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{735F77D7-EC20-4292-90E3-623AF034C1B1} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{735F77D7-EC20-4292-90E3-623AF034C1B1} : DHCPNameServer = 192.168.1.254
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
x64-Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ollie\AppData\Roaming\Mozilla\Firefox\Profiles\jkfuxwcs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://uk.foxstart.com/?rls=en:uk:mf
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Downloader\npdd.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-09-18 23:02; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2012-3-11 22696]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-3-11 577824]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2012-3-11 43248]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-12 140672]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2012-10-11 1853584]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\System32\drivers\netr6164.sys [2010-4-7 446304]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
R3 XENfiltv;XENfiltv;C:\Windows\System32\drivers\XENfiltv.sys [2010-12-28 25600]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-31 1262400]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-9 250808]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-3-31 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-3-31 79360]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-21 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-25 1255736]
.
=============== Created Last 30 ================
.
2012-10-10 19:07:54 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-10 19:06:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 19:06:45 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-25 18:32:54 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-25 17:37:09 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-25 17:35:58 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-25 17:35:58 -------- d-----w- C:\Program Files\iTunes
2012-09-25 17:35:58 -------- d-----w- C:\Program Files\iPod
2012-09-25 17:35:58 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-23 01:10:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-09-23 01:10:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-09-18 22:01:57 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
.
==================== Find3M ====================
.
2012-10-08 20:53:20 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 20:53:20 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-18 22:01:48 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-07 16:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 12:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 12:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 1:59:18.73 ===============

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-16 02:01:32
-----------------------------
02:01:32.895 OS Version: Windows x64 6.1.7601 Service Pack 1
02:01:32.895 Number of processors: 4 586 0xF0B
02:01:32.897 ComputerName: OLLIE-PC UserName: Ollie
02:01:35.009 Initialize success
02:03:24.695 AVAST engine defs: 12101501
02:03:29.858 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-3
02:03:29.862 Disk 0 Vendor: WDC_WD2500YS-01SHB1 20.06C06 Size: 239371MB BusType: 3
02:03:29.897 Disk 0 MBR read successfully
02:03:29.900 Disk 0 MBR scan
02:03:29.911 Disk 0 Windows 7 default MBR code
02:03:29.934 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 239358 MB offset 63
02:03:29.972 Disk 0 scanning C:\Windows\system32\drivers
02:03:40.285 Service scanning
02:04:05.632 Modules scanning
02:04:05.641 Disk 0 trace - called modules:
02:04:05.654 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
02:04:05.659 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ab6410]
02:04:05.665 3 CLASSPNP.SYS[fffff8800190143f] -> nt!IofCallDriver -> [0xfffffa8007801520]
02:04:05.999 5 ACPI.sys[fffff88000d807a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-3[0xfffffa80077fd680]
02:04:08.149 AVAST engine scan C:\Windows
02:04:11.595 AVAST engine scan C:\Windows\system32
02:09:08.369 AVAST engine scan C:\Windows\system32\drivers
02:09:30.648 AVAST engine scan C:\Users\Ollie
02:11:44.800 Disk 0 MBR has been saved successfully to "C:\Users\Ollie\Desktop\MBR.dat"
02:11:44.814 The log file has been saved successfully to "C:\Users\Ollie\Desktop\aswMBR.txt"

ken545
2012-10-21, 17:02
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , Right Click on the program and select RUN AS ADMINISTATOR



Download AdwCleaner (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner) to your desktop

1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
2.Click on Delete button.
3.Confirm each time with OK.
4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.





--RogueKiller--


Download & SAVE to your Desktop RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) or from here (http://tigzy.geekstogo.com/Tools/RogueKiller.exe)
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller+

rudebadger
2012-10-21, 17:59
Hi thanks very much for the help :) here are the logs:

AdwCleaner:

# AdwCleaner v2.005 - Logfile created 10/21/2012 at 15:27:34
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Ollie - OLLIE-PC
# Boot Mode : Normal
# Running from : C:\Users\Ollie\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Ollie\AppData\Roaming\Mozilla\Firefox\Profiles\jkfuxwcs.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files (x86)\vghd
Folder Deleted : C:\Users\Ollie\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Ollie\AppData\Roaming\vghd

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (en-GB)

Profile name : default
File : C:\Users\Ollie\AppData\Roaming\Mozilla\Firefox\Profiles\jkfuxwcs.default\prefs.js

C:\Users\Ollie\AppData\Roaming\Mozilla\Firefox\Profiles\jkfuxwcs.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&Sea[...]
Deleted : user_pref("browser.search.order.1", "Web Search");

Profile name : default
File : C:\Users\Jez\AppData\Roaming\Mozilla\Firefox\Profiles\evet3hjm.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Deleted : user_pref("browser.search.order.1", "Web Search");

*************************

AdwCleaner[S1].txt - [2633 octets] - [21/10/2012 15:27:34]

########## EOF - C:\AdwCleaner[S1].txt - [2693 octets] ##########

Roguekiller:

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ollie [Admin rights]
Mode : Scan -- Date : 10/21/2012 15:39:25

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{5C567097-D9AB-40FC-84C3-A0211C6F8046} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{735F77D7-EC20-4292-90E3-623AF034C1B1} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{5C567097-D9AB-40FC-84C3-A0211C6F8046} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{735F77D7-EC20-4292-90E3-623AF034C1B1} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500YS-01SHB1 ATA Device +++++
--- User ---
[MBR] ca60b330785efb0893cf7bdb0f07f835
[BSP] 8e5db028d4964658b6060ac891226926 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 239358 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

ken545
2012-10-21, 18:41
Run this quick scan and post the log please

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

rudebadger
2012-10-21, 19:33
Here is the OTL log:


OTL logfile created on: 21/10/2012 17:09:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ollie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.11 Gb Available Physical Memory | 76.34% Memory free
9.03 Gb Paging File | 6.93 Gb Available in Paging File | 76.73% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 233.75 Gb Total Space | 6.17 Gb Free Space | 2.64% Space Free | Partition Type: NTFS

Computer Name: OLLIE-PC | User Name: Ollie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ollie\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\EDIMAX\Common\RaUI.exe (Edimax Technology Co., Ltd.)
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files (x86)\Logitech\G-series Software\Applets\LCDMedia.exe (Logitech Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (DragonUpdater) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (rt61x64) -- C:\Windows\SysNative\drivers\netr6164.sys (Ralink Technology, Corp.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (XENfiltv) -- C:\Windows\SysNative\drivers\XENfiltv.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-583340193-457968133-1106505225-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-583340193-457968133-1106505225-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-583340193-457968133-1106505225-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-583340193-457968133-1106505225-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 01 D2 99 72 61 CA 01 [binary data]
IE - HKU\S-1-5-21-583340193-457968133-1106505225-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-583340193-457968133-1106505225-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-583340193-457968133-1106505225-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-583340193-457968133-1106505225-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.order.2: "Google"
FF - prefs.js..browser.search.selectedEngine: " "
FF - prefs.js..browser.startup.homepage: "http://uk.foxstart.com/?rls=en:uk:mf"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: updater@foxstart.com:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 22:52:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/18 23:01:57 | 000,000,000 | ---D | M]

