[A] Olmarik.ao Trojan removal help request

Inactive
By Dancindazed
Oct 15, 2012
Topic Status:
Not open for further replies.
  1. Hi,
    Every other day or so, I get a message from Nod32 saying that it's blocked an attack from an Olmarik.ao trojan, and it's been deleted, but it's happened a few times in the past week now. When I do any scans just after receiving this message from Nod32, it says system is clean, but a couple of days later it's come back. Just after receiving the warning from Nod32 each time, I then get something from windows asking if I give permission for Adobe to make changes (which I click close to) and then promptly after I get a "Run a Legacy CPL" "okay" or "cancel" message which I hit cancel to since I have no idea if it's part of the supposed trojan or not. Any help is much appreciated.
  2. Broni

    Broni Malware Annihilator Posts: 46,148   +251

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. Dancindazed

    Dancindazed Newcomer, in training Topic Starter

    Here are the three logs:
    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.15.13

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Matt :: MATT-ASUS [administrator]

    10/15/2012 7:22:17 PM
    mbam-log-2012-10-15 (19-22-17).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 221115
    Time elapsed: 9 minute(s), 50 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\$Recycle.Bin\S-1-5-21-3828105807-1611991605-2804181473-1001\$RDYVG8S.30\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    C:\$Recycle.Bin\S-1-5-21-3828105807-1611991605-2804181473-1001\$RGBVIOF.zip\freeamp.exe (Trojan.Foury) -> Quarantined and deleted successfully.
    C:\Users\Matt\AppData\Local\Temp\0.5707251912975778 (Trojan.Happili) -> Quarantined and deleted successfully.
    C:\Users\Matt\AppData\Local\Temp\7B14.tmp (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.

    (end)
    DDS (Ver_2012-10-14.05) - NTFS_AMD64
    Internet Explorer: 8.0.7601.17514
    Run by Matt at 19:53:49 on 2012-10-15
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3884.1800 [GMT -5:00]
    .
    AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\FBAgent.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
    C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\rundll32.exe
    C:\Users\Matt\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
    C:\Program Files (x86)\PowerMenu\PowerMenu.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\cscript.exe
    C:\Program Files (x86)\Illustrate\dBpoweramp\GetPopupInfo.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://asus.msn.com
    uDefault_Page_URL = hxxp://asus.msn.com
    uProxyOverride = localhost; 127.0.0.1; <local>
    uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
    uRun: [googletalk] C:\Users\Matt\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
    uRun: [Laptop CD/DVD Guard] C:\Program Files (x86)\Laptop CD-DVD Guard\cddg3.exe
    uRun: [Akamai NetSession Interface] "C:\Users\Matt\AppData\Local\Akamai\netsession_win.exe"
    mRun: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
    mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    mRun: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe" /r
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\Matt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\POWERM~1.LNK - C:\Program Files (x86)\PowerMenu\PowerMenu.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
    uPolicies-Explorer: NoDriveAutoRun = dword:0
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
    DPF: {830690FC-BF2F-47A6-AC2D-330BCB402664} - hxxp://skype.saveontelephonebills.com/skypebeta/Skype4COM.dll
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{1D8ADF84-5ACD-43D9-84AE-E27B4FFF6BB6} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{1D8ADF84-5ACD-43D9-84AE-E27B4FFF6BB6}\37E616B656079647 : DHCPNameServer = 192.168.1.1 68.238.64.12
    TCP: Interfaces\{1D8ADF84-5ACD-43D9-84AE-E27B4FFF6BB6}\4646D2772747 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{1D8ADF84-5ACD-43D9-84AE-E27B4FFF6BB6}\47D6F62696C656 : DHCPNameServer = 10.176.83.252 10.184.83.252
    TCP: Interfaces\{1D8ADF84-5ACD-43D9-84AE-E27B4FFF6BB6}\75962756C6563737455647865627 : DHCPNameServer = 192.168.2.254
    TCP: Interfaces\{1D8ADF84-5ACD-43D9-84AE-E27B4FFF6BB6}\C696E6B6379737 : DHCPNameServer = 24.220.0.10 24.220.0.11
    TCP: Interfaces\{7E581F41-796A-4AD9-9EDA-D12930517E8A} : DHCPNameServer = 24.220.0.10 24.220.0.11
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
    x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
    x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
    x64-Run: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2012-5-23 72240]
    R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2012-5-23 15920]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-11-10 379520]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-9-29 735960]
    R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2009-9-29 123200]
    R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2011-2-20 91456]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
    R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-3-15 71168]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-6 13784]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-10 2314240]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-10 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]
    R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-18 143472]
    R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2010-2-24 115312]
    R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-1-11 34304]
    R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-2-22 28160]
    R3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);C:\Windows\System32\drivers\vasdDev.sys [2012-9-16 1454896]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-10 135664]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-30 250808]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-9-26 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-9-26 79360]
    S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-10-15 117760]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-10 135664]
    S3 ksaud;Creative USB Audio Driver;C:\Windows\System32\drivers\ksaud.sys [2012-9-26 1587968]
    S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2010-1-25 10240]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-9 59392]
    S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-11 1255736]
    .
    =============== File Associations ===============
    .
    FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2012-10-16 00:21:42--------d-----w-C:\Users\Matt\AppData\Roaming\Malwarebytes
    2012-10-16 00:21:29--------d-----w-C:\ProgramData\Malwarebytes
    2012-10-16 00:21:2825928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-10-16 00:21:28--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-15 23:47:02120320----a-w-C:\ProgramData\Microsoft\Windows\DRM\C4FB.tmp.dat
    2012-10-15 02:02:32--------d-----w-C:\Program Files (x86)\AutoHotkey
    2012-10-15 02:00:39--------d-----w-C:\Program Files\AutoHotkey
    2012-10-09 23:53:405559664----a-w-C:\Windows\System32\ntoskrnl.exe
    2012-10-09 23:53:333914096----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2012-10-09 23:53:323968880----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2012-10-09 23:53:29220160----a-w-C:\Windows\System32\wintrust.dll
    2012-10-09 23:53:29172544----a-w-C:\Windows\SysWow64\wintrust.dll
    2012-10-09 23:53:152048----a-w-C:\Windows\SysWow64\tzres.dll
    2012-10-09 23:53:152048----a-w-C:\Windows\System32\tzres.dll
    2012-10-09 23:52:58715776----a-w-C:\Windows\System32\kerberos.dll
    2012-10-09 23:52:58542208----a-w-C:\Windows\SysWow64\kerberos.dll
    2012-10-09 23:52:481464320----a-w-C:\Windows\System32\crypt32.dll
    2012-10-09 23:52:461159680----a-w-C:\Windows\SysWow64\crypt32.dll
    2012-10-09 23:52:45184320----a-w-C:\Windows\System32\cryptsvc.dll
    2012-10-09 23:52:45140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
    2012-10-09 23:52:45140288----a-w-C:\Windows\System32\cryptnet.dll
    2012-10-09 23:52:44103936----a-w-C:\Windows\SysWow64\cryptnet.dll
    2012-10-08 22:55:44--------d-----w-C:\Program Files (x86)\Paltalk Messenger
    2012-10-08 00:44:49--------d-----w-C:\Program Files (x86)\iSpQ VideoChat 9
    2012-10-08 00:37:10--------d-----w-C:\Users\Matt\AppData\Roaming\ooVoo Details
    2012-10-04 02:14:432212656----a-w-C:\Windows\ETDUninst.dll
    2012-10-03 21:13:2733240----a-w-C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-10-03 21:12:33--------d-----w-C:\Program Files\iPod
    2012-10-03 21:12:31--------d-----w-C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-10-03 21:12:31--------d-----w-C:\Program Files\iTunes
    2012-10-02 21:13:44--------d-----w-C:\Users\Matt\AppData\Roaming\Mumble
    2012-10-02 01:29:58--------d-----w-C:\Users\Matt\AppData\Local\YoYo_Games_Ltd
    2012-10-02 01:29:55--------d-----w-C:\Users\Matt\AppData\Local\GameMaker8.1
    2012-10-02 01:29:19--------d-----w-C:\Users\Matt\GameMaker 8.1
    2012-09-26 23:51:56--------d-----w-C:\Users\Matt\AppData\Roaming\mIRC
    2012-09-26 21:42:1990112------w-C:\Windows\Updreg.EXE
    2012-09-26 21:41:55--------d-----w-C:\Program Files (x86)\Common Files\Creative
    2012-09-26 21:41:51--------d--h--w-C:\Program Files (x86)\Creative Installation Information
    2012-09-26 21:40:57728576----a-w-C:\Windows\SysWow64\KSAPO32.dll
    2012-09-26 21:40:57235520----a-w-C:\Windows\System32\KsDvInst.dll
    2012-09-26 21:40:57192512----a-w-C:\Windows\SysWow64\KSVSPI32.dll
    2012-09-26 21:40:5712344----a-w-C:\Windows\System32\MixerDefault.reg
    2012-09-26 21:40:56866304----a-w-C:\Windows\System32\KSAPO64.dll
    2012-09-26 21:40:56631428----a-w-C:\Windows\KSAIM64.exe
    2012-09-26 21:40:5657856----a-w-C:\Windows\System32\KSPPLD64.dll
    2012-09-26 21:40:56257536----a-w-C:\Windows\System32\KSVSPI64.dll
    2012-09-26 21:40:56116224----a-w-C:\Windows\System32\SBAVMon.dll
    2012-09-26 21:40:551587968----a-w-C:\Windows\System32\drivers\ksaud.sys
    2012-09-26 21:40:232630----a-r-C:\Windows\MixerName.reg
    2012-09-26 21:40:127062----a-w-C:\Windows\SysWow64\audiopid.vxd
    2012-09-26 21:39:56647872------w-C:\Windows\SysWow64\Mscomct2.ocx
    2012-09-26 21:39:5553248------w-C:\Windows\Ctregrun.exe
    2012-09-26 21:39:17466520----a-w-C:\Windows\System32\wrap_oal.dll
    2012-09-26 21:39:17123480----a-w-C:\Windows\System32\OpenAL32.dll
    2012-09-26 21:39:16809560----a-r-C:\Windows\SysWow64\tmpDCE8.tmp
    2012-09-26 21:39:16445016----a-w-C:\Windows\SysWow64\wrap_oal.dll
    2012-09-26 21:39:16109144----a-w-C:\Windows\SysWow64\OpenAL32.dll
    2012-09-26 21:39:142902493------w-C:\Windows\SysWow64\Sens_oal.dll
    2012-09-26 21:39:141940992------w-C:\Windows\System32\Sens_oal.dll
    2012-09-26 21:38:42--------d-----w-C:\Program Files (x86)\Common Files\Creative Labs Shared
    2012-09-26 21:37:22--------d-----w-C:\Program Files\Creative
    2012-09-26 21:36:47--------d-----w-C:\Program Files (x86)\Creative
    2012-09-21 20:18:07--------d-----w-C:\Users\Matt\AppData\Local\SecondLife
    2012-09-18 20:24:12--------d-----w-C:\Program Files (x86)\MP3Quiz
    2012-09-18 20:10:16106496----a-r-C:\Users\Matt\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
    2012-09-18 20:10:16106496----a-r-C:\Users\Matt\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
    2012-09-18 20:10:02--------d-----w-C:\Program Files (x86)\Common Files\Tencent
    2012-09-18 20:10:00--------d-----w-C:\Program Files (x86)\Tencent
    2012-09-18 20:09:47--------d-----w-C:\Users\Matt\AppData\Roaming\Tencent
    2012-09-18 20:09:4418760----a-w-C:\Windows\SysWow64\QQVistaHelper.dll
    2012-09-18 19:55:32--------d-----w-C:\Users\Matt\AppData\Roaming\CommFort
    2012-09-18 19:45:52249856------w-C:\Windows\Setup1.exe
    2012-09-18 19:45:5173216----a-w-C:\Windows\ST6UNST.EXE
    2012-09-17 04:12:031454896----a-w-C:\Windows\System32\drivers\vasdDev.sys
    2012-09-17 04:12:02--------d-----w-C:\Program Files (x86)\ShiningMorning
    2012-09-16 01:20:36--------d-----w-C:\Program Files (x86)\Realtek
    2012-09-16 01:20:341706640----a-w-C:\Windows\RtlExUpd.dll
    2012-09-16 01:05:24--------d-----w-C:\swsetup
    .
    ==================== Find3M ====================
    .
    2012-10-08 19:51:2373656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-08 19:51:23696760----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-04 03:36:22117760----a-w-C:\Windows\System32\drivers\ETD.sys
    2012-09-23 06:41:17704512----a-w-C:\Windows\System32\drivers\CHDRT64.sys
    2012-09-16 00:47:0553248----a-w-C:\Windows\SysWow64\CSVer.dll
    2012-08-24 18:05:061188864----a-w-C:\Windows\System32\wininet.dll
    2012-08-24 16:57:48981504----a-w-C:\Windows\SysWow64\wininet.dll
    2012-08-24 15:59:301638912----a-w-C:\Windows\System32\mshtml.tlb
    2012-08-24 15:20:391638912----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:501913200----a-w-C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40376688----a-w-C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-21 18:01:20125872----a-w-C:\Windows\System32\GEARAspi64.dll
    2012-08-21 18:01:20106928----a-w-C:\Windows\SysWow64\GEARAspi.dll
    2012-08-21 03:07:18127488----a-w-C:\Windows\System32\ff_vfw.dll
    2012-07-23 14:21:4445056----a-w-C:\Windows\System32\acovcnt.exe
    2012-07-19 18:58:26174229----a-w-C:\Windows\System32\avfilter-lav-3.dll
    2012-07-18 18:15:063148800----a-w-C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 19:56:21.71 ===============
    Gmer log was empty.
    Thanks.
  4. Broni

    Broni Malware Annihilator Posts: 46,148   +251

    I still need Attach.txt log from DDS.

    Next....

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    =====================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  5. Dancindazed

    Dancindazed Newcomer, in training Topic Starter

    Ok here's attach.txt log, and then I'll move onto next step as well.
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-14.05)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/10/2011 6:14:03 PM
    System Uptime: 10/15/2012 7:45:19 PM (1 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | K52F
    Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | Socket 989 | 1190/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 116 GiB total, 22.282 GiB free.
    D: is FIXED (NTFS) - 306 GiB total, 82.695 GiB free.
    E: is CDROM (CDFS)
    U: is FIXED (FAT32) - 23 GiB total, 10.776 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP160: 10/7/2012 7:44:07 PM - Installed iSpQ VideoChat 9
    RP161: 10/7/2012 7:59:10 PM - Removed ooVoo
    RP162: 10/7/2012 7:59:41 PM - Removed iSpQ VideoChat 9
    RP163: 10/9/2012 11:17:12 PM - Removed Tencent QQ.
    RP164: 10/9/2012 11:20:59 PM - Removed CWA Reminder by We-Care.com v4.1.18.3
    RP165: 10/10/2012 3:00:22 AM - Windows Update
    RP166: 10/15/2012 8:18:01 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    µTorrent
    7-Zip 9.22beta
    Acrobat.com
    Adobe AIR
    Adobe Digital Editions
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.6
    Amazon MP3 Uploader
    AmpliTube 3 version 3.7.0
    Any DVD Cloner Platinum 1.1.6
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASUS AI Recovery
    ASUS LifeFrame3
    ASUS MultiFrame
    ASUS Power4Gear Hybrid
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS Video Magic
    ASUS Virtual Camera
    ATK Package
    AutoHotkey 1.0.48.05
    AutoHotkey_L 1.1.08.01
    Bonjour
    Bulk Rename Utility 2.7.1.2
    Buzzamp ONLINE 4.0
    Buzzamp SP 2 2.0
    Camfrog Cloud Server 1.1 (remove only)
    Camfrog Video Chat 6.2
    Cantabile 2.0 Lite
    Choice Guard
    Conexant HD Audio
    ControlDeck
    CopyTrans Suite Remove Only
    Creative System Information
    CyberLink LabelPrint
    CyberLink MediaShow Espresso
    CyberLink PhotoNow
    CyberLink Power2Go
    CyberLink PowerDirector
    CyberLink PowerDVD 9
    dBpoweramp [Multi Encoder] Codec
    dBpoweramp CD Writer
    dBpoweramp DSP Effects
    dBpoweramp Music Converter
    dBpoweramp Ogg Vorbis Codec
    Deep Rybka 3
    Dropbox
    DVD Shrink 3.2
    ESET NOD32 Antivirus
    Fast Boot
    Free RAR Extract Frog
    GoldWave v5.58
    Google Chrome
    Google Earth
    Google Talk (remove only)
    Google Toolbar for Internet Explorer
    Google Update Helper
    High-Definition Video Playback
    I-Sound Recorder Pro 7.0.3.0
    ImgBurn
    Indline
    InfraRecorder 0.52 (x64 edition)
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Turbo Boost Technology Monitor
    iQuiz Maker
    iTunes
    iTunes Library Updater
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 26
    JMicron Ethernet Adapter NDIS Driver
    JMicron Flash Media Controller Driver
    K_Series_ScreenSaver_EN
    Lame ACM MP3 Codec
    Last.fm 1.5.4.27091
    LP_PalScore V1.0.5
    LPMultiScore V1.0.3
    Malwarebytes Anti-Malware version 1.65.0.1400
    ManyCam 3.0.68 (remove only)
    MeCanto 1.0.5722
    MediaMonkey 4.0
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MotoConnect
    Motorola Driver Installation 4.6.0
    MP3Quiz
    MSVCRT
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    MusicBrainz Picard
    Nero 11
    Nero 11 Disc Menus Basic
    Nero 11 Effects Basic
    Nero 11 Image Samples
    Nero 11 Kwik Themes Basic
    Nero 11 PiP Effects Basic
    Nero Audio Pack 1
    Nero BackItUp 11
    Nero BackItUp 11 Help (CHM)
    Nero Backup Drivers
    Nero Burning ROM 11
    Nero Burning ROM 11 Help (CHM)
    Nero ControlCenter 11
    Nero ControlCenter 11 Help (CHM)
    Nero Core Components 11
    Nero CoverDesigner 11
    Nero CoverDesigner 11 Help (CHM)
    Nero Express 11
    Nero Express 11 Help (CHM)
    Nero Kwik Media
    Nero Kwik Media Help (CHM)
    Nero Recode 11
    Nero Recode 11 Help (CHM)
    Nero RescueAgent 11
    Nero RescueAgent 11 Help (CHM)
    Nero SharedVideoCodecs
    Nero SoundTrax 11
    Nero SoundTrax 11 Help (CHM)
    Nero Update
    Nero Video 11
    Nero Video 11 Help (CHM)
    Nero WaveEditor 11
    Nero WaveEditor 11 Help (CHM)
    nero.prerequisites.msi
    Novacomd
    OpenOffice.org 3.3
    Paltalk Messenger 10.2
    Picasa 3
    Pidgin
    PowerISO
    PowerMenu 1.51
    QuickTime
    QuizCreator
    QuizXpress 3.3
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Skype Click to Call
    Skype™ 5.10
    SoulSeek 157 NS 13e
    Sound Blaster X-Fi Go! Pro
    StreamTorrent 1.0
    swMSM
    syncables desktop SE
    System Requirements Lab for Intel
    Tag&Rename 3.5.7
    TSP_CODEC
    Ubuntu
    Unity Web Player
    USB2.0 UVC VGA WebCam
    VBRunDLL 3.4
    Virtual Audio Streaming 4.0
    VLC media player 1.1.7
    VoiceOver Kit
    Welcome App (Start-up experience)
    Winamp
    Winamp Detector Plug-in
    WinDirStat 1.1.2
    Windows 7 Codec Pack 4.0.3
    Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Encoder 9 Series SDK
    WinFlash
    Wireless Console 3
    WordBiz version 1.8
    X-Edit
    XBMC
    Yahoo! Detect
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    Yazak Chat 8.90.18
    Zortam Mp3 Media Studio 13.30
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/15/2012 7:58:50 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
    10/15/2012 7:58:50 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
    10/15/2012 7:58:50 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
    10/10/2012 8:52:06 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    10/10/2012 8:52:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/10/2012 8:52:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/10/2012 8:52:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    10/10/2012 8:52:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    10/10/2012 8:51:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/10/2012 8:51:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/10/2012 8:51:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache ehdrv NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf
    10/10/2012 8:51:36 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/10/2012 8:51:36 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/10/2012 8:51:36 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    10/10/2012 8:51:36 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/10/2012 8:51:36 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/10/2012 8:51:36 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    10/10/2012 8:51:36 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/10/2012 8:51:36 PM, Error: Service Control Manager [7001] - The MotoConnect Service service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
    10/10/2012 8:51:36 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/10/2012 8:51:36 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/10/2012 8:51:36 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/10/2012 8:51:32 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
    10/10/2012 2:53:49 PM, Error: Service Control Manager [7022] - The Intel(R) Management & Security Application User Notification Service service hung on starting.
    .
    ==== End Of File ===========================
  6. Dancindazed