[2009/11/09 23:13:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ollie\AppData\Roaming\Mozilla\Extensions
[2012/10/15 00:18:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ollie\AppData\Roaming\Mozilla\Firefox\Profiles\jkfuxwcs.default\extensions
[2012/10/15 00:18:15 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Ollie\AppData\Roaming\Mozilla\Firefox\Profiles\jkfuxwcs.default\extensions\foxyproxy@eric.h.jung
[2012/10/17 15:42:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/18 23:02:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/17 15:42:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/09/07 22:52:28 | 000,000,000 | ---D | M] ("Update Service") -- C:\Program Files (x86)\Mozilla Firefox\extensions\updater@foxstart.com
[2012/09/07 22:52:45 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/05 18:00:01 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/09/06 00:08:03 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/05 18:00:01 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/07/05 18:00:01 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/11/09 03:45:48 | 000,002,014 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxstart.xml
[2012/09/06 00:08:03 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/07/05 18:00:01 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/01/09 20:35:58 | 000,371,907 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 12817 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\G-series Software\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-583340193-457968133-1106505225-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-583340193-457968133-1106505225-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-583340193-457968133-1106505225-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-583340193-457968133-1106505225-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{735F77D7-EC20-4292-90E3-623AF034C1B1}: DhcpNameServer = 192.168.1.254
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/21 17:08:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ollie\Desktop\OTL.exe
[2012/10/21 15:38:52 | 000,000,000 | ---D | C] -- C:\Users\Ollie\Desktop\RK_Quarantine
[2012/10/17 15:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/17 15:42:19 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/10/17 15:42:18 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/10/17 15:42:18 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/10/16 01:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/10/16 01:55:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/10/15 21:59:51 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Ollie\Desktop\aswMBR.exe
[2012/10/15 21:59:36 | 000,706,431 | R--- | C] (Swearware) -- C:\Users\Ollie\Desktop\dds.com
[2012/10/15 21:57:26 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Ollie\Desktop\erunt-setup.exe
[2012/10/12 21:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks - Common Test
[2012/10/10 20:08:19 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/10 20:08:14 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/10 20:08:14 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/10 20:08:03 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/10 20:08:02 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/10 20:08:01 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/10 20:07:54 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/10 20:07:54 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/10 20:07:54 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/10 20:07:54 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/10 20:07:53 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/10 20:07:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/10 20:07:52 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/10 20:07:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/10 20:07:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/10 20:07:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/10 20:07:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/10 20:07:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/10 20:07:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 20:07:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 20:07:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 20:07:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 20:07:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 20:07:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 20:07:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 20:07:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 20:07:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 20:07:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 20:07:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 20:07:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 20:07:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 20:07:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 20:07:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 20:07:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 20:07:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 20:07:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 20:07:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 20:07:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 20:07:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 20:07:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 20:07:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 20:07:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 20:07:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 20:07:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 20:07:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 20:07:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 20:07:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 20:07:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 20:07:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 20:07:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 20:07:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 20:07:49 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 20:07:49 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 20:07:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 20:07:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 20:07:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 20:07:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 20:07:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 20:07:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 20:07:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 20:07:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 20:07:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 20:07:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 20:07:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 20:07:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 20:07:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 20:07:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 20:07:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 20:07:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 20:07:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 20:07:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 20:07:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 20:07:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 20:07:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 20:07:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/09/25 19:32:54 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/25 18:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/25 18:37:09 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/09/25 18:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/25 18:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/09/25 18:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/25 18:35:58 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/09/23 02:10:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/23 02:10:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/23 02:09:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/23 02:09:57 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/23 02:09:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/23 02:09:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/23 02:09:57 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/23 02:09:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/23 02:09:56 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/23 02:09:56 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/23 02:09:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/23 02:09:55 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/23 02:09:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/23 02:09:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/23 02:09:52 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/21 17:09:15 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/10/21 17:08:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ollie\Desktop\OTL.exe
[2012/10/21 16:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/21 15:37:29 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/21 15:37:29 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/21 15:36:47 | 001,425,920 | ---- | M] () -- C:\Users\Ollie\Desktop\RogueKiller.exe
[2012/10/21 15:29:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/21 15:29:17 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/21 15:22:13 | 000,538,941 | ---- | M] () -- C:\Users\Ollie\Desktop\adwcleaner.exe
[2012/10/16 02:11:44 | 000,000,512 | ---- | M] () -- C:\Users\Ollie\Desktop\MBR.dat
[2012/10/16 02:03:01 | 000,003,151 | ---- | M] () -- C:\Users\Ollie\Desktop\Log1.zip
[2012/10/16 01:55:42 | 000,000,905 | ---- | M] () -- C:\Users\Ollie\Desktop\ERUNT.lnk
[2012/10/15 22:00:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ollie\Desktop\aswMBR.exe
[2012/10/15 21:59:39 | 000,706,431 | R--- | M] (Swearware) -- C:\Users\Ollie\Desktop\dds.com
[2012/10/15 21:57:28 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Ollie\Desktop\erunt-setup.exe
[2012/10/15 20:55:43 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/14 09:32:41 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/10/12 21:42:30 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks - Common Test.lnk
[2012/10/08 21:53:20 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/08 21:53:20 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/25 18:37:13 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/24 15:32:24 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/09/24 15:32:20 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/09/24 15:23:41 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/09/24 15:23:37 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/09/24 15:23:26 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/21 15:36:46 | 001,425,920 | ---- | C] () -- C:\Users\Ollie\Desktop\RogueKiller.exe
[2012/10/21 15:22:12 | 000,538,941 | ---- | C] () -- C:\Users\Ollie\Desktop\adwcleaner.exe
[2012/10/16 02:11:44 | 000,000,512 | ---- | C] () -- C:\Users\Ollie\Desktop\MBR.dat
[2012/10/16 02:03:01 | 000,003,151 | ---- | C] () -- C:\Users\Ollie\Desktop\Log1.zip
[2012/10/16 01:55:42 | 000,000,905 | ---- | C] () -- C:\Users\Ollie\Desktop\ERUNT.lnk
[2012/10/12 21:42:30 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks - Common Test.lnk
[2012/09/25 18:37:13 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/03/01 17:18:12 | 000,110,552 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/11/25 21:50:33 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/11/25 21:50:33 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/09/08 12:46:01 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2011/06/19 23:54:53 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/28 00:57:33 | 000,002,169 | ---- | C] () -- C:\Windows\XENcfg.ini
[2010/12/28 00:57:33 | 000,000,388 | ---- | C] () -- C:\Windows\XENMCcfg.ini
[2010/12/28 00:57:32 | 000,186,880 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/12/28 00:57:32 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/11/09 22:50:36 | 000,000,756 | ---- | C] () -- C:\Users\Ollie\AppData\Local\RT61_{735F77D7-EC20-4292-90E3-623AF034C1B1}_sta
[2009/11/09 22:49:50 | 000,001,512 | ---- | C] () -- C:\Users\Ollie\AppData\Local\RT61_{735F77D7-EC20-4292-90E3-623AF034C1B1}_prof
[2009/11/09 20:41:39 | 000,000,760 | ---- | C] () -- C:\Users\Ollie\AppData\Roaming\setup_ldm.iss

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/05/11 20:22:39 | 000,000,000 | ---D | M] -- C:\Users\Jez\AppData\Roaming\Foxit Software
[2010/04/08 06:31:00 | 000,000,000 | ---D | M] -- C:\Users\Ollie\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/10/02 23:07:15 | 000,000,000 | ---D | M] -- C:\Users\Ollie\AppData\Roaming\EveHQ
[2011/04/15 18:56:52 | 000,000,000 | ---D | M] -- C:\Users\Ollie\AppData\Roaming\Foxit Software
[2009/11/09 20:41:43 | 000,000,000 | ---D | M] -- C:\Users\Ollie\AppData\Roaming\Leadertech
[2012/01/22 02:22:16 | 000,000,000 | ---D | M] -- C:\Users\Ollie\AppData\Roaming\LolClient
[2012/05/24 23:33:38 | 000,000,000 | ---D | M] -- C:\Users\Ollie\AppData\Roaming\LolClient2
[2012/04/30 23:43:29 | 000,000,000 | ---D | M] -- C:\Users\Ollie\AppData\Roaming\Maxthon3
[2011/01/13 21:32:30 | 000,000,000 | ---D | M] -- C:\Users\Ollie\AppData\Roaming\Sports Interactive
[2011/06/27 22:35:24 | 000,000,000 | ---D | M] -- C:\Users\Ollie\AppData\Roaming\SystemRequirementsLab
[2010/05/18 00:24:58 | 000,000,000 | ---D | M] -- C:\Users\Ollie\AppData\Roaming\The Creative Assembly
[2012/10/20 22:28:04 | 000,000,000 | ---D | M] -- C:\Users\Ollie\AppData\Roaming\TS3Client
[2011/11/21 20:58:58 | 000,000,000 | ---D | M] -- C:\Users\Ollie\AppData\Roaming\ts3overlay
[2010/10/16 15:38:42 | 000,000,000 | ---D | M] -- C:\Users\Ollie\AppData\Roaming\W
[2012/10/12 21:42:28 | 000,000,000 | ---D | M] -- C:\Users\Ollie\AppData\Roaming\wargaming.net

========== Purity Check ==========



< End of report >

rudebadger
2012-10-21, 19:36
Here is the extras log:


OTL Extras logfile created on: 21/10/2012 17:09:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ollie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.11 Gb Available Physical Memory | 76.34% Memory free
9.03 Gb Paging File | 6.93 Gb Available in Paging File | 76.73% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 233.75 Gb Total Space | 6.17 Gb Free Space | 2.64% Space Free | Partition Type: NTFS