    Dancindazed Newcomer, in training Topic Starter

    20:37:44.0243 4500 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    20:37:45.0391 4500 ============================================================
    20:37:45.0391 4500 Current date / time: 2012/10/15 20:37:45.0391
    20:37:45.0391 4500 SystemInfo:
    20:37:45.0391 4500
    20:37:45.0391 4500 OS Version: 6.1.7601 ServicePack: 1.0
    20:37:45.0391 4500 Product type: Workstation
    20:37:45.0392 4500 ComputerName: MATT-ASUS
    20:37:45.0392 4500 UserName: Matt
    20:37:45.0392 4500 Windows directory: C:\Windows
    20:37:45.0392 4500 System windows directory: C:\Windows
    20:37:45.0392 4500 Running under WOW64
    20:37:45.0392 4500 Processor architecture: Intel x64
    20:37:45.0392 4500 Number of processors: 4
    20:37:45.0392 4500 Page size: 0x1000
    20:37:45.0392 4500 Boot type: Normal boot
    20:37:45.0392 4500 ============================================================
    20:37:46.0510 4500 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    20:37:46.0520 4500 ============================================================
    20:37:46.0520 4500 \Device\Harddisk0\DR0:
    20:37:46.0520 4500 MBR partitions:
    20:37:46.0520 4500 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2710040, BlocksNum 0xE8E1C28
    20:37:46.0533 4500 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10FF2468, BlocksNum 0x264B3BC8
    20:37:46.0560 4500 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xB, StartLBA 0x374A6800, BlocksNum 0x2EDF800
    20:37:46.0560 4500 ============================================================
    20:37:46.0611 4500 C: <-> \Device\Harddisk0\DR0\Partition1
    20:37:46.0651 4500 D: <-> \Device\Harddisk0\DR0\Partition2
    20:37:46.0680 4500 U: <-> \Device\Harddisk0\DR0\Partition3
    20:37:46.0680 4500 ============================================================
    20:37:46.0680 4500 Initialize success
    20:37:46.0680 4500 ============================================================
    20:37:48.0145 6020 ============================================================
    20:37:48.0145 6020 Scan started
    20:37:48.0145 6020 Mode: Manual;
    20:37:48.0145 6020 ============================================================
    20:37:49.0223 6020 ================ Scan system memory ========================
    20:37:49.0223 6020 System memory - ok
    20:37:49.0223 6020 ================ Scan services =============================
    20:37:49.0413 6020 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    20:37:49.0418 6020 1394ohci - ok
    20:37:49.0458 6020 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    20:37:49.0467 6020 ACPI - ok
    20:37:49.0587 6020 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    20:37:49.0587 6020 AcpiPmi - ok
    20:37:49.0771 6020 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    20:37:49.0776 6020 AdobeARMservice - ok
    20:37:49.0905 6020 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    20:37:49.0909 6020 AdobeFlashPlayerUpdateSvc - ok
    20:37:49.0970 6020 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    20:37:50.0079 6020 adp94xx - ok
    20:37:50.0123 6020 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    20:37:50.0130 6020 adpahci - ok
    20:37:50.0149 6020 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    20:37:50.0156 6020 adpu320 - ok
    20:37:50.0193 6020 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    20:37:50.0196 6020 AeLookupSvc - ok
    20:37:50.0255 6020 [ 734D1BA96BE6AD8D04E6AFEAD569EA8A ] AFBAgent C:\Windows\system32\FBAgent.exe
    20:37:50.0263 6020 AFBAgent - ok
    20:37:50.0309 6020 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    20:37:50.0318 6020 AFD - ok
    20:37:50.0355 6020 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    20:37:50.0358 6020 agp440 - ok
    20:37:50.0389 6020 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    20:37:50.0393 6020 ALG - ok
    20:37:50.0425 6020 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    20:37:50.0426 6020 aliide - ok
    20:37:50.0447 6020 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    20:37:50.0448 6020 amdide - ok
    20:37:50.0479 6020 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    20:37:50.0481 6020 AmdK8 - ok
    20:37:50.0498 6020 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    20:37:50.0501 6020 AmdPPM - ok
    20:37:50.0547 6020 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
    20:37:50.0552 6020 amdsata - ok
    20:37:50.0590 6020 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    20:37:50.0656 6020 amdsbs - ok
    20:37:50.0678 6020 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    20:37:50.0678 6020 amdxata - ok
    20:37:50.0743 6020 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    20:37:50.0746 6020 AppID - ok
    20:37:50.0774 6020 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    20:37:50.0776 6020 AppIDSvc - ok
    20:37:50.0819 6020 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    20:37:50.0823 6020 Appinfo - ok
    20:37:50.0916 6020 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    20:37:50.0922 6020 Apple Mobile Device - ok
    20:37:50.0956 6020 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    20:37:51.0011 6020 arc - ok
    20:37:51.0032 6020 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    20:37:51.0035 6020 arcsas - ok
    20:37:51.0098 6020 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    20:37:51.0105 6020 ASLDRService - ok
    20:37:51.0133 6020 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
    20:37:51.0134 6020 ASMMAP64 - ok
    20:37:51.0239 6020 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    20:37:51.0241 6020 aspnet_state - ok
    20:37:51.0262 6020 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    20:37:51.0295 6020 AsyncMac - ok
    20:37:51.0338 6020 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    20:37:51.0339 6020 atapi - ok
    20:37:51.0400 6020 [ F8633CDD09647A64EE8DB550630427FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
    20:37:51.0447 6020 athr - ok
    20:37:51.0468 6020 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    20:37:51.0471 6020 ATKGFNEXSrv - ok
    20:37:51.0534 6020 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    20:37:51.0557 6020 AudioEndpointBuilder - ok
    20:37:51.0589 6020 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    20:37:51.0596 6020 AudioSrv - ok
    20:37:51.0688 6020 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    20:37:51.0691 6020 AxInstSV - ok
    20:37:51.0734 6020 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    20:37:51.0744 6020 b06bdrv - ok
    20:37:51.0784 6020 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    20:37:51.0790 6020 b57nd60a - ok
    20:37:51.0826 6020 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    20:37:51.0829 6020 BDESVC - ok
    20:37:51.0848 6020 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    20:37:51.0848 6020 Beep - ok
    20:37:51.0922 6020 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    20:37:51.0945 6020 BFE - ok
    20:37:51.0977 6020 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    20:37:52.0011 6020 BITS - ok
    20:37:52.0030 6020 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    20:37:52.0031 6020 blbdrive - ok
    20:37:52.0133 6020 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    20:37:52.0143 6020 Bonjour Service - ok
    20:37:52.0175 6020 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    20:37:52.0178 6020 bowser - ok
    20:37:52.0211 6020 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    20:37:52.0212 6020 BrFiltLo - ok
    20:37:52.0233 6020 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    20:37:52.0234 6020 BrFiltUp - ok
    20:37:52.0284 6020 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    20:37:52.0288 6020 Browser - ok
    20:37:52.0317 6020 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    20:37:52.0361 6020 Brserid - ok
    20:37:52.0385 6020 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    20:37:52.0387 6020 BrSerWdm - ok
    20:37:52.0402 6020 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    20:37:52.0403 6020 BrUsbMdm - ok
    20:37:52.0417 6020 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    20:37:52.0418 6020 BrUsbSer - ok
    20:37:52.0436 6020 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    20:37:52.0439 6020 BTHMODEM - ok
    20:37:52.0478 6020 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    20:37:52.0482 6020 bthserv - ok
    20:37:52.0504 6020 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    20:37:52.0506 6020 cdfs - ok
    20:37:52.0554 6020 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    20:37:52.0594 6020 cdrom - ok
    20:37:52.0635 6020 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    20:37:52.0639 6020 CertPropSvc - ok
    20:37:52.0673 6020 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    20:37:52.0677 6020 circlass - ok
    20:37:52.0717 6020 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    20:37:52.0795 6020 CLFS - ok
    20:37:52.0856 6020 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    20:37:52.0862 6020 clr_optimization_v2.0.50727_32 - ok
    20:37:52.0919 6020 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    20:37:52.0923 6020 clr_optimization_v2.0.50727_64 - ok
    20:37:52.0994 6020 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    20:37:52.0998 6020 clr_optimization_v4.0.30319_32 - ok
    20:37:53.0017 6020 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    20:37:53.0023 6020 clr_optimization_v4.0.30319_64 - ok
    20:37:53.0058 6020 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    20:37:53.0060 6020 CmBatt - ok
    20:37:53.0082 6020 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    20:37:53.0082 6020 cmdide - ok
    20:37:53.0137 6020 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    20:37:53.0147 6020 CNG - ok
    20:37:53.0242 6020 [ F7CA3ACCF5AA0E2182546C5BE42B2E96 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
    20:37:53.0375 6020 CnxtHdAudService - ok
    20:37:53.0418 6020 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    20:37:53.0419 6020 Compbatt - ok
    20:37:53.0455 6020 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    20:37:53.0457 6020 CompositeBus - ok
    20:37:53.0477 6020 COMSysApp - ok
    20:37:53.0497 6020 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    20:37:53.0498 6020 crcdisk - ok
    20:37:53.0556 6020 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    20:37:53.0558 6020 Creative ALchemy AL6 Licensing Service - ok
    20:37:53.0571 6020 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    20:37:53.0573 6020 Creative Audio Engine Licensing Service - ok
    20:37:53.0613 6020 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    20:37:53.0618 6020 CryptSvc - ok
    20:37:53.0719 6020 [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    20:37:53.0724 6020 CTAudSvcService - ok
    20:37:53.0801 6020 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    20:37:53.0826 6020 DcomLaunch - ok
    20:37:53.0873 6020 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    20:37:53.0882 6020 defragsvc - ok
    20:37:53.0927 6020 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    20:37:53.0930 6020 DfsC - ok
    20:37:53.0981 6020 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    20:37:53.0989 6020 Dhcp - ok
    20:37:54.0014 6020 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    20:37:54.0015 6020 discache - ok
    20:37:54.0058 6020 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    20:37:54.0102 6020 Disk - ok
    20:37:54.0132 6020 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    20:37:54.0137 6020 Dnscache - ok
    20:37:54.0174 6020 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    20:37:54.0181 6020 dot3svc - ok
    20:37:54.0228 6020 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    20:37:54.0234 6020 DPS - ok
    20:37:54.0268 6020 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    20:37:54.0268 6020 drmkaud - ok
    20:37:54.0321 6020 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    20:37:54.0354 6020 DXGKrnl - ok
    20:37:54.0404 6020 [ 082DAB566F704D258D35BA89F21239CA ] eamon C:\Windows\system32\DRIVERS\eamon.sys
    20:37:54.0408 6020 eamon - ok
    20:37:54.0440 6020 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    20:37:54.0444 6020 EapHost - ok
    20:37:54.0549 6020 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    20:37:54.0639 6020 ebdrv - ok
    20:37:54.0718 6020 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    20:37:54.0720 6020 EFS - ok
    20:37:54.0772 6020 [ 4FF6F92F170550E226B4595766C4D6A6 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
    20:37:54.0776 6020 ehdrv - ok
    20:37:54.0930 6020 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    20:37:54.0953 6020 ehRecvr - ok
    20:37:54.0982 6020 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    20:37:54.0986 6020 ehSched - ok
    20:37:55.0033 6020 [ 98B82B6AFA03F8F0DD058C3DFCEA472A ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    20:37:55.0034 6020 EhttpSrv - ok
    20:37:55.0075 6020 [ 9737FC97B5C941F083C4E46CBCCE2D4A ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    20:37:55.0098 6020 ekrn - ok
    20:37:55.0159 6020 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    20:37:55.0169 6020 elxstor - ok
    20:37:55.0205 6020 [ 71C8CBDE6B18F90F19E9C7CB884F87C8 ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
    20:37:55.0208 6020 epfwwfpr - ok
    20:37:55.0228 6020 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    20:37:55.0229 6020 ErrDev - ok
    20:37:55.0298 6020 [ 3C38648375B7F3988691F53A7AAE10A9 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
    20:37:55.0301 6020 ETD - ok
    20:37:55.0339 6020 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    20:37:55.0348 6020 EventSystem - ok
    20:37:55.0390 6020 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    20:37:55.0395 6020 exfat - ok
    20:37:55.0416 6020 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    20:37:55.0492 6020 fastfat - ok
    20:37:55.0558 6020 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    20:37:55.0580 6020 Fax - ok
    20:37:55.0606 6020 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    20:37:55.0608 6020 fdc - ok
    20:37:55.0646 6020 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    20:37:55.0648 6020 fdPHost - ok
    20:37:55.0661 6020 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    20:37:55.0665 6020 FDResPub - ok
    20:37:55.0688 6020 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    20:37:55.0690 6020 FileInfo - ok
    20:37:55.0707 6020 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    20:37:55.0710 6020 Filetrace - ok
    20:37:55.0745 6020 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    20:37:55.0748 6020 flpydisk - ok
    20:37:55.0805 6020 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    20:37:55.0812 6020 FltMgr - ok
    20:37:55.0867 6020 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
    20:37:55.0901 6020 FontCache - ok
    20:37:55.0980 6020 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    20:37:55.0992 6020 FontCache3.0.0.0 - ok
    20:37:56.0035 6020 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    20:37:56.0068 6020 FsDepends - ok
    20:37:56.0109 6020 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    20:37:56.0110 6020 Fs_Rec - ok
    20:37:56.0181 6020 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    20:37:56.0187 6020 fvevol - ok
    20:37:56.0223 6020 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    20:37:56.0225 6020 gagp30kx - ok
    20:37:56.0287 6020 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    20:37:56.0382 6020 GEARAspiWDM - ok
    20:37:56.0433 6020 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    20:37:56.0461 6020 gpsvc - ok
    20:37:56.0559 6020 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    20:37:56.0566 6020 gupdate - ok
    20:37:56.0604 6020 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    20:37:56.0606 6020 gupdatem - ok
    20:37:56.0661 6020 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    20:37:56.0669 6020 gusvc - ok
    20:37:56.0704 6020 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    20:37:56.0707 6020 hcw85cir - ok
    20:37:56.0754 6020 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    20:37:56.0762 6020 HdAudAddService - ok
    20:37:56.0793 6020 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    20:37:56.0798 6020 HDAudBus - ok
    20:37:56.0840 6020 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    20:37:56.0842 6020 HECIx64 - ok
    20:37:56.0861 6020 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    20:37:56.0920 6020 HidBatt - ok
    20:37:56.0960 6020 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    20:37:56.0963 6020 HidBth - ok
    20:37:56.0996 6020 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    20:37:56.0998 6020 HidIr - ok
    20:37:57.0021 6020 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    20:37:57.0025 6020 hidserv - ok
    20:37:57.0058 6020 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    20:37:57.0060 6020 HidUsb - ok
    20:37:57.0117 6020 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    20:37:57.0121 6020 hkmsvc - ok
    20:37:57.0168 6020 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    20:37:57.0175 6020 HomeGroupListener - ok
    20:37:57.0210 6020 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    20:37:57.0217 6020 HomeGroupProvider - ok
    20:37:57.0247 6020 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    20:37:57.0249 6020 HpSAMD - ok
    20:37:57.0313 6020 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    20:37:57.0335 6020 HTTP - ok
    20:37:57.0380 6020 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    20:37:57.0381 6020 hwpolicy - ok
    20:37:57.0412 6020 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    20:37:57.0416 6020 i8042prt - ok
    20:37:57.0464 6020 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    20:37:57.0470 6020 iaStor - ok
    20:37:57.0519 6020 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    20:37:57.0585 6020 iaStorV - ok
    20:37:57.0664 6020 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    20:37:57.0666 6020 IDriverT - ok
    20:37:57.0736 6020 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    20:37:57.0769 6020 idsvc - ok
    20:37:58.0085 6020 [ 4128D51B770BB68FE44EAF3AD1DBAB25 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    20:37:58.0380 6020 igfx - ok
    20:37:58.0442 6020 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    20:37:58.0444 6020 iirsp - ok
    20:37:58.0506 6020 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    20:37:58.0540 6020 IKEEXT - ok
    20:37:58.0581 6020 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
    20:37:58.0585 6020 Impcd - ok
    20:37:58.0629 6020 [ AE594CC17C33AC146739494615E14851 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    20:37:58.0635 6020 IntcDAud - ok
    20:37:58.0674 6020 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    20:37:58.0676 6020 intelide - ok
    20:37:58.0710 6020 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    20:37:58.0712 6020 intelppm - ok
    20:37:58.0749 6020 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    20:37:58.0754 6020 IPBusEnum - ok
    20:37:58.0798 6020 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    20:37:58.0800 6020 IpFilterDriver - ok
    20:37:58.0841 6020 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    20:37:58.0864 6020 iphlpsvc - ok
    20:37:58.0902 6020 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    20:37:58.0905 6020 IPMIDRV - ok
    20:37:58.0936 6020 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    20:37:59.0001 6020 IPNAT - ok
    20:37:59.0090 6020 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    20:37:59.0123 6020 iPod Service - ok
    20:37:59.0165 6020 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    20:37:59.0166 6020 IRENUM - ok
    20:37:59.0185 6020 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    20:37:59.0186 6020 isapnp - ok
    20:37:59.0216 6020 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    20:37:59.0221 6020 iScsiPrt - ok
    20:37:59.0287 6020 [ DB917B998CBC15A153C00DD6EFC34C13 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
    20:37:59.0290 6020 JMCR - ok
    20:37:59.0321 6020 [ DE4B2249D95C7815D06A39EA5FF4EE53 ] JME C:\Windows\system32\DRIVERS\JME.sys
    20:37:59.0324 6020 JME - ok
    20:37:59.0353 6020 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    20:37:59.0355 6020 kbdclass - ok
    20:37:59.0390 6020 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    20:37:59.0390 6020 kbdhid - ok
    20:37:59.0432 6020 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
    20:37:59.0433 6020 kbfiltr - ok
    20:37:59.0450 6020 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    20:37:59.0452 6020 KeyIso - ok
    20:37:59.0541 6020 [ B53BB94C3C7ED08E771CEA82D0DB705A ] ksaud C:\Windows\system32\drivers\ksaud.sys
    20:37:59.0586 6020 ksaud - ok
    20:37:59.0630 6020 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    20:37:59.0635 6020 KSecDD - ok
    20:37:59.0651 6020 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    20:37:59.0654 6020 KSecPkg - ok
    20:37:59.0688 6020 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    20:37:59.0688 6020 ksthunk - ok
    20:37:59.0717 6020 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    20:37:59.0725 6020 KtmRm - ok
    20:37:59.0781 6020 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    20:37:59.0789 6020 LanmanServer - ok
    20:37:59.0828 6020 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    20:37:59.0834 6020 LanmanWorkstation - ok
    20:37:59.0870 6020 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    20:37:59.0873 6020 lltdio - ok
    20:37:59.0903 6020 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    20:37:59.0910 6020 lltdsvc - ok
    20:37:59.0940 6020 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    20:37:59.0942 6020 lmhosts - ok
    20:38:00.0059 6020 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    20:38:00.0066 6020 LMS - ok
    20:38:00.0106 6020 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    20:38:00.0109 6020 LSI_FC - ok
    20:38:00.0138 6020 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    20:38:00.0182 6020 LSI_SAS - ok
    20:38:00.0207 6020 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    20:38:00.0251 6020 LSI_SAS2 - ok
    20:38:00.0271 6020 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    20:38:00.0337 6020 LSI_SCSI - ok
    20:38:00.0375 6020 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    20:38:00.0379 6020 luafv - ok
    20:38:00.0436 6020 [ 922CBAC7B992B9614CAB7122F4BF9406 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
    20:38:00.0438 6020 ManyCam - ok
    20:38:00.0460 6020 [ 34A42DD7CF525D0D2C5232916496E4B8 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys
    20:38:00.0461 6020 mcaudrv_simple - ok
    20:38:00.0499 6020 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    20:38:00.0503 6020 Mcx2Svc - ok
    20:38:00.0529 6020 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    20:38:00.0595 6020 megasas - ok
    20:38:00.0622 6020 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    20:38:00.0627 6020 MegaSR - ok
    20:38:00.0661 6020 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    20:38:00.0666 6020 MMCSS - ok
    20:38:00.0684 6020 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    20:38:00.0686 6020 Modem - ok
    20:38:00.0714 6020 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    20:38:00.0716 6020 monitor - ok
    20:38:00.0771 6020 [ BE72F68C3E898C6C7DD61AFDF28769DD ] MotoConnect Service C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
    20:38:00.0772 6020 MotoConnect Service - ok
    20:38:00.0798 6020 [ 307727F9829FB46FF4BE0E4D1DAC5002 ] motusbdevice C:\Windows\system32\DRIVERS\motusbdevice.sys
    20:38:00.0799 6020 motusbdevice - ok
    20:38:00.0826 6020 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    20:38:00.0829 6020 mouclass - ok
    20:38:00.0865 6020 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    20:38:00.0866 6020 mouhid - ok
    20:38:00.0926 6020 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    20:38:00.0929 6020 mountmgr - ok
    20:38:00.0967 6020 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    20:38:00.0970 6020 mpio - ok
    20:38:00.0993 6020 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    20:38:01.0048 6020 mpsdrv - ok
    20:38:01.0106 6020 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    20:38:01.0133 6020 MpsSvc - ok
    20:38:01.0178 6020 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    20:38:01.0181 6020 MRxDAV - ok
    20:38:01.0222 6020 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    20:38:01.0228 6020 mrxsmb - ok
    20:38:01.0263 6020 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    20:38:01.0268 6020 mrxsmb10 - ok
    20:38:01.0289 6020 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    20:38:01.0292 6020 mrxsmb20 - ok
    20:38:01.0314 6020 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    20:38:01.0316 6020 msahci - ok
    20:38:01.0342 6020 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    20:38:01.0346 6020 msdsm - ok
    20:38:01.0373 6020 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    20:38:01.0379 6020 MSDTC - ok
    20:38:01.0410 6020 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    20:38:01.0411 6020 Msfs - ok
    20:38:01.0435 6020 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    20:38:01.0436 6020 mshidkmdf - ok
    20:38:01.0453 6020 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    20:38:01.0453 6020 msisadrv - ok
    20:38:01.0486 6020 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    20:38:01.0490 6020 MSiSCSI - ok
    20:38:01.0496 6020 msiserver - ok
    20:38:01.0532 6020 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    20:38:01.0533 6020 MSKSSRV - ok
    20:38:01.0554 6020 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    20:38:01.0556 6020 MSPCLOCK - ok
    20:38:01.0563 6020 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    20:38:01.0590 6020 MSPQM - ok
    20:38:01.0629 6020 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    20:38:01.0637 6020 MsRPC - ok
    20:38:01.0664 6020 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    20:38:01.0665 6020 mssmbios - ok
    20:38:01.0704 6020 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    20:38:01.0704 6020 MSTEE - ok
    20:38:01.0728 6020 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    20:38:01.0729 6020 MTConfig - ok
    20:38:01.0754 6020 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor
  7. Dancindazed

    Dancindazed Newcomer, in training Topic Starter

    C:\Windows\system32\DRIVERS\ATK64AMD.sys
    20:38:01.0755 6020 MTsensor - ok
    20:38:01.0809 6020 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    20:38:01.0814 6020 Mup - ok
    20:38:01.0879 6020 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    20:38:01.0901 6020 napagent - ok
    20:38:01.0944 6020 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    20:38:01.0950 6020 NativeWifiP - ok
    20:38:02.0089 6020 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
    20:38:02.0116 6020 NAUpdate - ok
    20:38:02.0155 6020 [ DACA803A8D732FE5EEAA024EC342F81D ] NBVol C:\Windows\system32\DRIVERS\NBVol.sys
    20:38:02.0157 6020 NBVol - ok
    20:38:02.0181 6020 [ 6208F622E9E35860DFB0753DFF56F0C0 ] NBVolUp C:\Windows\system32\DRIVERS\NBVolUp.sys
    20:38:02.0182 6020 NBVolUp - ok
    20:38:02.0245 6020 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
    20:38:02.0322 6020 NDIS - ok
    20:38:02.0359 6020 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    20:38:02.0386 6020 NdisCap - ok
    20:38:02.0417 6020 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    20:38:02.0418 6020 NdisTapi - ok
    20:38:02.0456 6020 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    20:38:02.0460 6020 Ndisuio - ok
    20:38:02.0494 6020 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    20:38:02.0499 6020 NdisWan - ok
    20:38:02.0556 6020 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    20:38:02.0560 6020 NDProxy - ok
    20:38:02.0607 6020 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    20:38:02.0651 6020 NetBIOS - ok
    20:38:02.0700 6020 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    20:38:02.0705 6020 NetBT - ok
    20:38:02.0730 6020 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    20:38:02.0732 6020 Netlogon - ok
    20:38:02.0770 6020 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    20:38:02.0780 6020 Netman - ok
    20:38:02.0815 6020 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:38:02.0820 6020 NetMsmqActivator - ok
    20:38:02.0827 6020 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:38:02.0829 6020 NetPipeActivator - ok
    20:38:02.0858 6020 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    20:38:02.0869 6020 netprofm - ok
    20:38:02.0876 6020 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:38:02.0878 6020 NetTcpActivator - ok
    20:38:02.0885 6020 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:38:02.0888 6020 NetTcpPortSharing - ok
    20:38:02.0929 6020 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    20:38:02.0995 6020 nfrd960 - ok
    20:38:03.0048 6020 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    20:38:03.0058 6020 NlaSvc - ok
    20:38:03.0132 6020 [ 1E8281A0BC4358CF816754E0A195D329 ] NovacomD C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
    20:38:03.0135 6020 NovacomD - ok
    20:38:03.0145 6020 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    20:38:03.0148 6020 Npfs - ok
    20:38:03.0160 6020 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    20:38:03.0163 6020 nsi - ok
    20:38:03.0183 6020 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    20:38:03.0210 6020 nsiproxy - ok
    20:38:03.0316 6020 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    20:38:03.0362 6020 Ntfs - ok
    20:38:03.0379 6020 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    20:38:03.0406 6020 Null - ok
    20:38:03.0450 6020 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    20:38:03.0454 6020 nvraid - ok
    20:38:03.0480 6020 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    20:38:03.0485 6020 nvstor - ok
    20:38:03.0538 6020 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    20:38:03.0541 6020 nv_agp - ok
    20:38:03.0576 6020 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    20:38:03.0579 6020 ohci1394 - ok
    20:38:03.0611 6020 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    20:38:03.0619 6020 p2pimsvc - ok
    20:38:03.0657 6020 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    20:38:03.0667 6020 p2psvc - ok
    20:38:03.0699 6020 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    20:38:03.0754 6020 Parport - ok
    20:38:03.0784 6020 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    20:38:03.0817 6020 partmgr - ok
    20:38:03.0848 6020 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    20:38:03.0855 6020 PcaSvc - ok
    20:38:03.0883 6020 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    20:38:03.0888 6020 pci - ok
    20:38:03.0930 6020 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    20:38:03.0931 6020 pciide - ok
    20:38:03.0981 6020 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    20:38:04.0025 6020 pcmcia - ok
    20:38:04.0043 6020 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    20:38:04.0045 6020 pcw - ok
    20:38:04.0068 6020 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    20:38:04.0145 6020 PEAUTH - ok
    20:38:04.0251 6020 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    20:38:04.0256 6020 PerfHost - ok
    20:38:04.0333 6020 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    20:38:04.0378 6020 pla - ok
    20:38:04.0447 6020 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    20:38:04.0456 6020 PlugPlay - ok
    20:38:04.0485 6020 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    20:38:04.0488 6020 PNRPAutoReg - ok
    20:38:04.0514 6020 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    20:38:04.0519 6020 PNRPsvc - ok
    20:38:04.0563 6020 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    20:38:04.0573 6020 PolicyAgent - ok
    20:38:04.0617 6020 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    20:38:04.0624 6020 Power - ok
    20:38:04.0674 6020 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    20:38:04.0784 6020 PptpMiniport - ok
    20:38:04.0814 6020 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    20:38:04.0859 6020 Processor - ok
    20:38:04.0877 6020 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
    20:38:04.0885 6020 ProfSvc - ok
    20:38:04.0899 6020 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    20:38:04.0901 6020 ProtectedStorage - ok
    20:38:04.0954 6020 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    20:38:04.0996 6020 Psched - ok
    20:38:05.0066 6020 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    20:38:05.0111 6020 ql2300 - ok
    20:38:05.0135 6020 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    20:38:05.0138 6020 ql40xx - ok
    20:38:05.0178 6020 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    20:38:05.0186 6020 QWAVE - ok
    20:38:05.0205 6020 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    20:38:05.0206 6020 QWAVEdrv - ok
    20:38:05.0237 6020 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    20:38:05.0238 6020 RasAcd - ok
    20:38:05.0276 6020 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    20:38:05.0280 6020 RasAgileVpn - ok
    20:38:05.0314 6020 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    20:38:05.0319 6020 RasAuto - ok
    20:38:05.0357 6020 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    20:38:05.0360 6020 Rasl2tp - ok
    20:38:05.0381 6020 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    20:38:05.0391 6020 RasMan - ok
    20:38:05.0409 6020 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    20:38:05.0413 6020 RasPppoe - ok
    20:38:05.0446 6020 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    20:38:05.0479 6020 RasSstp - ok
    20:38:05.0517 6020 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    20:38:05.0523 6020 rdbss - ok
    20:38:05.0547 6020 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    20:38:05.0548 6020 rdpbus - ok
    20:38:05.0576 6020 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    20:38:05.0577 6020 RDPCDD - ok
    20:38:05.0608 6020 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    20:38:05.0609 6020 RDPENCDD - ok
    20:38:05.0630 6020 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    20:38:05.0631 6020 RDPREFMP - ok
    20:38:05.0665 6020 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    20:38:05.0669 6020 RDPWD - ok
    20:38:05.0719 6020 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    20:38:05.0724 6020 rdyboost - ok
    20:38:05.0758 6020 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    20:38:05.0763 6020 RemoteAccess - ok
    20:38:05.0795 6020 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    20:38:05.0802 6020 RemoteRegistry - ok
    20:38:05.0881 6020 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    20:38:05.0887 6020 RichVideo - ok
    20:38:05.0908 6020 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    20:38:05.0913 6020 RpcEptMapper - ok
    20:38:05.0935 6020 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    20:38:05.0938 6020 RpcLocator - ok
    20:38:05.0985 6020 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    20:38:05.0992 6020 RpcSs - ok
    20:38:06.0023 6020 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    20:38:06.0026 6020 rspndr - ok
    20:38:06.0043 6020 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    20:38:06.0045 6020 SamSs - ok
    20:38:06.0073 6020 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    20:38:06.0128 6020 sbp2port - ok
    20:38:06.0164 6020 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    20:38:06.0171 6020 SCardSvr - ok
    20:38:06.0219 6020 [ 6CE6F98EA3D07A9C2CE3CD0A5A86352D ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
    20:38:06.0221 6020 SCDEmu - ok
    20:38:06.0250 6020 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    20:38:06.0251 6020 scfilter - ok
    20:38:06.0303 6020 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    20:38:06.0338 6020 Schedule - ok
    20:38:06.0370 6020 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    20:38:06.0372 6020 SCPolicySvc - ok
    20:38:06.0408 6020 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
    20:38:06.0412 6020 sdbus - ok
    20:38:06.0442 6020 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    20:38:06.0449 6020 SDRSVC - ok
    20:38:06.0478 6020 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    20:38:06.0504 6020 secdrv - ok
    20:38:06.0543 6020 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    20:38:06.0548 6020 seclogon - ok
    20:38:06.0576 6020 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    20:38:06.0581 6020 SENS - ok
    20:38:06.0600 6020 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    20:38:06.0603 6020 SensrSvc - ok
    20:38:06.0638 6020 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    20:38:06.0640 6020 Serenum - ok
    20:38:06.0683 6020 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    20:38:06.0794 6020 Serial - ok
    20:38:06.0831 6020 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    20:38:06.0833 6020 sermouse - ok
    20:38:06.0880 6020 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    20:38:06.0885 6020 SessionEnv - ok
    20:38:06.0912 6020 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    20:38:06.0912 6020 sffdisk - ok
    20:38:06.0919 6020 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    20:38:06.0922 6020 sffp_mmc - ok
    20:38:06.0936 6020 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    20:38:06.0936 6020 sffp_sd - ok
    20:38:06.0968 6020 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    20:38:07.0001 6020 sfloppy - ok
    20:38:07.0049 6020 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    20:38:07.0059 6020 SharedAccess - ok
    20:38:07.0107 6020 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    20:38:07.0116 6020 ShellHWDetection - ok
    20:38:07.0149 6020 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
    20:38:07.0215 6020 SiSGbeLH - ok
    20:38:07.0245 6020 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    20:38:07.0334 6020 SiSRaid2 - ok
    20:38:07.0353 6020 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    20:38:07.0408 6020 SiSRaid4 - ok
    20:38:07.0488 6020 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    20:38:07.0490 6020 SkypeUpdate - ok
    20:38:07.0523 6020 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    20:38:07.0528 6020 Smb - ok
    20:38:07.0582 6020 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    20:38:07.0585 6020 SNMPTRAP - ok
    20:38:07.0680 6020 [ 2114518E55B380A3ACC28B2C27FD499A ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
    20:38:07.0757 6020 SNP2UVC - ok
    20:38:07.0785 6020 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    20:38:07.0813 6020 spldr - ok
    20:38:07.0908 6020 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
    20:38:07.0931 6020 Spooler - ok
    20:38:08.0039 6020 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    20:38:08.0074 6020 sppsvc - ok
    20:38:08.0118 6020 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    20:38:08.0124 6020 sppuinotify - ok
    20:38:08.0163 6020 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    20:38:08.0172 6020 srv - ok
    20:38:08.0196 6020 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    20:38:08.0204 6020 srv2 - ok
    20:38:08.0229 6020 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    20:38:08.0233 6020 srvnet - ok
    20:38:08.0260 6020 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    20:38:08.0267 6020 SSDPSRV - ok
    20:38:08.0282 6020 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    20:38:08.0287 6020 SstpSvc - ok
    20:38:08.0320 6020 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    20:38:08.0323 6020 stexstor - ok
    20:38:08.0382 6020 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    20:38:08.0405 6020 stisvc - ok
    20:38:08.0436 6020 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    20:38:08.0437 6020 swenum - ok
    20:38:08.0473 6020 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    20:38:08.0507 6020 swprv - ok
    20:38:08.0577 6020 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    20:38:08.0622 6020 SysMain - ok
    20:38:08.0664 6020 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    20:38:08.0670 6020 TabletInputService - ok
    20:38:08.0688 6020 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    20:38:08.0697 6020 TapiSrv - ok
    20:38:08.0732 6020 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    20:38:08.0737 6020 TBS - ok
    20:38:08.0806 6020 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    20:38:08.0895 6020 Tcpip - ok
    20:38:08.0961 6020 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    20:38:08.0978 6020 TCPIP6 - ok
    20:38:09.0026 6020 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    20:38:09.0028 6020 tcpipreg - ok
    20:38:09.0052 6020 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    20:38:09.0078 6020 TDPIPE - ok
    20:38:09.0147 6020 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    20:38:09.0149 6020 TDTCP - ok
    20:38:09.0189 6020 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    20:38:09.0193 6020 tdx - ok
    20:38:09.0227 6020 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    20:38:09.0255 6020 TermDD - ok
    20:38:09.0289 6020 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    20:38:09.0299 6020 TermService - ok
    20:38:09.0324 6020 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    20:38:09.0329 6020 Themes - ok
    20:38:09.0356 6020 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    20:38:09.0358 6020 THREADORDER - ok
    20:38:09.0390 6020 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    20:38:09.0396 6020 TrkWks - ok
    20:38:09.0451 6020 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    20:38:09.0455 6020 TrustedInstaller - ok
    20:38:09.0498 6020 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    20:38:09.0500 6020 tssecsrv - ok
    20:38:09.0543 6020 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    20:38:09.0608 6020 TsUsbFlt - ok
    20:38:09.0660 6020 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    20:38:09.0663 6020 tunnel - ok
    20:38:09.0703 6020 [ C45A3E051C65106A28982CAED125F855 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
    20:38:09.0704 6020 TurboB - ok
    20:38:09.0770 6020 [ BAEF86EBEAECE76573FA822DEA256F6C ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    20:38:09.0773 6020 TurboBoost - ok
    20:38:09.0803 6020 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    20:38:09.0847 6020 uagp35 - ok
    20:38:09.0893 6020 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    20:38:09.0900 6020 udfs - ok
    20:38:09.0940 6020 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    20:38:09.0944 6020 UI0Detect - ok
    20:38:09.0970 6020 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    20:38:09.0972 6020 uliagpkx - ok
    20:38:10.0006 6020 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    20:38:10.0008 6020 umbus - ok
    20:38:10.0049 6020 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    20:38:10.0050 6020 UmPass - ok
    20:38:10.0148 6020 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    20:38:10.0229 6020 UNS - ok
    20:38:10.0263 6020 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    20:38:10.0273 6020 upnphost - ok
    20:38:10.0301 6020 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    20:38:10.0304 6020 USBAAPL64 - ok
    20:38:10.0349 6020 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    20:38:10.0352 6020 usbaudio - ok
    20:38:10.0400 6020 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    20:38:10.0403 6020 usbccgp - ok
    20:38:10.0440 6020 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    20:38:10.0443 6020 usbcir - ok
    20:38:10.0459 6020 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
    20:38:10.0461 6020 usbehci - ok
    20:38:10.0494 6020 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
    20:38:10.0500 6020 usbhub - ok
    20:38:10.0521 6020 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    20:38:10.0524 6020 usbohci - ok
    20:38:10.0556 6020 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    20:38:10.0559 6020 usbprint - ok
    20:38:10.0580 6020 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    20:38:10.0583 6020 USBSTOR - ok
    20:38:10.0619 6020 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    20:38:10.0621 6020 usbuhci - ok
    20:38:10.0655 6020 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    20:38:10.0660 6020 usbvideo - ok
    20:38:10.0691 6020 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    20:38:10.0695 6020 UxSms - ok
    20:38:10.0768 6020 [ 34812F7FAAFE329D15F55C4EB6DB44DA ] VASDeviceDrm C:\Windows\system32\drivers\vasdDev.sys
    20:38:10.0805 6020 VASDeviceDrm - ok
    20:38:10.0820 6020 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    20:38:10.0822 6020 VaultSvc - ok
    20:38:10.0859 6020 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    20:38:10.0862 6020 vdrvroot - ok
    20:38:10.0918 6020 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    20:38:10.0936 6020 vds - ok
    20:38:10.0973 6020 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    20:38:10.0975 6020 vga - ok
    20:38:10.0991 6020 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    20:38:11.0046 6020 VgaSave - ok
    20:38:11.0082 6020 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    20:38:11.0087 6020 vhdmp - ok
    20:38:11.0109 6020 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    20:38:11.0110 6020 viaide - ok
    20:38:11.0127 6020 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    20:38:11.0130 6020 volmgr - ok
    20:38:11.0176 6020 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    20:38:11.0184 6020 volmgrx - ok
    20:38:11.0203 6020 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    20:38:11.0207 6020 volsnap - ok
    20:38:11.0253 6020 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    20:38:11.0296 6020 vsmraid - ok
    20:38:11.0371 6020 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    20:38:11.0427 6020 VSS - ok
    20:38:11.0441 6020 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    20:38:11.0468 6020 vwifibus - ok
    20:38:11.0500 6020 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    20:38:11.0503 6020 vwififlt - ok
    20:38:11.0535 6020 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    20:38:11.0563 6020 vwifimp - ok
    20:38:11.0609 6020 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    20:38:11.0620 6020 W32Time - ok
    20:38:11.0654 6020 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    20:38:11.0657 6020 WacomPen - ok
    20:38:11.0709 6020 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    20:38:11.0764 6020 WANARP - ok
    20:38:11.0775 6020 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    20:38:11.0777 6020 Wanarpv6 - ok
    20:38:11.0851 6020 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    20:38:11.0885 6020 WatAdminSvc - ok
    20:38:11.0975 6020 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    20:38:12.0054 6020 wbengine - ok
    20:38:12.0088 6020 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    20:38:12.0096 6020 WbioSrvc - ok
    20:38:12.0138 6020 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    20:38:12.0149 6020 wcncsvc - ok
    20:38:12.0162 6020 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    20:38:12.0166 6020 WcsPlugInService - ok
    20:38:12.0199 6020 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    20:38:12.0200 6020 Wd - ok
    20:38:12.0233 6020 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    20:38:12.0255 6020 Wdf01000 - ok
    20:38:12.0274 6020 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    20:38:12.0280 6020 WdiServiceHost - ok
    20:38:12.0286 6020 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    20:38:12.0290 6020 WdiSystemHost - ok
    20:38:12.0335 6020 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    20:38:12.0343 6020 WebClient - ok
    20:38:12.0373 6020 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    20:38:12.0382 6020 Wecsvc - ok
    20:38:12.0406 6020 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    20:38:12.0412 6020 wercplsupport - ok
    20:38:12.0436 6020 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    20:38:12.0443 6020 WerSvc - ok
    20:38:12.0463 6020 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    20:38:12.0490 6020 WfpLwf - ok
    20:38:12.0523 6020 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
    20:38:12.0527 6020 WimFltr - ok
    20:38:12.0548 6020 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    20:38:12.0549 6020 WIMMount - ok
    20:38:12.0573 6020 WinDefend - ok
    20:38:12.0583 6020 WinHttpAutoProxySvc - ok
    20:38:12.0649 6020 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    20:38:12.0655 6020 Winmgmt - ok
    20:38:12.0739 6020 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    20:38:12.0808 6020 WinRM - ok
    20:38:12.0861 6020 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    20:38:12.0863 6020 WinUsb - ok
    20:38:12.0911 6020 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    20:38:12.0945 6020 Wlansvc - ok
    20:38:12.0966 6020 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    20:38:12.0967 6020 WmiAcpi - ok
    20:38:13.0011 6020 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    20:38:13.0017 6020 wmiApSrv - ok
    20:38:13.0046 6020 WMPNetworkSvc - ok
    20:38:13.0068 6020 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    20:38:13.0072 6020 WPCSvc - ok
    20:38:13.0102 6020 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    20:38:13.0109 6020 WPDBusEnum - ok
    20:38:13.0140 6020 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    20:38:13.0142 6020 ws2ifsl - ok
    20:38:13.0155 6020 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    20:38:13.0161 6020 wscsvc - ok
    20:38:13.0167 6020 WSearch - ok
    20:38:13.0254 6020 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    20:38:13.0326 6020 wuauserv - ok
    20:38:13.0344 6020 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    20:38:13.0388 6020 WudfPf - ok
    20:38:13.0459 6020 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    20:38:13.0503 6020 WUDFRd - ok
    20:38:13.0537 6020 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    20:38:13.0543 6020 wudfsvc - ok
    20:38:13.0579 6020 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    20:38:13.0588 6020 WwanSvc - ok
    20:38:13.0658 6020 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    20:38:13.0666 6020 YahooAUService - ok
    20:38:13.0692 6020 ================ Scan global ===============================
    20:38:13.0717 6020 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    20:38:13.0749 6020 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    20:38:13.0761 6020 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    20:38:13.0787 6020 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    20:38:13.0805 6020 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    20:38:13.0812 6020 [Global] - ok
    20:38:13.0813 6020 ================ Scan MBR ==================================
    20:38:13.0826 6020 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    20:38:14.0054 6020 \Device\Harddisk0\DR0 - ok
    20:38:14.0055 6020 ================ Scan VBR ==================================
    20:38:14.0060 6020 [ 5F1425E5259A310279CE296F3A1B089A ] \Device\Harddisk0\DR0\Partition1
    20:38:14.0063 6020 \Device\Harddisk0\DR0\Partition1 - ok
    20:38:14.0105 6020 [ 9992485DE75CFE790E6191456E4399EE ] \Device\Harddisk0\DR0\Partition2
    20:38:14.0108 6020 \Device\Harddisk0\DR0\Partition2 - ok
    20:38:14.0139 6020 [ AD7B991100D1C0992B63FA5EB65779EA ] \Device\Harddisk0\DR0\Partition3
    20:38:14.0143 6020 \Device\Harddisk0\DR0\Partition3 - ok
    20:38:14.0143 6020 ============================================================
    20:38:14.0143 6020 Scan finished
    20:38:14.0143 6020 ============================================================
    20:38:14.0162 4484 Detected object count: 0
    20:38:14.0162 4484 Actual detected object count: 0
  8. Dancindazed