Computer Name: OLLIE-PC | User Name: Ollie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-583340193-457968133-1106505225-1001\SOFTWARE\Classes\<extension>]
.html [@ = Max3.Association.HTML] -- C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe (Maxthon International ltd.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E40791-23FB-43F8-9225-E19BE5530319}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{013A706D-ABDD-4AAD-A59F-E5BD074068F9}" = rport=139 | protocol=6 | dir=out | app=system |
"{1A7AE3EC-E568-4FFA-AD49-9C03BC1FD7F3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2EEF32C5-942A-4053-92AB-375B4ED7BBDA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4609A64A-1E61-4C37-B11B-8F8C34A1F518}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5EB3EE39-DB19-4AC0-B195-BB7AB616841A}" = lport=137 | protocol=17 | dir=in | app=system |
"{6F531235-51F9-4FC4-9800-AE4A11F343D9}" = rport=138 | protocol=17 | dir=out | app=system |
"{7E38B2B8-EF34-4610-A3D9-D3EBEDE59ECA}" = rport=137 | protocol=17 | dir=out | app=system |
"{8330751C-E307-43F4-BB9D-8254932193B3}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 |
"{8E37330A-6DA8-43E6-8BBB-9074674638D1}" = lport=445 | protocol=6 | dir=in | app=system |
"{97642127-8076-48D1-B1F5-BE03294B0049}" = lport=139 | protocol=6 | dir=in | app=system |
"{9C8EE250-5E5D-4F78-81DE-226FCE689498}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9CD06A39-AA68-4E5D-B5C7-9A61BF27D58B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CCC5EC43-6F4D-432F-A9A9-72DB8454FD4A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D19BBEF2-7981-47D4-89B1-E6D04A2BDF1C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E760F8FE-3E19-4E57-92A9-F40EF6C1287B}" = rport=445 | protocol=6 | dir=out | app=system |
"{EE96A870-BA64-4847-82C4-00AAF8940FBC}" = lport=138 | protocol=17 | dir=in | app=system |
"{EFF4B110-07B8-4291-9DD8-D97C7FEFBA67}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F08DDA77-C2ED-45CC-A41A-1AD08E9C2DBD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F3108032-C3D2-4770-8B60-26574965D6F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F5193F4E-2D3B-4F45-B81D-ED2C764D31CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FAF418F0-2432-4152-9743-9DC45463D48D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006EB390-C767-46D5-A9BA-5CD0D0EB044F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0A40F62B-BA5C-4265-8A6A-EF9C213C0A38}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe |
"{0C219382-6CC1-4A6A-B459-5CA217968386}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{14007262-F3EA-4D79-BD03-E1C5055DC1B1}" = protocol=17 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe |
"{1DB1045C-A8D5-4BC4-A47A-90FA2E0F7ABE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{21132451-CEAB-4C01-89B4-E3C6D69BCD38}" = protocol=6 | dir=in | app=c:\users\ollie\appdata\local\apps\2.0\dgt9gh18.whk\wm1xlj7t.zab\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\curseclient.exe |
"{2EAA6D80-431E-4E0B-8F8F-740C2DD2B224}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{48CFDAF4-FAAF-48FD-AF8A-46BF83B1F1D6}" = protocol=6 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe |
"{4D17E6B2-EFE9-4816-99F3-CAAA32903040}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4F7FAD84-C799-4CB9-AB9F-22AF84E96F9E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{624D61A3-E889-416D-8F7E-AC47F4600F03}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{68CBCCB3-EBB5-4E27-8C2C-1AB652C8CCC6}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe |
"{6A848E9C-770D-40D3-9B99-55F8B62EEF39}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-engb-downloader.exe |
"{6D9912C9-F623-4408-B0A8-559185985655}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E91A05A-875B-4F0B-9387-38B27E880BE5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6EBC6CB8-3FFD-4DAB-9015-138503B553B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7776A879-B620-4B1D-88F3-EB0B156C8E19}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"{797C08A7-C219-4770-ABAB-F789B49FCBCD}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe |
"{82937E91-7E27-4962-BD05-587BFDB4F028}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{82EC73DE-ABA2-49AC-92E1-61D8E8DF793E}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{8BC75CE1-062B-4C30-BD1C-954AFF1164E7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8BCE7E00-3CBD-4F24-9793-021AD78FAB58}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8BDF2B7E-8DAB-471E-883A-5A19B2CE776D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{90055C36-411B-4BF7-8033-0F9C9ED59586}" = protocol=17 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe |
"{9157FC85-C050-4208-9435-9E56E44AE96B}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-engb-downloader.exe |
"{938C07B8-EA5A-4E85-A57B-0D595094BD6E}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\modules\mxminithunder\thundermini.exe |
"{9C67960C-EB43-4041-97AB-F2D25A6E040E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A0015B8F-ED21-40B9-A922-0AB9129E500C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B0C97BE7-912E-4A4D-85E4-1A4B0670C4D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BA3AC8B9-089C-473E-9CDE-2973E665225A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BCDBCB75-2EBB-42A3-B74A-A70FCF9F9148}" = protocol=17 | dir=in | app=c:\users\ollie\appdata\local\apps\2.0\dgt9gh18.whk\wm1xlj7t.zab\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\curseclient.exe |
"{BE3FAB98-925D-4D8E-B469-EA4B0ABCF5EF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{C10013EB-308B-46E1-A08F-04088243101E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C5BF13B7-6532-4320-8763-5639B90E55CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C71D83CA-CC9D-4CD1-952E-BEF6C4DCA259}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C906E0E2-50E8-4CDB-9B23-7A08D806512A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"{C93DE437-ACA3-4CC2-8314-1A1DBF415151}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CA7FB5F3-164B-460A-A5B3-DF940B185B03}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D28A43E9-1294-49B9-8241-F3B3DB493ACB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D2B36511-ED60-4295-A56A-C9463F42FB58}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D341E287-A6C8-44CB-B981-712716A00D73}" = protocol=6 | dir=out | app=system |
"{D460487E-728F-44DE-84E8-8B69401E43E1}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe |
"{D4C69AEE-6DAC-4C25-B001-5A9656C27660}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D6ACDB7E-B9AA-487C-BE17-9F8B21FDB6E0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DC9699A9-DED7-499D-9892-FEC5ACF5B7EA}" = protocol=6 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe |
"{DF2DF2B5-72E0-4CA6-840A-6F967BB0AA04}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E106CB0B-8484-42EA-B209-432B21FE6A1C}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\modules\mxminithunder\thundermini.exe |
"{E1F8305B-BC58-4586-AE59-3E028EBE0E3A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E628C771-4C1B-47C3-BA8D-D13E375C4497}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{EBD17D58-519A-4DAF-90C2-97C8EBC5C2D8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EFDDB50F-B6D5-4A56-B08B-7455C4E5D060}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FCC819AB-5A0F-4BAE-A395-1F4910641F5A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FF28FB95-49A9-4B11-8738-949851103699}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{08BD3B94-2FEB-416E-B729-E6AE9A7495F7}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"TCP Query User{34179C86-D804-4566-A372-D9ACE1F230C3}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe |
"TCP Query User{483FF6A3-28A5-4904-9229-7B4B59EA2A42}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{4D3EEE25-43B0-4A97-A973-DAF9C4079322}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{54F46CAA-0397-4001-9F10-90C1522957FE}C:\users\public\games\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe |
"TCP Query User{5ED32A7C-E13D-41C7-88B6-ACB5A2D82608}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe |
"TCP Query User{78D83180-A7D8-4F8A-9AE4-3716F14F3D3B}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-engb-downloader.exe |
"TCP Query User{7E8B447A-E2CF-4EA2-BE6B-772895A9EB10}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe |
"TCP Query User{8C23BA5F-5DE2-4B01-AB21-C211B4ABDC4F}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{9483DBBB-6BD4-4AB1-966C-43DB55554485}C:\users\ollie\downloads\wow-language-pack-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\ollie\downloads\wow-language-pack-engb-downloader.exe |
"TCP Query User{95155981-EEEB-418B-BDED-A3721112C83F}C:\games\world_of_tanks_closed_beta\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks_closed_beta\worldoftanks.exe |
"TCP Query User{B3EE28AA-BE8A-4190-8ED2-B910535258E8}C:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"TCP Query User{CE3CD81C-AA05-4F64-A7B7-D486E0577A70}C:\games\world_of_tanks_closed_beta\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks_closed_beta\wotlauncher.exe |
"TCP Query User{F64106ED-29FB-485A-914E-1060F28BAEE9}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe |
"TCP Query User{F9A699CD-36FF-4CED-BC7E-8B17918AAA0E}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe |
"UDP Query User{2A74AD3E-E917-4BFC-8FEB-739A922A3C97}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe |
"UDP Query User{2F419C17-54BD-4F6A-81FA-7C079F7EB5A0}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"UDP Query User{329FECE1-B1A8-4020-87D6-3DE64CFDF7FD}C:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"UDP Query User{37730721-60CA-43CA-97FC-FE902ECAC304}C:\users\public\games\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe |
"UDP Query User{4C11A078-63C8-4B52-999C-629C471AE26D}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe |
"UDP Query User{7040F989-79F6-416F-B851-34567034B816}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe |
"UDP Query User{914B64D7-8563-4B8C-9AA0-1639618760B4}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{9D1F97A8-8A9C-4608-AB7F-AB3B48356339}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe |
"UDP Query User{A36B9EEE-6814-4274-988C-9C8FD458D35B}C:\games\world_of_tanks_closed_beta\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks_closed_beta\worldoftanks.exe |
"UDP Query User{AB61BC35-265F-42EB-9318-EDE1B33B779E}C:\users\ollie\downloads\wow-language-pack-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\ollie\downloads\wow-language-pack-engb-downloader.exe |
"UDP Query User{AC6E08F1-48D3-4393-B563-07317BB779CA}C:\games\world_of_tanks_closed_beta\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks_closed_beta\wotlauncher.exe |
"UDP Query User{B993B82E-AA51-4C67-809E-665782BB1FDA}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{ED8979D1-F522-4FAF-9D22-F33222B040FE}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{FC712EA0-0BA6-45BF-991F-9FF223E81107}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-engb-downloader.exe |
"UDP Query User{FDB48F7A-A68B-4E74-BE09-EA07098B7FA9}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{3705C708-1B8A-43A3-8E94-6BAB33A3384B}" = Logitech G-series Keyboard Software
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6F9B9AEB-00D8-4000-AD5B-7E97E85571DE}" = ScopeUserGuide
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.00
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.7.1
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C8CT1}_is1" = World of Tanks - Common Test
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2226247D-9846-4370-A1EF-FAA6958F7632}" = Sound Blaster Tactic(3D) Alpha
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E1A7395-0378-43A4-9131-2ADA48524E32}" = EveHQ
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Edimax Wireless LAN
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATC_is1" = Advanced Tactical Center™ 1.0
"Comodo Dragon" = Comodo Dragon
"Diablo III" = Diablo III
"DivX Setup" = DivX Setup
"Downloader" = Downloader
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ERUNT_is1" = ERUNT 1.1j
"EVE" = EVE Online (remove only)
"Foxit Reader" = Foxit Reader
"jZip" = jZip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Maxthon3" = Maxthon 3
"Mozilla Firefox 15.0.1 (x86 en-GB)" = Mozilla Firefox 15.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"SysInfo" = Creative System Information