    Dancindazed Newcomer, in training Topic Starter

    RogueKiller V8.1.0 [09/28/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Matt [Admin rights]
    Mode : Remove -- Date : 10/15/2012 20:44:52
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 3 ¤¤¤
    [TASK][SUSP PATH] 20120523_134958_Restore : C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBCore.exe "C:\Users\Matt\AppData\Roaming\Nero\Nero 11\Nero BackItUp\Cache\20120523_134958_Restore.nji" -> NOT REMOVED, USE PROXYFIX
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 exitpop.paltalk.com
    127.0.0.1 advertising.paltalk.com
    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: ST9500325AS +++++
    --- User ---
    [MBR] 3f640a8c262ba235ab42410114c2d06f
    [BSP] 3f936b533c10550eec4f7ba9ada00d40 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 64 | Size: 20000 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40960064 | Size: 119235 Mo
    2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 285154408 | Size: 337704 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
  9. Dancindazed

    Dancindazed Newcomer, in training Topic Starter

    Ok I've posted the missing Attach.txt log in two parts, and the other two logs from the last step. Thanks.
  10. Broni

    Broni Malware Annihilator Posts: 46,148   +251

  11. Dancindazed

    Dancindazed Newcomer, in training Topic Starter

    Ok sorry standby, running that scan right now.
     
  12. Dancindazed

    Dancindazed Newcomer, in training Topic Starter

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-15 21:19:58
    -----------------------------
    21:19:58.986 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:19:58.986 Number of processors: 4 586 0x2505
    21:19:58.987 ComputerName: MATT-ASUS UserName: Matt
    21:20:10.750 Initialize success
    21:21:27.064 AVAST engine defs: 12101501
    21:21:36.639 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    21:21:36.644 Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
    21:21:36.828 Disk 0 MBR read successfully
    21:21:36.833 Disk 0 MBR scan
    21:21:36.842 Disk 0 Windows 7 default MBR code
    21:21:36.847 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 20000 MB offset 64
    21:21:36.899 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119235 MB offset 40960064
    21:21:36.909 Disk 0 Partition - 00 0F Extended LBA 337704 MB offset 285154408
    21:21:36.958 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 313703 MB offset 285156456
    21:21:36.969 Disk 0 Partition - 00 05 Extended 23999 MB offset 927621168
    21:21:37.014 Disk 0 Partition 4 00 0B FAT32 MSDOS5.0 23999 MB offset 927623168
    21:21:37.059 Disk 0 scanning C:\Windows\system32\drivers
    21:22:14.810 Service scanning
    21:23:05.153 Modules scanning
    21:23:05.171 Disk 0 trace - called modules:
    21:23:05.197 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
    21:23:05.206 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c5e060]
    21:23:05.214 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa800498ebe0]
    21:23:05.223 5 ACPI.sys[fffff88000ed97a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004991050]
    21:23:07.702 AVAST engine scan C:\Windows
    21:23:18.287 AVAST engine scan C:\Windows\system32
    21:31:24.052 AVAST engine scan C:\Windows\system32\drivers
    21:31:58.070 AVAST engine scan C:\Users\Matt
    21:49:19.826 AVAST engine scan C:\ProgramData
    21:50:20.247 Scan finished successfully
    21:50:46.445 Disk 0 MBR has been saved successfully to "D:\Desktop\MBR.dat"
    21:50:46.500 The log file has been saved successfully to "D:\Desktop\aswMBR.txt"
  13. Broni

    Broni Malware Annihilator Posts: 46,148   +251

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    =================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  14. Dancindazed