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-583340193-457968133-1106505225-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24/12/2011 10:50:49 | Computer Name = Ollie-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 24/12/2011 10:51:34 | Computer Name = Ollie-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 26/12/2011 13:19:06 | Computer Name = Ollie-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 26/12/2011 13:19:53 | Computer Name = Ollie-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 26/12/2011 21:40:08 | Computer Name = Ollie-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 26/12/2011 21:40:08 | Computer Name = Ollie-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 27/12/2011 16:39:50 | Computer Name = Ollie-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 29/12/2011 17:12:44 | Computer Name = Ollie-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 29/12/2011 17:13:33 | Computer Name = Ollie-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 29/12/2011 17:25:23 | Computer Name = Ollie-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e21213c Exception code: 0xe06d7363 Fault offset: 0x000000000000cacd
Faulting
process id: 0xddc Faulting application start time: 0x01ccc66dfae65601 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 9dadaed4-3263-11e1-bc7c-0016e6de4f14

[ System Events ]
Error - 21/10/2012 10:31:33 | Computer Name = Ollie-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 21/10/2012 10:32:05 | Computer Name = Ollie-PC | Source = PNRPSvc | ID = 102
Description =

Error - 21/10/2012 10:32:05 | Computer Name = Ollie-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 21/10/2012 10:32:05 | Computer Name = Ollie-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 21/10/2012 10:32:14 | Computer Name = Ollie-PC | Source = PNRPSvc | ID = 102
Description =

Error - 21/10/2012 10:32:14 | Computer Name = Ollie-PC | Source = PNRPSvc | ID = 102
Description =

Error - 21/10/2012 10:32:14 | Computer Name = Ollie-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 21/10/2012 10:32:14 | Computer Name = Ollie-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 21/10/2012 10:32:14 | Computer Name = Ollie-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 21/10/2012 10:32:14 | Computer Name = Ollie-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535


< End of report >

ken545
2012-10-21, 19:55
Hi,

You have markers in your log for uTorrent, bad move, the program is safe but the files your downloading come from an unknown source and most contain malware of one sort of another, you would be doing yourself a big favor by staying away from any sort of File Sharing.



Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses

:OTL
IE - HKU\S-1-5-21-583340193-457968133-1106505225-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces


Let me know if you see any improvement on your system

rudebadger
2012-10-21, 22:51
Here is the log:


All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-583340193-457968133-1106505225-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ollie\Desktop\cmd.bat deleted successfully.
C:\Users\Ollie\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jez
->Temp folder emptied: 52353 bytes
->Temporary Internet Files folder emptied: 1280319 bytes
->FireFox cache emptied: 60308496 bytes
->Flash cache emptied: 1810 bytes

User: Ollie
->Temp folder emptied: 329834856 bytes
->Temporary Internet Files folder emptied: 106500410 bytes
->Java cache emptied: 1111076 bytes
->FireFox cache emptied: 530378680 bytes
->Flash cache emptied: 214691 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 198336 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 552970 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 7761027810 bytes

Total Files Cleaned = 8,384.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10212012_181559

Files\Folders moved on Reboot...
C:\Users\Ollie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ollie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6V8KH3J\addons-v4[2].htm moved successfully.
C:\Users\Ollie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N532I9GH\addons-tracker-v4[1].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

It's still slow loading pages and getting a fair bit of lag still as well

ken545
2012-10-21, 23:12
Are we talking about Internet Explorer ?


Open IE and go to Tools> Internet Options > Advanced Tab > Reset Internet Explorer Setting > Reset .....may take a few seconds...Then close IE and reopen it and see if it made a difference

rudebadger
2012-10-22, 00:16
No I use maxthon as a browser

ken545
2012-10-22, 01:05
Sorry to say that I am not familiar with Maxthon.

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)

rudebadger
2012-10-22, 03:06
I found the reset to default for maxthon and pages seem to be loading faster and completely now :)

Here is the log for tdsskiller:


01:02:24.0493 4204 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
01:02:24.0594 4204 ============================================================
01:02:24.0594 4204 Current date / time: 2012/10/22 01:02:24.0594
01:02:24.0594 4204 SystemInfo:
01:02:24.0594 4204
01:02:24.0594 4204 OS Version: 6.1.7601 ServicePack: 1.0
01:02:24.0594 4204 Product type: Workstation
01:02:24.0594 4204 ComputerName: OLLIE-PC
01:02:24.0594 4204 UserName: Ollie
01:02:24.0594 4204 Windows directory: C:\Windows
01:02:24.0594 4204 System windows directory: C:\Windows
01:02:24.0594 4204 Running under WOW64
01:02:24.0594 4204 Processor architecture: Intel x64
01:02:24.0594 4204 Number of processors: 4
01:02:24.0594 4204 Page size: 0x1000
01:02:24.0595 4204 Boot type: Normal boot
01:02:24.0595 4204 ============================================================
01:02:26.0493 4204 Drive \Device\Harddisk0\DR0 - Size: 0x3A70B67E00 (233.76 Gb), SectorSize: 0x200, Cylinders: 0x7EA6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
01:02:26.0503 4204 ============================================================
01:02:26.0503 4204 \Device\Harddisk0\DR0:
01:02:26.0503 4204 MBR partitions:
01:02:26.0503 4204 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D37F111
01:02:26.0503 4204 ============================================================
01:02:26.0521 4204 C: <-> \Device\Harddisk0\DR0\Partition1
01:02:26.0521 4204 ============================================================
01:02:26.0522 4204 Initialize success
01:02:26.0522 4204 ============================================================
01:02:30.0611 3464 ============================================================
01:02:30.0611 3464 Scan started
01:02:30.0611 3464 Mode: Manual;
01:02:30.0611 3464 ============================================================
01:02:31.0872 3464 ================ Scan system memory ========================
01:02:31.0872 3464 System memory - ok
01:02:31.0872 3464 ================ Scan services =============================
01:02:32.0078 3464 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
01:02:32.0079 3464 !SASCORE - ok
01:02:32.0278 3464 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
01:02:32.0283 3464 1394ohci - ok
01:02:32.0341 3464 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:02:32.0345 3464 ACPI - ok
01:02:32.0397 3464 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:02:32.0398 3464 AcpiPmi - ok
01:02:32.0567 3464 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:02:32.0569 3464 AdobeFlashPlayerUpdateSvc - ok
01:02:32.0629 3464 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
01:02:32.0638 3464 adp94xx - ok
01:02:32.0667 3464 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
01:02:32.0672 3464 adpahci - ok
01:02:32.0702 3464 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
01:02:32.0707 3464 adpu320 - ok
01:02:32.0756 3464 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:02:32.0757 3464 AeLookupSvc - ok
01:02:32.0837 3464 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
01:02:32.0849 3464 AFD - ok
01:02:32.0878 3464 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:02:32.0880 3464 agp440 - ok
01:02:32.0907 3464 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
01:02:32.0910 3464 ALG - ok
01:02:32.0925 3464 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
01:02:32.0927 3464 aliide - ok
01:02:32.0945 3464 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
01:02:32.0947 3464 amdide - ok
01:02:32.0995 3464 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
01:02:32.0997 3464 AmdK8 - ok
01:02:33.0003 3464 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
01:02:33.0005 3464 AmdPPM - ok
01:02:33.0044 3464 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
01:02:33.0047 3464 amdsata - ok
01:02:33.0065 3464 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
01:02:33.0069 3464 amdsbs - ok
01:02:33.0106 3464 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
01:02:33.0107 3464 amdxata - ok
01:02:33.0133 3464 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
01:02:33.0135 3464 AppID - ok
01:02:33.0164 3464 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:02:33.0165 3464 AppIDSvc - ok
01:02:33.0225 3464 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
01:02:33.0227 3464 Appinfo - ok
01:02:33.0362 3464 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:02:33.0364 3464 Apple Mobile Device - ok
01:02:33.0370 3464 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
01:02:33.0372 3464 arc - ok
01:02:33.0398 3464 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
01:02:33.0401 3464 arcsas - ok
01:02:33.0420 3464 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:02:33.0421 3464 AsyncMac - ok
01:02:33.0426 3464 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
01:02:33.0427 3464 atapi - ok
01:02:33.0488 3464 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:02:33.0502 3464 AudioEndpointBuilder - ok
01:02:33.0515 3464 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:02:33.0520 3464 AudioSrv - ok
01:02:33.0595 3464 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:02:33.0598 3464 AxInstSV - ok
01:02:33.0630 3464 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
01:02:33.0638 3464 b06bdrv - ok
01:02:33.0690 3464 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
01:02:33.0695 3464 b57nd60a - ok
01:02:33.0746 3464 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
01:02:33.0749 3464 BDESVC - ok
01:02:33.0789 3464 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
01:02:33.0790 3464 Beep - ok
01:02:33.0862 3464 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
01:02:33.0876 3464 BFE - ok
01:02:33.0941 3464 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
01:02:33.0966 3464 BITS - ok
01:02:33.0990 3464 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
01:02:33.0992 3464 blbdrive - ok
01:02:34.0107 3464 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:02:34.0113 3464 Bonjour Service - ok
01:02:34.0153 3464 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:02:34.0155 3464 bowser - ok
01:02:34.0177 3464 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:02:34.0179 3464 BrFiltLo - ok
01:02:34.0183 3464 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:02:34.0185 3464 BrFiltUp - ok
01:02:34.0235 3464 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
01:02:34.0238 3464 Browser - ok
01:02:34.0264 3464 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:02:34.0270 3464 Brserid - ok
01:02:34.0276 3464 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:02:34.0278 3464 BrSerWdm - ok
01:02:34.0289 3464 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:02:34.0290 3464 BrUsbMdm - ok
01:02:34.0310 3464 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:02:34.0312 3464 BrUsbSer - ok
01:02:34.0328 3464 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
01:02:34.0330 3464 BTHMODEM - ok
01:02:34.0379 3464 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
01:02:34.0382 3464 bthserv - ok
01:02:34.0405 3464 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:02:34.0407 3464 cdfs - ok
01:02:34.0456 3464 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
01:02:34.0460 3464 cdrom - ok
01:02:34.0508 3464 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
01:02:34.0511 3464 CertPropSvc - ok
01:02:34.0527 3464 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
01:02:34.0529 3464 circlass - ok
01:02:34.0583 3464 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
01:02:34.0589 3464 CLFS - ok
01:02:34.0675 3464 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:02:34.0679 3464 clr_optimization_v2.0.50727_32 - ok
01:02:34.0784 3464 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:02:34.0787 3464 clr_optimization_v2.0.50727_64 - ok
01:02:34.0890 3464 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:02:34.0892 3464 clr_optimization_v4.0.30319_32 - ok
01:02:34.0953 3464 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:02:34.0955 3464 clr_optimization_v4.0.30319_64 - ok
01:02:34.0979 3464 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
01:02:34.0980 3464 CmBatt - ok
01:02:35.0164 3464 [ CEE48CCC4D561DDB19C72F9FB55D28D5 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
01:02:35.0184 3464 cmdAgent - ok
01:02:35.0252 3464 [ 7EAC5E62F0B93262984D450E0D497B61 ] cmderd C:\Windows\system32\DRIVERS\cmderd.sys
01:02:35.0253 3464 cmderd - ok
01:02:35.0268 3464 [ 0599D5A458D4E0E37AB84E9D1C5C73E5 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
01:02:35.0275 3464 cmdGuard - ok
01:02:35.0291 3464 [ 2D3E08C7106F748F9EFF3DEC14142D3E ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
01:02:35.0292 3464 cmdHlp - ok
01:02:35.0369 3464 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:02:35.0400 3464 cmdide - ok
01:02:35.0507 3464 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
01:02:35.0517 3464 CNG - ok
01:02:35.0523 3464 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
01:02:35.0525 3464 Compbatt - ok
01:02:35.0587 3464 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
01:02:35.0589 3464 CompositeBus - ok
01:02:35.0611 3464 COMSysApp - ok
01:02:35.0618 3464 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
01:02:35.0619 3464 crcdisk - ok
01:02:35.0783 3464 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
01:02:35.0960 3464 Creative ALchemy AL6 Licensing Service - ok
01:02:35.0986 3464 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
01:02:35.0989 3464 Creative Audio Engine Licensing Service - ok
01:02:36.0043 3464 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:02:36.0047 3464 CryptSvc - ok
01:02:36.0155 3464 [ 1B8194450EB013CB6E79CE5503D1B0B5 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
01:02:36.0296 3464 CTAudSvcService - ok
01:02:36.0351 3464 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:02:36.0389 3464 DcomLaunch - ok
01:02:36.0521 3464 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
01:02:36.0526 3464 defragsvc - ok
01:02:36.0584 3464 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:02:36.0587 3464 DfsC - ok
01:02:36.0645 3464 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
01:02:36.0651 3464 Dhcp - ok
01:02:36.0662 3464 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
01:02:36.0664 3464 discache - ok
01:02:36.0699 3464 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
01:02:36.0701 3464 Disk - ok
01:02:36.0748 3464 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:02:36.0751 3464 Dnscache - ok
01:02:36.0816 3464 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:02:36.0821 3464 dot3svc - ok
01:02:36.0870 3464 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
01:02:36.0873 3464 DPS - ok
01:02:37.0055 3464 [ 28A88BB61B6B4A352729BA22BD2D2604 ] DragonUpdater C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
01:02:37.0228 3464 DragonUpdater - ok
01:02:37.0274 3464 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:02:37.0275 3464 drmkaud - ok
01:02:37.0346 3464 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:02:37.0353 3464 DXGKrnl - ok
01:02:37.0411 3464 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
01:02:37.0414 3464 EapHost - ok
01:02:37.0501 3464 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
01:02:37.0578 3464 ebdrv - ok
01:02:37.0628 3464 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
01:02:37.0630 3464 EFS - ok
01:02:37.0720 3464 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:02:37.0743 3464 ehRecvr - ok
01:02:37.0792 3464 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
01:02:37.0795 3464 ehSched - ok
01:02:37.0850 3464 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
01:02:37.0864 3464 elxstor - ok
01:02:37.0912 3464 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:02:37.0913 3464 ErrDev - ok
01:02:37.0964 3464 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
01:02:37.0971 3464 EventSystem - ok
01:02:37.0994 3464 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
01:02:37.0999 3464 exfat - ok
01:02:38.0021 3464 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:02:38.0025 3464 fastfat - ok
01:02:38.0103 3464 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
01:02:38.0117 3464 Fax - ok
01:02:38.0132 3464 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:02:38.0134 3464 fdc - ok
01:02:38.0179 3464 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
01:02:38.0181 3464 fdPHost - ok
01:02:38.0195 3464 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
01:02:38.0196 3464 FDResPub - ok
01:02:38.0209 3464 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:02:38.0210 3464 FileInfo - ok
01:02:38.0228 3464 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:02:38.0230 3464 Filetrace - ok
01:02:38.0252 3464 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:02:38.0253 3464 flpydisk - ok
01:02:38.0315 3464 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:02:38.0319 3464 FltMgr - ok
01:02:38.0394 3464 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
01:02:38.0428 3464 FontCache - ok
01:02:38.0522 3464 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:02:38.0631 3464 FontCache3.0.0.0 - ok
01:02:38.0649 3464 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:02:38.0651 3464 FsDepends - ok
01:02:38.0705 3464 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:02:38.0706 3464 Fs_Rec - ok
01:02:38.0769 3464 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:02:38.0773 3464 fvevol - ok
01:02:38.0814 3464 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
01:02:38.0817 3464 gagp30kx - ok
01:02:38.0853 3464 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:02:38.0854 3464 GEARAspiWDM - ok
01:02:38.0905 3464 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
01:02:38.0931 3464 gpsvc - ok
01:02:38.0948 3464 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:02:38.0950 3464 hcw85cir - ok
01:02:39.0013 3464 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:02:39.0019 3464 HdAudAddService - ok
01:02:39.0077 3464 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
01:02:39.0079 3464 HDAudBus - ok
01:02:39.0098 3464 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
01:02:39.0100 3464 HidBatt - ok
01:02:39.0106 3464 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
01:02:39.0109 3464 HidBth - ok
01:02:39.0115 3464 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
01:02:39.0117 3464 HidIr - ok
01:02:39.0180 3464 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
01:02:39.0182 3464 hidserv - ok
01:02:39.0259 3464 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
01:02:39.0261 3464 HidUsb - ok
01:02:39.0312 3464 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:02:39.0315 3464 hkmsvc - ok
01:02:39.0358 3464 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:02:39.0363 3464 HomeGroupListener - ok
01:02:39.0414 3464 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:02:39.0418 3464 HomeGroupProvider - ok
01:02:39.0463 3464 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:02:39.0466 3464 HpSAMD - ok
01:02:39.0513 3464 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:02:39.0534 3464 HTTP - ok