    Dancindazed Newcomer, in training Topic Starter

    ComboFix 12-10-15.02 - Matt 10/15/2012 22:36:12.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3884.1386 [GMT -5:00]
    Running from: d:\desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
    c:\users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\isindex.dat
    c:\users\Matt\AppData\Roaming\msregsvv.dll
    c:\windows\SysWow64\tmpDCE7.tmp
    c:\windows\SysWow64\tmpDCE8.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-16 03:49 . 2012-10-16 03:49--------d-----w-c:\users\Default\AppData\Local\temp
    2012-10-16 01:23 . 2012-10-16 01:2369000----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{98980EFF-1411-4ADC-B357-993F7400A1BB}\offreg.dll
    2012-10-16 01:18 . 2012-09-19 05:589308616----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{98980EFF-1411-4ADC-B357-993F7400A1BB}\mpengine.dll
    2012-10-16 01:18 . 2012-05-31 17:25279656------w-c:\windows\system32\MpSigStub.exe
    2012-10-16 00:21 . 2012-10-16 00:21--------d-----w-c:\users\Matt\AppData\Roaming\Malwarebytes
    2012-10-16 00:21 . 2012-10-16 00:21--------d-----w-c:\programdata\Malwarebytes
    2012-10-16 00:21 . 2012-10-16 00:21--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-16 00:21 . 2012-09-07 22:0425928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-10-15 23:47 . 2012-10-15 23:46120320----a-w-c:\programdata\Microsoft\Windows\DRM\C4FB.tmp.dat
    2012-10-15 02:02 . 2012-10-15 02:02--------d-----w-c:\program files (x86)\AutoHotkey
    2012-10-15 02:00 . 2012-10-15 02:00--------d-----w-c:\program files\AutoHotkey
    2012-10-09 23:53 . 2012-08-30 18:035559664----a-w-c:\windows\system32\ntoskrnl.exe
    2012-10-09 23:53 . 2012-08-30 17:123914096----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2012-10-09 23:53 . 2012-08-30 17:123968880----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2012-10-09 23:53 . 2012-08-24 18:05220160----a-w-c:\windows\system32\wintrust.dll
    2012-10-09 23:53 . 2012-08-24 16:57172544----a-w-c:\windows\SysWow64\wintrust.dll
    2012-10-09 23:53 . 2012-09-14 19:192048----a-w-c:\windows\system32\tzres.dll
    2012-10-09 23:53 . 2012-09-14 18:282048----a-w-c:\windows\SysWow64\tzres.dll
    2012-10-09 23:52 . 2012-08-11 00:56715776----a-w-c:\windows\system32\kerberos.dll
    2012-10-09 23:52 . 2012-08-10 23:56542208----a-w-c:\windows\SysWow64\kerberos.dll
    2012-10-09 23:52 . 2012-06-02 05:411464320----a-w-c:\windows\system32\crypt32.dll
    2012-10-09 23:52 . 2012-06-02 04:361159680----a-w-c:\windows\SysWow64\crypt32.dll
    2012-10-09 23:52 . 2012-06-02 05:41184320----a-w-c:\windows\system32\cryptsvc.dll
    2012-10-09 23:52 . 2012-06-02 05:41140288----a-w-c:\windows\system32\cryptnet.dll
    2012-10-09 23:52 . 2012-06-02 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
    2012-10-09 23:52 . 2012-06-02 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
    2012-10-08 22:55 . 2012-10-08 22:56--------d-----w-c:\program files (x86)\Paltalk Messenger
    2012-10-08 00:44 . 2012-10-08 01:00--------d-----w-c:\program files (x86)\iSpQ VideoChat 9
    2012-10-08 00:37 . 2012-10-08 00:38--------d-----w-c:\users\Matt\AppData\Roaming\ooVoo Details
    2012-10-04 02:14 . 2012-03-07 13:482212656----a-w-c:\windows\ETDUninst.dll
    2012-10-03 21:13 . 2012-08-21 18:0133240----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-10-03 21:12 . 2012-10-03 21:12--------d-----w-c:\program files\iPod
    2012-10-03 21:12 . 2012-10-03 21:13--------d-----w-c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-10-03 21:12 . 2012-10-03 21:13--------d-----w-c:\program files\iTunes
    2012-10-03 21:10 . 2012-10-03 21:10--------d-----w-c:\program files (x86)\Apple Software Update
    2012-10-03 21:10 . 2012-10-03 21:10--------d-----w-c:\program files\Common Files\Apple
    2012-10-02 21:13 . 2012-10-02 21:17--------d-----w-c:\users\Matt\AppData\Roaming\Mumble
    2012-10-02 01:29 . 2012-10-02 01:29--------d-----w-c:\users\Matt\AppData\Local\YoYo_Games_Ltd
    2012-10-02 01:29 . 2012-10-02 01:29--------d-----w-c:\users\Matt\AppData\Local\GameMaker8.1
    2012-10-02 01:29 . 2012-10-03 00:59--------d-----w-c:\users\Matt\GameMaker 8.1
    2012-09-26 23:51 . 2012-09-26 23:58--------d-----w-c:\users\Matt\AppData\Roaming\mIRC
    2012-09-26 21:46 . 2012-09-27 01:03--------d-----w-c:\programdata\Creative
    2012-09-26 21:42 . 2000-05-11 06:0090112------w-c:\windows\Updreg.EXE
    2012-09-26 21:41 . 2012-09-26 21:41--------d-----w-c:\program files (x86)\Common Files\Creative
    2012-09-26 21:41 . 2012-09-26 21:41--------d--h--w-c:\program files (x86)\Creative Installation Information
    2012-09-26 21:40 . 2010-08-05 08:26192512----a-w-c:\windows\SysWow64\KSVSPI32.dll
    2012-09-26 21:40 . 2010-07-24 06:3012344----a-w-c:\windows\system32\MixerDefault.reg
    2012-09-26 21:40 . 2010-07-22 08:37728576----a-w-c:\windows\SysWow64\KSAPO32.dll
    2012-09-26 21:40 . 2009-11-11 05:43235520----a-w-c:\windows\system32\KsDvInst.dll
    2012-09-26 21:40 . 2010-08-05 08:28257536----a-w-c:\windows\system32\KSVSPI64.dll
    2012-09-26 21:40 . 2010-08-03 04:29116224----a-w-c:\windows\system32\SBAVMon.dll
    2012-09-26 21:40 . 2010-07-22 10:13631428----a-w-c:\windows\KSAIM64.exe
    2012-09-26 21:40 . 2010-07-22 08:3857856----a-w-c:\windows\system32\KSPPLD64.dll
    2012-09-26 21:40 . 2010-07-22 08:38866304----a-w-c:\windows\system32\KSAPO64.dll
    2012-09-26 21:40 . 2010-08-11 14:511587968----a-w-c:\windows\system32\drivers\ksaud.sys
    2012-09-26 21:40 . 2007-07-05 02:272630----a-r-c:\windows\MixerName.reg
    2012-09-26 21:40 . 2003-06-13 04:257062----a-w-c:\windows\SysWow64\audiopid.vxd
    2012-09-26 21:39 . 2000-05-22 08:58647872------w-c:\windows\SysWow64\Mscomct2.ocx
    2012-09-26 21:39 . 2006-10-06 06:1753248------w-c:\windows\Ctregrun.exe
    2012-09-26 21:39 . 2012-09-26 21:39466520----a-w-c:\windows\system32\wrap_oal.dll
    2012-09-26 21:39 . 2012-09-26 21:39123480----a-w-c:\windows\system32\OpenAL32.dll
    2012-09-26 21:39 . 2012-09-26 21:39445016----a-w-c:\windows\SysWow64\wrap_oal.dll
    2012-09-26 21:39 . 2012-09-26 21:39109144----a-w-c:\windows\SysWow64\OpenAL32.dll
    2012-09-26 21:39 . 2010-06-07 22:151940992------w-c:\windows\system32\Sens_oal.dll
    2012-09-26 21:39 . 2010-06-07 22:122902493------w-c:\windows\SysWow64\Sens_oal.dll
    2012-09-26 21:38 . 2012-09-26 21:38--------d-----w-c:\program files (x86)\Common Files\Creative Labs Shared
    2012-09-26 21:37 . 2012-09-26 21:42--------d-----w-c:\program files\Creative
    2012-09-26 21:36 . 2012-09-26 21:42--------d-----w-c:\program files (x86)\Creative
    2012-09-23 06:22 . 2012-09-23 06:22--------d-----w-c:\program files (x86)\7-Zip
    2012-09-21 20:26 . 2012-09-21 20:26--------d-----w-c:\programdata\Intel
    2012-09-21 20:18 . 2012-09-21 20:41--------d-----w-c:\users\Matt\AppData\Roaming\SecondLife
    2012-09-21 20:18 . 2012-09-24 20:09--------d-----w-c:\users\Matt\AppData\Local\SecondLife
    2012-09-18 20:24 . 2012-09-18 20:24--------d-----w-c:\program files (x86)\MP3Quiz
    2012-09-18 20:10 . 2012-09-18 20:10106496----a-r-c:\users\Matt\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
    2012-09-18 20:10 . 2012-09-18 20:10106496----a-r-c:\users\Matt\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
    2012-09-18 20:10 . 2012-09-18 20:10--------d-----w-c:\program files (x86)\Common Files\Tencent
    2012-09-18 20:10 . 2012-09-18 20:10--------d-----w-c:\program files (x86)\Tencent
    2012-09-18 20:09 . 2012-09-18 20:13--------d-----w-c:\users\Matt\AppData\Roaming\Tencent
    2012-09-18 20:09 . 2012-09-18 20:0918760----a-w-c:\windows\SysWow64\QQVistaHelper.dll
    2012-09-18 19:55 . 2012-09-18 19:55--------d-----w-c:\users\Matt\AppData\Roaming\CommFort
    2012-09-18 19:45 . 2012-09-18 19:45249856------w-c:\windows\Setup1.exe
    2012-09-18 19:45 . 2012-09-18 19:4573216----a-w-c:\windows\ST6UNST.EXE
    2012-09-17 04:12 . 2012-03-19 20:121454896----a-w-c:\windows\system32\drivers\vasdDev.sys
    2012-09-17 04:12 . 2012-09-17 04:12--------d-----w-c:\program files (x86)\ShiningMorning
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-10 08:02 . 2011-02-11 06:5765309168----a-w-c:\windows\system32\MRT.exe
    2012-10-08 19:51 . 2012-05-30 15:06696760----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-08 19:51 . 2011-06-24 21:4573656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-04 03:36 . 2009-10-15 22:23117760----a-w-c:\windows\system32\drivers\ETD.sys
    2012-09-23 06:41 . 2009-10-30 15:50704512----a-w-c:\windows\system32\drivers\CHDRT64.sys
    2012-09-16 00:47 . 2010-11-10 10:5853248----a-w-c:\windows\SysWow64\CSVer.dll
    2012-08-22 18:12 . 2012-09-12 17:541913200----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 17:54376688----a-w-c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 17:54288624----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 18:01 . 2011-02-11 01:06125872----a-w-c:\windows\system32\GEARAspi64.dll
    2012-08-21 18:01 . 2011-02-11 01:06106928----a-w-c:\windows\SysWow64\GEARAspi.dll
    2012-08-21 03:07 . 2012-08-21 03:07127488----a-w-c:\windows\system32\ff_vfw.dll
    2012-08-09 20:21 . 2012-08-09 20:2198304----a-w-c:\windows\SysWow64\iglhcp32.dll
    2012-08-09 20:21 . 2012-08-09 20:2198304----a-w-c:\windows\system32\iglhcp64.dll
    2012-08-09 20:21 . 2012-08-09 20:2190112----a-w-c:\windows\system32\igfxCoIn_v2827.dll
    2012-08-09 20:21 . 2012-08-09 20:21867020----a-w-c:\windows\system32\igkrng575.bin
    2012-08-09 20:21 . 2012-08-09 20:21506688----a-w-c:\windows\system32\igfxsrvc.exe
    2012-08-09 20:21 . 2012-08-09 20:21378368----a-w-c:\windows\system32\igfxTMM.dll
    2012-08-09 20:21 . 2012-08-09 20:21376832----a-w-c:\windows\SysWow64\iglhsip32.dll
    2012-08-09 20:21 . 2012-08-09 20:21376832----a-w-c:\windows\system32\iglhsip64.dll
    2012-08-09 20:21 . 2012-08-09 20:21167744----a-w-c:\windows\system32\igfxtray.exe
    2012-08-09 20:21 . 2012-08-09 20:219014784----a-w-c:\windows\system32\igfxress.dll
    2012-08-09 20:21 . 2012-08-09 20:21287232----a-w-c:\windows\system32\igfxrfra.lrc
    2012-08-09 20:21 . 2012-08-09 20:21286720----a-w-c:\windows\system32\igfxrsky.lrc
    2012-08-09 20:21 . 2012-08-09 20:21286720----a-w-c:\windows\system32\igfxrrus.lrc
    2012-08-09 20:21 . 2012-08-09 20:21286720----a-w-c:\windows\system32\igfxrrom.lrc
    2012-08-09 20:21 . 2012-08-09 20:21286720----a-w-c:\windows\system32\igfxrptg.lrc
    2012-08-09 20:21 . 2012-08-09 20:21286720----a-w-c:\windows\system32\igfxrplk.lrc
    2012-08-09 20:21 . 2012-08-09 20:21286720----a-w-c:\windows\system32\igfxrnld.lrc
    2012-08-09 20:21 . 2012-08-09 20:21286720----a-w-c:\windows\system32\igfxrita.lrc
    2012-08-09 20:21 . 2012-08-09 20:21286720----a-w-c:\windows\system32\igfxrhrv.lrc
    2012-08-09 20:21 . 2012-08-09 20:21286208----a-w-c:\windows\system32\igfxrtrk.lrc
    2012-08-09 20:21 . 2012-08-09 20:21286208----a-w-c:\windows\system32\igfxrsve.lrc
    2012-08-09 20:21 . 2012-08-09 20:21286208----a-w-c:\windows\system32\igfxrslv.lrc
    2012-08-09 20:21 . 2012-08-09 20:21286208----a-w-c:\windows\system32\igfxrptb.lrc
    2012-08-09 20:21 . 2012-08-09 20:21286208----a-w-c:\windows\system32\igfxrnor.lrc
    2012-08-09 20:21 . 2012-08-09 20:21286208----a-w-c:\windows\system32\igfxrhun.lrc
    2012-08-09 20:21 . 2012-08-09 20:21286208----a-w-c:\windows\system32\igfxrfin.lrc
    2012-08-09 20:21 . 2012-08-09 20:21285696----a-w-c:\windows\system32\igfxrtha.lrc
    2012-08-09 20:21 . 2012-08-09 20:21285184----a-w-c:\windows\system32\igfxrheb.lrc
    2012-08-09 20:21 . 2012-08-09 20:21283648----a-w-c:\windows\system32\igfxrjpn.lrc
    2012-08-09 20:21 . 2012-08-09 20:21283136----a-w-c:\windows\system32\igfxrkor.lrc
    2012-08-09 20:21 . 2010-04-30 01:5162464----a-w-c:\windows\system32\igfxsrvc.dll
    2012-08-09 20:21 . 2012-08-09 20:21417088----a-w-c:\windows\system32\igfxpers.exe
    2012-08-09 20:21 . 2012-08-09 20:214096----a-w-c:\windows\system32\IGFXDEVLib.dll
    2012-08-09 20:21 . 2012-08-09 20:21390144----a-w-c:\windows\system32\igfxdev.dll
    2012-08-09 20:21 . 2012-08-09 20:21293888----a-w-c:\windows\SysWow64\igfxdv32.dll
    2012-08-09 20:21 . 2012-08-09 20:21287232----a-w-c:\windows\system32\igfxresn.lrc
    2012-08-09 20:21 . 2012-08-09 20:21287232----a-w-c:\windows\system32\igfxrell.lrc
    2012-08-09 20:21 . 2012-08-09 20:21286720----a-w-c:\windows\system32\igfxrdeu.lrc
    2012-08-09 20:21 . 2012-08-09 20:21286720----a-w-c:\windows\system32\igfxrcsy.lrc
    2012-08-09 20:21 . 2012-08-09 20:2128672----a-w-c:\windows\system32\igfxexps.dll
    2012-08-09 20:21 . 2012-08-09 20:21285696----a-w-c:\windows\system32\igfxrenu.lrc
    2012-08-09 20:21 . 2012-08-09 20:21285696----a-w-c:\windows\system32\igfxrdan.lrc
    2012-08-09 20:21 . 2012-08-09 20:21285184----a-w-c:\windows\system32\igfxrara.lrc
    2012-08-09 20:21 . 2012-08-09 20:21282624----a-w-c:\windows\system32\igfxrcht.lrc
    2012-08-09 20:21 . 2012-08-09 20:21282624----a-w-c:\windows\system32\igfxrchs.lrc
    2012-08-09 20:21 . 2012-08-09 20:2124576----a-w-c:\windows\SysWow64\igfxexps32.dll
    2012-08-09 20:21 . 2012-08-09 20:21239936----a-w-c:\windows\system32\igfxext.exe
    2012-08-09 20:21 . 2012-08-09 20:21142336----a-w-c:\windows\system32\igfxdo.dll
    2012-08-09 20:21 . 2012-08-09 20:21126976----a-w-c:\windows\system32\igfxcpl.cpl
    2012-08-09 20:21 . 2010-08-26 01:04376320----a-w-c:\windows\system32\igfxpph.dll
    2012-08-09 20:21 . 2012-08-09 20:218314368----a-w-c:\windows\system32\igdumd64.dll
    2012-08-09 20:21 . 2012-08-09 20:212780160----a-w-c:\windows\system32\igfxcmjit64.dll
    2012-08-09 20:21 . 2012-08-09 20:21246784----a-w-c:\windows\SysWow64\igfxcmrt32.dll
    2012-08-09 20:21 . 2012-08-09 20:212191872----a-w-c:\windows\SysWow64\igfxcmjit32.dll
    2012-08-09 20:21 . 2012-08-09 20:21219136----a-w-c:\windows\system32\igfxcmrt64.dll
    2012-08-09 20:21 . 2012-08-09 20:21105608----a-w-c:\windows\system32\igfcg575m.bin
    2012-08-09 20:21 . 2010-04-30 02:12581120----a-w-c:\windows\SysWow64\igdumdx32.dll
    2012-08-09 20:21 . 2010-04-30 02:146324224----a-w-c:\windows\SysWow64\igdumd32.dll
    2012-08-09 20:21 . 2012-08-09 20:2112312896----a-w-c:\windows\system32\drivers\igdkmd64.sys
    2012-08-09 20:21 . 2010-04-30 02:119528832----a-w-c:\windows\system32\igd10umd64.dll
    2012-08-09 20:21 . 2012-08-09 20:217988224----a-w-c:\windows\SysWow64\igd10umd32.dll
    2012-08-09 20:21 . 2012-08-09 20:21128204----a-w-c:\windows\system32\igcompkrng575.bin
    2012-08-09 20:21 . 2012-08-09 20:2118675712----a-w-c:\windows\system32\ig4icd64.dll
    2012-08-09 20:21 . 2012-08-09 20:2194208----a-w-c:\windows\system32\IccLibDll_x64.dll
    2012-08-09 20:21 . 2012-08-09 20:21392512----a-w-c:\windows\system32\hkcmd.exe
    2012-08-09 20:21 . 2012-08-09 20:2113913600----a-w-c:\windows\SysWow64\ig4icd32.dll
    2012-08-09 20:21 . 2010-04-30 01:51110080----a-w-c:\windows\system32\hccutils.dll
    2012-08-09 20:21 . 2012-08-09 20:214378944----a-w-c:\windows\system32\GfxUI.exe
    2012-08-09 20:21 . 2012-08-09 20:21184640----a-w-c:\windows\system32\difx64.exe
    2012-08-09 20:21 . 2012-08-09 20:21146432----a-w-c:\windows\system32\gfxSrvc.dll
    2012-07-23 14:21 . 2011-11-16 21:5845056----a-w-c:\windows\system32\acovcnt.exe
    2012-07-19 18:58 . 2012-07-19 18:58174229----a-w-c:\windows\system32\avfilter-lav-3.dll
    2012-07-18 18:15 . 2012-08-15 13:003148800----a-w-c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-06-11 1524056]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:3694208----a-w-c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:3694208----a-w-c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:3694208----a-w-c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "googletalk"="c:\users\Matt\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
    "UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-06-24 210216]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-08-12 1597440]
    "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe" [2010-02-18 241789]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    .
    c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    PowerMenu.lnk - c:\program files (x86)\PowerMenu\PowerMenu.exe [2002-12-19 57344]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-11-10 156952]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-10 135664]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-09-26 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-09-26 79360]
    R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-10-04 117760]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-10 135664]
    R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2010-08-11 1587968]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-26 10240]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-11 1255736]
    S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
    S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 136584]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-06-22 379520]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-09-29 735960]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 123200]
    S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-04-29 91456]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
    S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-03-15 71168]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-18 143472]
    S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-02-25 115312]
    S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
    S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
    S3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys [2012-03-19 1454896]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 23323259
    *NewlyCreated* - ASWMBR
    *Deregistered* - 23323259
    *Deregistered* - aswMBR
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 19:51]
    .
    2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-10 10:49]
    .
    2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-10 10:49]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:3697792----a-w-c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:3697792----a-w-c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:3697792----a-w-c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:3697792----a-w-c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2716216]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 167744]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 392512]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 417088]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2012-09-23 307768]
    "Creative SB Monitoring Utility"="sbavmon.dll" [2010-08-03 116224]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://asus.msn.com
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{1D8ADF84-5ACD-43D9-84AE-E27B4FFF6BB6}: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{1D8ADF84-5ACD-43D9-84AE-E27B4FFF6BB6}\37E616B656079647: DhcpNameServer = 192.168.1.1 68.238.64.12
    TCP: Interfaces\{1D8ADF84-5ACD-43D9-84AE-E27B4FFF6BB6}\47D6F62696C656: DhcpNameServer = 10.176.83.252 10.184.83.252
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-Laptop CD/DVD Guard - c:\program files (x86)\Laptop CD-DVD Guard\cddg3.exe
    Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Matt\AppData\Local\Akamai\netsession_win.exe
    Wow6432Node-HKLM-Run-ADSMTray - c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    Toolbar-Locked - (no file)
    HKLM-Run-ASUS WebStorage - c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
    HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-dBpoweramp CD Writer - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp [Multi Encoder] Codec - c:\windows\system32\SpoonUninstall.exe
    AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
    AddRemove-Windows 7 - Codec Pack - c:\windows\SysWOW64\C2MP\Uninst.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
    @Denied: (2) (LocalSystem)
    "AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
    "DataDir"="ESET\\ESET NOD32 Antivirus\\"
    "EditionName"=" "
    "InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
    "LanguageId"=dword:00000409
    "PackageTag"=dword:6090e758
    "ProductBase"=dword:00000000
    "ProductCode"="{4183655A-5FC6-4A23-A804-7764145EC57C}"
    "ProductName"="ESET NOD32 Antivirus"
    "ProductType"="eav"
    "ProductVersion"="4.0.468.0"
    "UniqueId"="000713224D549E5E"
    "ScannerBuild"=dword:00001672
    "ScannerVersionId"=dword:00001175
    "ScannerVersion"="Locked/open ESET for status."
    "FixId"=dword:00000009
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-10-15 22:55:45
    ComboFix-quarantined-files.txt 2012-10-16 03:55
    .
    Pre-Run: 28,734,087,168 bytes free
    Post-Run: 63,594,295,296 bytes free
    .
    - - End Of File - - 6A2738EA566A73D459DB937D6A4315A1
  15. Broni