01:02:39.0578 3464 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:02:39.0579 3464 hwpolicy - ok
01:02:39.0596 3464 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
01:02:39.0598 3464 i8042prt - ok
01:02:39.0615 3464 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:02:39.0621 3464 iaStorV - ok
01:02:39.0695 3464 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:02:39.0721 3464 idsvc - ok
01:02:39.0736 3464 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
01:02:39.0738 3464 iirsp - ok
01:02:39.0774 3464 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
01:02:39.0800 3464 IKEEXT - ok
01:02:39.0863 3464 [ EFFF0AFD27CC97BF0E5E0BAB78419DE7 ] inspect C:\Windows\system32\DRIVERS\inspect.sys
01:02:39.0865 3464 inspect - ok
01:02:39.0870 3464 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
01:02:39.0871 3464 intelide - ok
01:02:39.0930 3464 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:02:39.0932 3464 intelppm - ok
01:02:39.0974 3464 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:02:39.0978 3464 IPBusEnum - ok
01:02:40.0028 3464 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:02:40.0031 3464 IpFilterDriver - ok
01:02:40.0090 3464 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:02:40.0103 3464 iphlpsvc - ok
01:02:40.0109 3464 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:02:40.0112 3464 IPMIDRV - ok
01:02:40.0139 3464 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:02:40.0142 3464 IPNAT - ok
01:02:40.0230 3464 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
01:02:40.0242 3464 iPod Service - ok
01:02:40.0288 3464 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:02:40.0289 3464 IRENUM - ok
01:02:40.0294 3464 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:02:40.0296 3464 isapnp - ok
01:02:40.0317 3464 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:02:40.0323 3464 iScsiPrt - ok
01:02:40.0364 3464 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
01:02:40.0365 3464 kbdclass - ok
01:02:40.0414 3464 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
01:02:40.0415 3464 kbdhid - ok
01:02:40.0427 3464 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
01:02:40.0428 3464 KeyIso - ok
01:02:40.0483 3464 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:02:40.0485 3464 KSecDD - ok
01:02:40.0532 3464 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:02:40.0536 3464 KSecPkg - ok
01:02:40.0552 3464 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:02:40.0553 3464 ksthunk - ok
01:02:40.0603 3464 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
01:02:40.0610 3464 KtmRm - ok
01:02:40.0665 3464 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
01:02:40.0670 3464 LanmanServer - ok
01:02:40.0721 3464 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:02:40.0725 3464 LanmanWorkstation - ok
01:02:40.0823 3464 [ 5D00693E33A01690911572925BB89461 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
01:02:40.0825 3464 LHidFilt - ok
01:02:40.0929 3464 [ 559C9B7800FAC92FC515CD0003D7C631 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
01:02:40.0931 3464 LightScribeService - ok
01:02:41.0109 3464 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:02:41.0111 3464 lltdio - ok
01:02:41.0317 3464 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:02:41.0323 3464 lltdsvc - ok
01:02:41.0344 3464 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:02:41.0345 3464 lmhosts - ok
01:02:41.0372 3464 [ A0D8D290370F4B42C5A7284947EAFFEA ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
01:02:41.0374 3464 LMouFilt - ok
01:02:41.0446 3464 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
01:02:41.0449 3464 LSI_FC - ok
01:02:41.0471 3464 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
01:02:41.0474 3464 LSI_SAS - ok
01:02:41.0520 3464 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:02:41.0523 3464 LSI_SAS2 - ok
01:02:41.0529 3464 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:02:41.0532 3464 LSI_SCSI - ok
01:02:41.0581 3464 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
01:02:41.0583 3464 luafv - ok
01:02:41.0633 3464 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:02:41.0636 3464 Mcx2Svc - ok
01:02:41.0641 3464 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
01:02:41.0643 3464 megasas - ok
01:02:41.0664 3464 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
01:02:41.0670 3464 MegaSR - ok
01:02:41.0723 3464 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
01:02:41.0726 3464 MMCSS - ok
01:02:41.0746 3464 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
01:02:41.0748 3464 Modem - ok
01:02:41.0801 3464 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:02:41.0802 3464 monitor - ok
01:02:41.0847 3464 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
01:02:41.0848 3464 mouclass - ok
01:02:41.0896 3464 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:02:41.0897 3464 mouhid - ok
01:02:41.0927 3464 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:02:41.0929 3464 mountmgr - ok
01:02:42.0012 3464 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:02:42.0015 3464 MozillaMaintenance - ok
01:02:42.0045 3464 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
01:02:42.0048 3464 mpio - ok
01:02:42.0077 3464 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:02:42.0079 3464 mpsdrv - ok
01:02:42.0149 3464 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
01:02:42.0172 3464 MpsSvc - ok
01:02:42.0226 3464 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:02:42.0229 3464 MRxDAV - ok
01:02:42.0255 3464 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:02:42.0258 3464 mrxsmb - ok
01:02:42.0294 3464 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:02:42.0300 3464 mrxsmb10 - ok
01:02:42.0324 3464 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:02:42.0327 3464 mrxsmb20 - ok
01:02:42.0352 3464 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
01:02:42.0354 3464 msahci - ok
01:02:42.0367 3464 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:02:42.0370 3464 msdsm - ok
01:02:42.0389 3464 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
01:02:42.0393 3464 MSDTC - ok
01:02:42.0424 3464 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:02:42.0425 3464 Msfs - ok
01:02:42.0452 3464 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:02:42.0453 3464 mshidkmdf - ok
01:02:42.0459 3464 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:02:42.0460 3464 msisadrv - ok
01:02:42.0510 3464 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:02:42.0514 3464 MSiSCSI - ok
01:02:42.0518 3464 msiserver - ok
01:02:42.0564 3464 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:02:42.0565 3464 MSKSSRV - ok
01:02:42.0614 3464 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:02:42.0615 3464 MSPCLOCK - ok
01:02:42.0628 3464 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:02:42.0629 3464 MSPQM - ok
01:02:42.0690 3464 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:02:42.0695 3464 MsRPC - ok
01:02:42.0708 3464 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
01:02:42.0709 3464 mssmbios - ok
01:02:42.0727 3464 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:02:42.0728 3464 MSTEE - ok
01:02:42.0746 3464 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
01:02:42.0747 3464 MTConfig - ok
01:02:42.0769 3464 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
01:02:42.0771 3464 Mup - ok
01:02:42.0814 3464 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
01:02:42.0827 3464 napagent - ok
01:02:42.0884 3464 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:02:42.0889 3464 NativeWifiP - ok
01:02:42.0959 3464 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:02:42.0986 3464 NDIS - ok
01:02:43.0036 3464 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:02:43.0038 3464 NdisCap - ok
01:02:43.0076 3464 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:02:43.0077 3464 NdisTapi - ok
01:02:43.0133 3464 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:02:43.0135 3464 Ndisuio - ok
01:02:43.0162 3464 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:02:43.0165 3464 NdisWan - ok
01:02:43.0194 3464 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:02:43.0197 3464 NDProxy - ok
01:02:43.0225 3464 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:02:43.0227 3464 NetBIOS - ok
01:02:43.0266 3464 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:02:43.0271 3464 NetBT - ok
01:02:43.0283 3464 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
01:02:43.0285 3464 Netlogon - ok
01:02:43.0350 3464 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
01:02:43.0357 3464 Netman - ok
01:02:43.0377 3464 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
01:02:43.0385 3464 netprofm - ok
01:02:43.0435 3464 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:02:43.0550 3464 NetTcpPortSharing - ok
01:02:43.0592 3464 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
01:02:43.0595 3464 nfrd960 - ok
01:02:43.0650 3464 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:02:43.0656 3464 NlaSvc - ok
01:02:43.0768 3464 [ C4EBBBD7165BE535F0BFD06B80601D91 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
01:02:43.0911 3464 NMIndexingService - ok
01:02:43.0916 3464 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:02:43.0918 3464 Npfs - ok
01:02:43.0966 3464 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
01:02:43.0968 3464 nsi - ok
01:02:43.0983 3464 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:02:43.0984 3464 nsiproxy - ok
01:02:44.0075 3464 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:02:44.0117 3464 Ntfs - ok
01:02:44.0131 3464 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
01:02:44.0132 3464 Null - ok
01:02:44.0506 3464 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:02:44.0607 3464 nvlddmkm - ok
01:02:44.0669 3464 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:02:44.0673 3464 nvraid - ok
01:02:44.0691 3464 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:02:44.0695 3464 nvstor - ok
01:02:44.0779 3464 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
01:02:44.0788 3464 nvsvc - ok
01:02:44.0883 3464 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
01:02:45.0062 3464 nvUpdatusService - ok
01:02:45.0070 3464 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:02:45.0073 3464 nv_agp - ok
01:02:45.0094 3464 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:02:45.0096 3464 ohci1394 - ok
01:02:45.0136 3464 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:02:45.0142 3464 p2pimsvc - ok
01:02:45.0209 3464 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
01:02:45.0218 3464 p2psvc - ok
01:02:45.0265 3464 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
01:02:45.0267 3464 Parport - ok
01:02:45.0316 3464 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:02:45.0318 3464 partmgr - ok
01:02:45.0331 3464 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
01:02:45.0335 3464 PcaSvc - ok
01:02:45.0343 3464 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
01:02:45.0346 3464 pci - ok
01:02:45.0371 3464 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
01:02:45.0372 3464 pciide - ok
01:02:45.0380 3464 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
01:02:45.0385 3464 pcmcia - ok
01:02:45.0390 3464 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
01:02:45.0392 3464 pcw - ok
01:02:45.0429 3464 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:02:45.0442 3464 PEAUTH - ok
01:02:45.0561 3464 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:02:45.0667 3464 PerfHost - ok
01:02:45.0751 3464 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
01:02:45.0794 3464 pla - ok
01:02:45.0862 3464 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:02:45.0870 3464 PlugPlay - ok
01:02:45.0898 3464 PnkBstrA - ok
01:02:45.0925 3464 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:02:45.0928 3464 PNRPAutoReg - ok
01:02:45.0952 3464 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:02:45.0956 3464 PNRPsvc - ok
01:02:46.0021 3464 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:02:46.0029 3464 PolicyAgent - ok
01:02:46.0084 3464 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
01:02:46.0088 3464 Power - ok
01:02:46.0147 3464 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:02:46.0150 3464 PptpMiniport - ok
01:02:46.0155 3464 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
01:02:46.0158 3464 Processor - ok
01:02:46.0216 3464 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
01:02:46.0221 3464 ProfSvc - ok
01:02:46.0232 3464 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:02:46.0234 3464 ProtectedStorage - ok
01:02:46.0292 3464 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:02:46.0294 3464 Psched - ok
01:02:46.0439 3464 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
01:02:46.0471 3464 ql2300 - ok
01:02:46.0488 3464 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
01:02:46.0491 3464 ql40xx - ok
01:02:46.0543 3464 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
01:02:46.0549 3464 QWAVE - ok
01:02:46.0562 3464 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:02:46.0564 3464 QWAVEdrv - ok
01:02:46.0578 3464 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:02:46.0579 3464 RasAcd - ok
01:02:46.0645 3464 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:02:46.0647 3464 RasAgileVpn - ok
01:02:46.0662 3464 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
01:02:46.0666 3464 RasAuto - ok
01:02:46.0716 3464 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:02:46.0720 3464 Rasl2tp - ok
01:02:46.0772 3464 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
01:02:46.0779 3464 RasMan - ok
01:02:46.0786 3464 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:02:46.0788 3464 RasPppoe - ok
01:02:46.0827 3464 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:02:46.0829 3464 RasSstp - ok
01:02:46.0847 3464 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:02:46.0852 3464 rdbss - ok
01:02:46.0871 3464 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
01:02:46.0873 3464 rdpbus - ok
01:02:46.0887 3464 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:02:46.0888 3464 RDPCDD - ok
01:02:46.0937 3464 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:02:46.0938 3464 RDPENCDD - ok
01:02:46.0945 3464 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
01:02:46.0946 3464 RDPREFMP - ok
01:02:46.0997 3464 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:02:47.0001 3464 RDPWD - ok
01:02:47.0064 3464 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:02:47.0067 3464 rdyboost - ok
01:02:47.0117 3464 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:02:47.0120 3464 RemoteAccess - ok
01:02:47.0162 3464 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:02:47.0167 3464 RemoteRegistry - ok
01:02:47.0226 3464 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:02:47.0229 3464 RpcEptMapper - ok
01:02:47.0277 3464 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
01:02:47.0280 3464 RpcLocator - ok
01:02:47.0337 3464 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
01:02:47.0342 3464 RpcSs - ok