    Broni Malware Annihilator Posts: 46,148   +251

    Looks good :)

    How is computer doing?

    ===========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  16. Dancindazed

    Dancindazed Newcomer, in training Topic Starter

    Computer seems to be doing fine so far. I never had any noticeable problems (meaning slowage, lag, freezing etc) Just the warnings from Nod32 every once in a while. Thanks for your help so far, moving on to next step :)
  17. Dancindazed

    Dancindazed Newcomer, in training Topic Starter

    OTL logfile created on: 10/15/2012 11:18:56 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = D:\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.79 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 36.45% Memory free
    7.58 Gb Paging File | 5.09 Gb Available in Paging File | 67.09% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 116.44 Gb Total Space | 59.31 Gb Free Space | 50.94% Space Free | Partition Type: NTFS
    Drive D: | 306.35 Gb Total Space | 100.27 Gb Free Space | 32.73% Space Free | Partition Type: NTFS
    Drive E: | 178.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive U: | 23.42 Gb Total Space | 10.78 Gb Free Space | 46.00% Space Free | Partition Type: FAT32

    Computer Name: MATT-ASUS | User Name: Matt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/15 23:18:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
    PRC - [2012/10/10 05:06:17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2010/11/10 06:15:56 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
    PRC - [2010/10/27 22:22:28 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Last.fm\iPodScrobbler.exe
    PRC - [2010/10/27 22:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe
    PRC - [2010/08/17 17:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    PRC - [2010/08/11 22:46:34 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    PRC - [2010/06/09 12:55:54 | 001,080,448 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
    PRC - [2010/05/03 17:45:50 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    PRC - [2010/05/03 17:41:46 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    PRC - [2010/04/29 12:30:44 | 000,091,456 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
    PRC - [2010/04/29 12:30:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
    PRC - [2010/04/12 03:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    PRC - [2010/02/18 18:27:40 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe
    PRC - [2010/02/11 21:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    PRC - [2009/12/15 13:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    PRC - [2009/11/02 17:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    PRC - [2009/09/30 22:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/09/30 22:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/09/29 14:03:46 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    PRC - [2009/07/31 13:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    PRC - [2009/07/06 17:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    PRC - [2009/06/19 13:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    PRC - [2009/06/19 13:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    PRC - [2009/06/15 20:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    PRC - [2008/12/22 20:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/08/14 00:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Matt\AppData\Roaming\Google\Google Talk\googletalk.exe
    PRC - [2002/12/19 18:17:56 | 000,057,344 | ---- | M] (Thong Nguyen) -- C:\Program Files (x86)\PowerMenu\PowerMenu.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/10/10 05:06:15 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
    MOD - [2012/10/10 05:06:13 | 012,435,992 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
    MOD - [2012/10/10 05:06:12 | 004,005,912 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
    MOD - [2012/10/10 05:04:57 | 000,578,072 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
    MOD - [2012/10/10 05:04:55 | 000,123,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\libegl.dll
    MOD - [2012/10/10 05:04:44 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
    MOD - [2012/10/10 05:04:43 | 000,275,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
    MOD - [2012/10/10 05:04:42 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
    MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2012/06/14 03:36:34 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 03:02:52 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
    MOD - [2012/06/14 03:02:19 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/06/14 03:02:06 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
    MOD - [2012/05/10 03:32:22 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
    MOD - [2012/05/10 03:30:01 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
    MOD - [2012/05/10 03:29:04 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/05/10 03:29:00 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/10 03:28:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/10 03:28:56 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/10 03:28:49 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2010/10/27 22:23:04 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_rtaudioplayback.dll
    MOD - [2010/10/27 22:22:52 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_messengernotify.dll
    MOD - [2010/10/27 22:22:42 | 000,058,880 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_skypenotify.dll
    MOD - [2010/10/27 22:22:28 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Last.fm\iPodScrobbler.exe
    MOD - [2010/10/27 22:22:08 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_madtranscode.dll
    MOD - [2010/10/27 22:22:00 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_httpinput.dll
    MOD - [2010/10/27 22:19:28 | 000,372,736 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmFingerprint1.dll
    MOD - [2010/10/27 22:19:06 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Last.fm\breakpad.dll
    MOD - [2010/10/27 22:18:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Last.fm\Moose1.dll
    MOD - [2010/10/27 22:18:34 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmTools1.dll
    MOD - [2010/10/27 22:13:52 | 001,382,507 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libfftw3f-3.dll
    MOD - [2010/10/27 22:13:52 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\Last.fm\zlibwapi.dll
    MOD - [2010/08/11 22:46:34 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    MOD - [2010/07/22 16:45:00 | 000,181,760 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
    MOD - [2010/02/23 18:14:22 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
    MOD - [2010/02/23 18:14:18 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
    MOD - [2010/02/23 18:14:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
    MOD - [2010/02/23 18:12:22 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
    MOD - [2010/02/23 18:11:46 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
    MOD - [2009/12/29 16:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
    MOD - [2009/11/02 17:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    MOD - [2009/11/02 17:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
    MOD - [2008/04/16 18:42:30 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtNetwork4.dll
    MOD - [2008/04/16 18:42:16 | 000,524,288 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtSql4.dll
    MOD - [2008/04/16 18:42:02 | 006,701,056 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtGui4.dll
    MOD - [2008/04/16 18:36:38 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtXml4.dll
    MOD - [2008/04/16 18:36:34 | 001,654,784 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtCore4.dll
    MOD - [2008/04/02 15:26:50 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qmng4.dll
    MOD - [2008/04/02 15:26:34 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qgif4.dll
    MOD - [2008/04/02 15:26:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qjpeg4.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2011/03/15 17:35:18 | 000,071,168 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe -- (NovacomD)
    SRV:64bit: - [2010/06/22 14:20:42 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
    SRV:64bit: - [2009/09/29 14:11:14 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
    SRV:64bit: - [2009/09/29 14:03:46 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2009/08/06 17:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/10/08 14:51:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/26 16:39:02 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2012/09/26 16:38:42 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2010/04/29 12:30:44 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/11 21:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2009/12/15 13:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
    SRV - [2009/09/30 22:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2009/09/30 22:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/06/15 20:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/10/03 22:36:22 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2012/09/23 01:41:17 | 000,704,512 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/08/09 15:21:12 | 012,312,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/03/19 15:12:38 | 001,454,896 | ---- | M] (ShiningMorning Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vasdDev.sys -- (VASDeviceDrm)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/22 05:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
    DRV:64bit: - [2012/01/11 01:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
    DRV:64bit: - [2011/12/01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
    DRV:64bit: - [2011/12/01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
    DRV:64bit: - [2011/08/23 06:12:58 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 08:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/08/11 09:51:48 | 001,587,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ksaud.sys -- (ksaud)
    DRV:64bit: - [2010/04/12 03:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
    DRV:64bit: - [2010/03/02 03:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010/02/26 03:32:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/02/24 22:26:57 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
    DRV:64bit: - [2010/01/25 20:57:54 | 000,010,240 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
    DRV:64bit: - [2009/09/29 14:06:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
    DRV:64bit: - [2009/09/29 14:03:00 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2009/09/29 13:56:36 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
    DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/08/19 21:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
    DRV:64bit: - [2009/08/18 03:23:31 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
    DRV:64bit: - [2009/08/06 17:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2009/08/06 16:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/07/20 04:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/13 12:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
    DRV:64bit: - [2008/05/23 20:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/02 20:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local>