01:02:47.0359 3464 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:02:47.0361 3464 rspndr - ok
01:02:47.0428 3464 [ 60EB8A87357CA5B088B422D1E55A2405 ] rt61x64 C:\Windows\system32\DRIVERS\netr6164.sys
01:02:47.0432 3464 rt61x64 - ok
01:02:47.0473 3464 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
01:02:47.0475 3464 SamSs - ok
01:02:47.0566 3464 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
01:02:47.0567 3464 SASDIFSV - ok
01:02:47.0576 3464 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
01:02:47.0577 3464 SASKUTIL - ok
01:02:47.0602 3464 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:02:47.0604 3464 sbp2port - ok
01:02:47.0653 3464 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:02:47.0658 3464 SCardSvr - ok
01:02:47.0708 3464 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:02:47.0710 3464 scfilter - ok
01:02:47.0774 3464 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
01:02:47.0809 3464 Schedule - ok
01:02:47.0859 3464 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
01:02:47.0860 3464 SCPolicySvc - ok
01:02:47.0917 3464 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:02:47.0923 3464 SDRSVC - ok
01:02:47.0962 3464 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:02:47.0963 3464 secdrv - ok
01:02:48.0013 3464 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
01:02:48.0016 3464 seclogon - ok
01:02:48.0063 3464 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
01:02:48.0066 3464 SENS - ok
01:02:48.0082 3464 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:02:48.0085 3464 SensrSvc - ok
01:02:48.0090 3464 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
01:02:48.0092 3464 Serenum - ok
01:02:48.0110 3464 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
01:02:48.0113 3464 Serial - ok
01:02:48.0129 3464 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
01:02:48.0131 3464 sermouse - ok
01:02:48.0188 3464 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
01:02:48.0192 3464 SessionEnv - ok
01:02:48.0232 3464 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:02:48.0234 3464 sffdisk - ok
01:02:48.0245 3464 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:02:48.0247 3464 sffp_mmc - ok
01:02:48.0263 3464 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:02:48.0264 3464 sffp_sd - ok
01:02:48.0269 3464 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
01:02:48.0271 3464 sfloppy - ok
01:02:48.0328 3464 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:02:48.0335 3464 SharedAccess - ok
01:02:48.0386 3464 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:02:48.0393 3464 ShellHWDetection - ok
01:02:48.0418 3464 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:02:48.0420 3464 SiSRaid2 - ok
01:02:48.0426 3464 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
01:02:48.0428 3464 SiSRaid4 - ok
01:02:48.0441 3464 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:02:48.0443 3464 Smb - ok
01:02:48.0491 3464 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:02:48.0493 3464 SNMPTRAP - ok
01:02:48.0538 3464 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
01:02:48.0539 3464 spldr - ok
01:02:48.0595 3464 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
01:02:48.0603 3464 Spooler - ok
01:02:48.0734 3464 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
01:02:48.0761 3464 sppsvc - ok
01:02:48.0807 3464 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
01:02:48.0811 3464 sppuinotify - ok
01:02:48.0863 3464 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
01:02:48.0871 3464 srv - ok
01:02:48.0930 3464 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:02:48.0937 3464 srv2 - ok
01:02:48.0945 3464 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:02:48.0948 3464 srvnet - ok
01:02:49.0008 3464 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:02:49.0013 3464 SSDPSRV - ok
01:02:49.0023 3464 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:02:49.0027 3464 SstpSvc - ok
01:02:49.0071 3464 Steam Client Service - ok
01:02:49.0170 3464 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
01:02:49.0323 3464 Stereo Service - ok
01:02:49.0329 3464 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
01:02:49.0331 3464 stexstor - ok
01:02:49.0380 3464 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
01:02:49.0393 3464 stisvc - ok
01:02:49.0435 3464 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
01:02:49.0436 3464 swenum - ok
01:02:49.0509 3464 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
01:02:49.0523 3464 swprv - ok
01:02:49.0609 3464 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
01:02:49.0652 3464 SysMain - ok
01:02:49.0705 3464 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:02:49.0709 3464 TabletInputService - ok
01:02:49.0767 3464 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:02:49.0775 3464 TapiSrv - ok
01:02:49.0823 3464 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
01:02:49.0826 3464 TBS - ok
01:02:49.0913 3464 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:02:49.0974 3464 Tcpip - ok
01:02:50.0056 3464 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:02:50.0070 3464 TCPIP6 - ok
01:02:50.0122 3464 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:02:50.0124 3464 tcpipreg - ok
01:02:50.0177 3464 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:02:50.0179 3464 TDPIPE - ok
01:02:50.0222 3464 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:02:50.0224 3464 TDTCP - ok
01:02:50.0275 3464 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:02:50.0278 3464 tdx - ok
01:02:50.0286 3464 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
01:02:50.0287 3464 TermDD - ok
01:02:50.0352 3464 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
01:02:50.0378 3464 TermService - ok
01:02:50.0391 3464 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
01:02:50.0394 3464 Themes - ok
01:02:50.0444 3464 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
01:02:50.0446 3464 THREADORDER - ok
01:02:50.0494 3464 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
01:02:50.0498 3464 TrkWks - ok
01:02:50.0594 3464 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:02:50.0598 3464 TrustedInstaller - ok
01:02:50.0649 3464 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:02:50.0651 3464 tssecsrv - ok
01:02:50.0685 3464 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:02:50.0687 3464 TsUsbFlt - ok
01:02:50.0712 3464 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:02:50.0715 3464 tunnel - ok
01:02:50.0740 3464 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
01:02:50.0743 3464 uagp35 - ok
01:02:50.0794 3464 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:02:50.0800 3464 udfs - ok
01:02:50.0823 3464 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:02:50.0826 3464 UI0Detect - ok
01:02:50.0840 3464 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:02:50.0842 3464 uliagpkx - ok
01:02:50.0897 3464 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
01:02:50.0899 3464 umbus - ok
01:02:50.0938 3464 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
01:02:50.0940 3464 UmPass - ok
01:02:50.0990 3464 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
01:02:50.0997 3464 upnphost - ok
01:02:51.0051 3464 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
01:02:51.0053 3464 USBAAPL64 - ok
01:02:51.0120 3464 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
01:02:51.0122 3464 usbaudio - ok
01:02:51.0137 3464 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:02:51.0139 3464 usbccgp - ok
01:02:51.0181 3464 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:02:51.0183 3464 usbcir - ok
01:02:51.0218 3464 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
01:02:51.0220 3464 usbehci - ok
01:02:51.0253 3464 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:02:51.0258 3464 usbhub - ok
01:02:51.0264 3464 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
01:02:51.0265 3464 usbohci - ok
01:02:51.0270 3464 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
01:02:51.0272 3464 usbprint - ok
01:02:51.0278 3464 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:02:51.0281 3464 USBSTOR - ok
01:02:51.0328 3464 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
01:02:51.0329 3464 usbuhci - ok
01:02:51.0379 3464 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
01:02:51.0406 3464 UxSms - ok
01:02:51.0429 3464 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
01:02:51.0430 3464 VaultSvc - ok
01:02:51.0496 3464 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:02:51.0497 3464 vdrvroot - ok
01:02:51.0559 3464 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
01:02:51.0573 3464 vds - ok
01:02:51.0621 3464 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:02:51.0623 3464 vga - ok
01:02:51.0643 3464 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
01:02:51.0645 3464 VgaSave - ok
01:02:51.0665 3464 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
01:02:51.0669 3464 vhdmp - ok
01:02:51.0693 3464 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
01:02:51.0694 3464 viaide - ok
01:02:51.0700 3464 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:02:51.0702 3464 volmgr - ok
01:02:51.0738 3464 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:02:51.0744 3464 volmgrx - ok
01:02:51.0758 3464 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:02:51.0763 3464 volsnap - ok
01:02:51.0811 3464 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
01:02:51.0815 3464 vsmraid - ok
01:02:51.0898 3464 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
01:02:51.0941 3464 VSS - ok
01:02:51.0957 3464 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
01:02:51.0959 3464 vwifibus - ok
01:02:51.0972 3464 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
01:02:51.0974 3464 vwififlt - ok
01:02:52.0028 3464 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
01:02:52.0030 3464 vwifimp - ok
01:02:52.0083 3464 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
01:02:52.0091 3464 W32Time - ok
01:02:52.0098 3464 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
01:02:52.0100 3464 WacomPen - ok
01:02:52.0151 3464 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
01:02:52.0154 3464 WANARP - ok
01:02:52.0180 3464 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:02:52.0182 3464 Wanarpv6 - ok
01:02:52.0273 3464 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
01:02:52.0308 3464 WatAdminSvc - ok
01:02:52.0394 3464 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
01:02:52.0437 3464 wbengine - ok
01:02:52.0458 3464 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:02:52.0464 3464 WbioSrvc - ok
01:02:52.0521 3464 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:02:52.0529 3464 wcncsvc - ok
01:02:52.0539 3464 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:02:52.0543 3464 WcsPlugInService - ok
01:02:52.0563 3464 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
01:02:52.0565 3464 Wd - ok
01:02:52.0603 3464 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:02:52.0616 3464 Wdf01000 - ok
01:02:52.0634 3464 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:02:52.0637 3464 WdiServiceHost - ok
01:02:52.0642 3464 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:02:52.0644 3464 WdiSystemHost - ok
01:02:52.0697 3464 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
01:02:52.0703 3464 WebClient - ok
01:02:52.0725 3464 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:02:52.0732 3464 Wecsvc - ok
01:02:52.0747 3464 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:02:52.0750 3464 wercplsupport - ok
01:02:52.0812 3464 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
01:02:52.0815 3464 WerSvc - ok
01:02:52.0823 3464 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
01:02:52.0824 3464 WfpLwf - ok
01:02:52.0840 3464 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:02:52.0842 3464 WIMMount - ok
01:02:52.0869 3464 WinDefend - ok
01:02:52.0875 3464 WinHttpAutoProxySvc - ok
01:02:52.0957 3464 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:02:52.0961 3464 Winmgmt - ok
01:02:53.0053 3464 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
01:02:53.0104 3464 WinRM - ok
01:02:53.0157 3464 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
01:02:53.0159 3464 WinUsb - ok
01:02:53.0217 3464 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
01:02:53.0241 3464 Wlansvc - ok
01:02:53.0415 3464 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:02:53.0432 3464 wlidsvc - ok
01:02:53.0450 3464 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
01:02:53.0452 3464 WmiAcpi - ok
01:02:53.0506 3464 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:02:53.0510 3464 wmiApSrv - ok
01:02:53.0560 3464 WMPNetworkSvc - ok
01:02:53.0602 3464 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:02:53.0605 3464 WPCSvc - ok
01:02:53.0654 3464 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:02:53.0658 3464 WPDBusEnum - ok
01:02:53.0708 3464 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:02:53.0709 3464 ws2ifsl - ok
01:02:53.0761 3464 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
01:02:53.0765 3464 wscsvc - ok
01:02:53.0769 3464 WSearch - ok
01:02:53.0874 3464 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
01:02:53.0934 3464 wuauserv - ok
01:02:53.0948 3464 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:02:53.0951 3464 WudfPf - ok
01:02:53.0994 3464 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:02:53.0997 3464 WUDFRd - ok
01:02:54.0035 3464 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:02:54.0038 3464 wudfsvc - ok
01:02:54.0089 3464 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
01:02:54.0095 3464 WwanSvc - ok
01:02:54.0150 3464 [ 754C8BF43F0DD4B54865F174A62761E9 ] XENfiltv C:\Windows\system32\drivers\XENfiltv.sys
01:02:54.0152 3464 XENfiltv - ok
01:02:54.0226 3464 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
01:02:54.0233 3464 yukonw7 - ok
01:02:54.0241 3464 ================ Scan global ===============================
01:02:54.0288 3464 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:02:54.0342 3464 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
01:02:54.0358 3464 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
01:02:54.0407 3464 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:02:54.0459 3464 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:02:54.0463 3464 [Global] - ok
01:02:54.0464 3464 ================ Scan MBR ==================================
01:02:54.0477 3464 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:02:54.0676 3464 \Device\Harddisk0\DR0 - ok
01:02:54.0676 3464 ================ Scan VBR ==================================
01:02:54.0680 3464 [ C502749700D87198AE95C4A8D58D9667 ] \Device\Harddisk0\DR0\Partition1
01:02:54.0682 3464 \Device\Harddisk0\DR0\Partition1 - ok
01:02:54.0683 3464 ============================================================
01:02:54.0683 3464 Scan finished
01:02:54.0683 3464 ============================================================
01:02:54.0695 3848 Detected object count: 0
01:02:54.0696 3848 Actual detected object count: 0
01:03:06.0372 2692 Deinitialize success

ken545
2012-10-22, 11:34
Hi,

I think your ok. When we ran the fix with OTL and it removed temp files and such it most likely did not involve Maxthon. You most likely had a lot of temp files and your browsers cache was full. I dont think you need to set it back to default each time, there should be setting to flush out the cache and your history.

TDSSkiller and the other scanners are coming back ok

Are you happy with the way your system is running now ?

rudebadger
2012-10-22, 20:24
It seems much better whilst browsing, but, still get lag spikes every 5 to 10 minutes or so when gaming or streaming. It's got worse over time and others I am play with at the same time do not seem to experience the problem as frequently as I do. Do you think this could be virus related, ISP related or serverside issues?

ken545
2012-10-22, 20:45
Lets run a free online virus scanner and if it comes back ok than its most likely another problem and not malware.


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

rudebadger
2012-10-23, 01:02
Here is the eset scan log:

C:\Users\Ollie\Downloads\jZipV1.exe Win32/Toolbar.SearchSuite application

ken545
2012-10-23, 01:06
Did you download this via the torrents ?????????????

C:\Users\Ollie\Downloads\jZipV1.exe <--Delete it

rudebadger
2012-10-23, 01:55
I have deleted but it, but no I did not get it from torrents its available as a free download on a several sites. I have it installed as well should I uninstall that?

ken545
2012-10-23, 02:16
No, its most likely a false positive but had you remove it just to be on the safeside. At this point I think your problem is not malware related. Being a gamer it really stresses your system to the breaking point. All your scans are coming up ok. If you use a router, lets flush it all out.

1. Turn off your computer
2. Turn off your router by pulling the power cord
3. Turn off your DSL or Cable modem by pulling the power cord as well

Let everything set for about 5 minutes


1. Turn on your Modem
2. Turn on your Router
3. Only after all the lights are on full with your modem and router, then turn on your computer


Lets see if this makes a difference

rudebadger
2012-10-23, 23:23
Ok done that and do not seem to have as much lag spikes now

ken545
2012-10-24, 00:12
Wonderful :bigthumb:

You should do that every couple of months, your router and modem can get clogged up after awhile.

This may clean you up a bit more and get rid of more garbage



Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean




We need to update your Java to keep you more secure

Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 7, if not proceed with the instructions.

Go to the update Tab and update it

Then go to your Add Remove Programs (WIN XP) or Programs and Features (Vista / Win 7) in the Control Panel and uninstall all previous versions.




Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.






How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

rudebadger
2012-10-24, 01:01
Thats great thanks for all the help :thanks: :2thumb:.

I checked Java and it was showing it is version 6 update 37 yet it also said it last checked for an update today (before I did the manual update) is it better to manually check every month or so rather than rely on the auto update. Also it updated to version update 7 update 9 rather than 7.

I'm currently using Comodo internet security premium, Spybot, Superantispyware and Malwarebytes. Can you suggest anything else as well as these or instead of?

ken545
2012-10-24, 03:22
I'll tell ya, Java updates faster than you can change your socks. You have the latest version. What I would do is the auto updates but keep an eye on it and if in a few weeks it doesn't update than do it manually. You can go to the Java Control Panel and have it check for updates weekly and set the time when your computer will be on so you dont miss it.

Comodo is fine, Malwarebytes and SAS , Spybot are all fine to, what's important is to keep them all updated. The Pro Version of Malwarebytes has a protection modual that will block known malicious websites, the cost is minimal and you own the program, no yearly update fees, but this of course is up to you.

Take Care,

Ken :)

rudebadger
2012-10-24, 22:31
Hehe I suppose it keeps all the Java employees in a job.

Thanks again for the help :)

ken545
2012-10-24, 23:35
Your welcome my friend