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
    FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
    FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/02/10 21:26:22 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - homepage: http://www.google.com/ig?hl=en
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - homepage: http://www.google.com/ig?hl=en
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
  18. Dancindazed

    Dancindazed Newcomer, in training Topic Starter

    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Chrome IE Tab (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.5.14.1_0\plugin/blackfishietab.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0\
    CHR - Extension: Send using Gmail\u2122 (no button) = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahldefgplekckalfcolhhnljbbgaiboc\1.11.12.10_0\
    CHR - Extension: Turn Off the Lights = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.6_0\
    CHR - Extension: Proxy Switchy! = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\
    CHR - Extension: Google Search = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: AdBlock = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
    CHR - Extension: IE Tab = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.10.10.1_0\
    CHR - Extension: goo.gl URL Shortener = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk\0.7.2_0\
    CHR - Extension: Chess = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiefmccciemniajdkgikpnocipidaaeg\1_0\
    CHR - Extension: Skype Click to Call = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
    CHR - Extension: Clickable Links = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblbciejcodpealifnhfjbdlkedplodp\1.1.6_0\
    CHR - Extension: Google Mail Checker = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
    CHR - Extension: Google Chrome to Phone Extension = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
    CHR - Extension: Nicer Inverter = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\oichlckdgnbjkmhaebnnhibamjgpndkm\1.3_0\
    CHR - Extension: Gmail = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/10/15 22:51:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe File not found
    O4:64bit: - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\SysNative\SBAVMon.dll (Creative Technology Ltd.)
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
    O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
    O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
    O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
    O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
    O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
    O4 - HKCU..\Run: [googletalk] C:\Users\Matt\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
    O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerMenu.lnk = C:\Program Files (x86)\PowerMenu\PowerMenu.exe (Thong Nguyen)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} http://www.worldwinner.com/games/v50/pool/pool.cab (Pool Control)
    O16 - DPF: {830690FC-BF2F-47A6-AC2D-330BCB402664} http://skype.saveontelephonebills.com/skypebeta/Skype4COM.dll (Skype Class)
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D8ADF84-5ACD-43D9-84AE-E27B4FFF6BB6}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E581F41-796A-4AD9-9EDA-D12930517E8A}: DhcpNameServer = 24.220.0.10 24.220.0.11
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/04/17 20:25:28 | 000,000,000 | ---D | M] - D:\.autobahn -- [ NTFS ]
    O32 - AutoRun File - [2007/07/18 22:16:10 | 000,000,055 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/15 23:18:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL.exe
    [2012/10/15 23:05:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/10/15 22:55:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/10/15 22:34:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/15 22:34:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/15 22:34:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/15 22:34:17 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/10/15 22:31:56 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/15 22:31:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/15 22:28:21 | 004,980,596 | R--- | C] (Swearware) -- D:\Desktop\ComboFix.exe
    [2012/10/15 21:19:31 | 004,731,392 | ---- | C] (AVAST Software) -- D:\Desktop\aswMBR.exe
    [2012/10/15 20:37:38 | 000,000,000 | ---D | C] -- D:\Desktop\tdsskiller (2)
    [2012/10/15 19:53:24 | 000,706,431 | R--- | C] (Swearware) -- D:\Desktop\dds.com
    [2012/10/15 19:21:42 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Malwarebytes
    [2012/10/15 19:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/15 19:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/15 19:21:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/10/15 19:21:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/10/15 19:20:37 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- D:\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/10/15 19:03:06 | 000,000,000 | ---D | C] -- D:\Desktop\RK_Quarantine
    [2012/10/14 21:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoHotkey
    [2012/10/14 21:00:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
    [2012/10/14 21:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey
    [2012/10/12 17:27:22 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- D:\Desktop\TDSSKiller.exe
    [2012/10/08 17:56:09 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
    [2012/10/08 17:55:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paltalk Messenger
    [2012/10/07 19:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iSpQ VideoChat 9
    [2012/10/07 19:37:10 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\ooVoo Details
    [2012/10/03 21:14:43 | 002,212,656 | ---- | C] (ELAN Microelectronics Corp.) -- C:\Windows\ETDUninst.dll
    [2012/10/03 16:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/10/03 16:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/10/03 16:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/10/03 16:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2012/10/03 16:10:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2012/10/03 16:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2012/10/02 20:10:03 | 000,000,000 | ---D | C] -- D:\Desktop\iTunes Library backup (Rename to iTunes)
    [2012/10/02 16:13:44 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Mumble
    [2012/10/01 20:29:58 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\YoYo_Games_Ltd
    [2012/10/01 20:29:55 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\GameMaker8.1
    [2012/10/01 20:29:19 | 000,000,000 | ---D | C] -- C:\Users\Matt\GameMaker 8.1
    [2012/09/27 23:29:27 | 000,000,000 | ---D | C] -- D:\Desktop\magicmp3
    [2012/09/26 19:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
    [2012/09/26 18:51:56 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\mIRC
    [2012/09/26 16:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
    [2012/09/26 16:41:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
    [2012/09/26 16:41:51 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
    [2012/09/26 16:39:17 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2012/09/26 16:39:16 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2012/09/26 16:39:14 | 002,902,493 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
    [2012/09/26 16:39:14 | 001,940,992 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll
    [2012/09/26 16:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
    [2012/09/26 16:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
    [2012/09/26 16:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
    [2012/09/26 16:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
    [2012/09/23 01:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2012/09/23 01:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
    [2012/09/21 15:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
    [2012/09/21 15:18:08 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\SecondLife
    [2012/09/21 15:18:07 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\SecondLife
    [2012/09/18 15:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3Quiz
    [2012/09/18 15:10:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tencent
    [2012/09/18 15:10:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tencent
    [2012/09/18 15:10:00 | 000,000,000 | ---D | C] -- D:\Documents\Tencent Files
    [2012/09/18 15:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tencent
    [2012/09/18 15:09:47 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Tencent
    [2012/09/18 14:55:32 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\CommFort
    [2012/09/16 23:12:03 | 001,454,896 | ---- | C] (ShiningMorning Inc.) -- C:\Windows\SysNative\drivers\vasdDev.sys
    [2012/09/16 23:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Streaming
    [2012/09/16 23:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShiningMorning
    [2012/09/16 22:32:58 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

    ========== Files - Modified Within 30 Days ==========

    [2012/10/15 23:18:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
    [2012/10/15 23:13:32 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/15 23:13:32 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/15 23:10:58 | 000,778,674 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/15 23:10:58 | 000,660,248 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/15 23:10:58 | 000,121,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/15 23:05:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/15 23:04:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/15 23:04:37 | 3054,784,512 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/15 22:51:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/10/15 22:51:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/10/15 22:31:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/15 22:28:53 | 004,980,596 | R--- | M] (Swearware) -- D:\Desktop\ComboFix.exe
    [2012/10/15 21:50:46 | 000,000,512 | ---- | M] () -- D:\Desktop\MBR.dat
    [2012/10/15 21:19:46 | 004,731,392 | ---- | M] (AVAST Software) -- D:\Desktop\aswMBR.exe
    [2012/10/15 20:43:32 | 001,425,920 | ---- | M] () -- D:\Desktop\RogueKiller (2).exe
    [2012/10/15 20:39:45 | 001,425,920 | ---- | M] () -- D:\Desktop\RogueKiller (1).exe
    [2012/10/15 20:36:51 | 002,194,704 | ---- | M] () -- D:\Desktop\tdsskiller (2).zip
    [2012/10/15 19:53:26 | 000,706,431 | R--- | M] (Swearware) -- D:\Desktop\dds.com
    [2012/10/15 19:43:30 | 000,002,626 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
    [2012/10/15 19:21:30 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/15 19:20:56 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- D:\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/10/15 18:53:19 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- D:\Desktop\TDSSKiller.exe
    [2012/10/14 21:00:55 | 000,001,351 | ---- | M] () -- D:\Documents\AutoHotkey.ahk
    [2012/10/11 22:02:00 | 000,000,000 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\.NANotifyHere
    [2012/10/08 20:52:42 | 000,001,018 | ---- | M] () -- D:\Desktop\LP_PalScore.lnk
    [2012/10/08 17:56:09 | 000,001,969 | ---- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Paltalk Messenger.lnk
    [2012/10/03 22:36:22 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Windows\SysNative\drivers\ETD.sys
    [2012/10/03 16:22:25 | 000,001,763 | ---- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2012/10/02 16:55:52 | 000,124,341 | ---- | M] () -- D:\Documents\Amazon power cord return.pdf
    [2012/10/02 16:14:10 | 000,002,377 | ---- | M] () -- D:\Documents\MumbleAutomaticCertificateBackup.p12
    [2012/09/29 03:02:25 | 000,772,522 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/09/26 19:52:16 | 000,001,127 | ---- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2012/09/26 16:48:24 | 000,000,286 | RH-- | M] () -- C:\Windows\ctfile.rfc
    [2012/09/26 16:46:49 | 000,001,388 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
    [2012/09/26 16:39:17 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2012/09/26 16:39:17 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2012/09/21 15:25:59 | 000,015,862 | ---- | M] () -- C:\Windows\SysNative\results.xml
    [2012/09/18 15:09:44 | 000,018,760 | ---- | M] () -- C:\Windows\SysWow64\QQVistaHelper.dll

    ========== Files Created - No Company Name ==========

    [2012/10/15 22:34:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/15 22:34:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/15 22:34:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/15 22:34:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/15 22:34:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/15 21:50:46 | 000,000,512 | ---- | C] () -- D:\Desktop\MBR.dat
    [2012/10/15 20:43:31 | 001,425,920 | ---- | C] () -- D:\Desktop\RogueKiller (2).exe
    [2012/10/15 20:39:43 | 001,425,920 | ---- | C] () -- D:\Desktop\RogueKiller (1).exe
    [2012/10/15 20:36:26 | 002,194,704 | ---- | C] () -- D:\Desktop\tdsskiller (2).zip
    [2012/10/15 19:21:30 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/14 21:00:55 | 000,001,351 | ---- | C] () -- D:\Documents\AutoHotkey.ahk
    [2012/10/11 22:02:00 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\.NANotifyHere
    [2012/10/08 20:52:42 | 000,001,018 | ---- | C] () -- D:\Desktop\LP_PalScore.lnk
    [2012/10/08 17:56:09 | 000,001,969 | ---- | C] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Paltalk Messenger.lnk
    [2012/10/03 16:22:25 | 000,001,763 | ---- | C] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2012/10/03 16:10:26 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2012/10/02 16:55:51 | 000,124,341 | ---- | C] () -- D:\Documents\Amazon power cord return.pdf
    [2012/10/02 16:14:10 | 000,002,377 | ---- | C] () -- D:\Documents\MumbleAutomaticCertificateBackup.p12
    [2012/09/27 22:56:08 | 000,772,522 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/09/26 19:52:16 | 000,001,127 | ---- | C] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2012/09/26 16:41:14 | 000,044,795 | R--- | C] () -- C:\Windows\SysNative\kschimp.ini
    [2012/09/26 16:40:57 | 000,034,637 | ---- | C] () -- C:\Windows\SysNative\ksaud.ini
    [2012/09/26 16:40:57 | 000,012,344 | ---- | C] () -- C:\Windows\SysNative\MixerDefault.reg
    [2012/09/26 16:40:57 | 000,004,534 | ---- | C] () -- C:\Windows\SysNative\SB.bmp
    [2012/09/26 16:40:57 | 000,003,077 | ---- | C] () -- C:\ProgramData\cfSB1290.ini
    [2012/09/26 16:40:23 | 000,002,630 | R--- | C] () -- C:\Windows\MixerName.reg
    [2012/09/26 16:40:12 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd
    [2012/09/18 15:24:12 | 000,002,589 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Quiz Help.chm.lnk
    [2012/09/18 15:24:12 | 000,002,589 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Quiz.lnk
    [2012/09/18 15:09:44 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
    [2012/08/28 07:53:55 | 000,000,218 | ---- | C] () -- C:\Users\Matt\.recently-used.xbel
    [2012/08/09 15:21:22 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2012/08/09 15:21:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2012/08/09 15:21:08 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2012/08/09 15:21:04 | 013,913,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2012/05/30 10:00:27 | 000,016,144 | ---- | C] () -- C:\Windows\SysWow64\tsd32.dll
    [2012/03/29 09:21:18 | 000,144,523 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll
    [2012/02/16 10:32:25 | 000,580,096 | ---- | C] () -- C:\Windows\SysWow64\lame.exe
    [2012/02/16 10:32:25 | 000,496,640 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
    [2012/02/16 10:32:25 | 000,131,176 | ---- | C] () -- C:\Windows\SysWow64\mp3gain.exe
    [2012/02/16 10:32:25 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\akrip32.dll
    [2012/02/16 10:32:24 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\Mp3Ctrl.dll
    [2012/02/16 10:32:22 | 000,003,180 | ---- | C] () -- C:\Users\Matt\AppData\Local\ZortamMp3MediaStudio.iss
    [2012/01/16 16:11:33 | 001,993,167 | ---- | C] () -- C:\Users\Matt\2013_holiday_calendar_us.png
    [2012/01/16 15:57:26 | 000,083,435 | ---- | C] () -- C:\Users\Matt\2012-US-Holiday-Calendar.png
    [2012/01/16 11:41:18 | 000,038,464 | ---- | C] () -- C:\Users\Matt\calendar-2013.gif
    [2012/01/16 11:26:11 | 000,041,601 | ---- | C] () -- C:\Users\Matt\calendar-2012.gif
    [2011/12/20 19:34:48 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
    [2011/12/11 15:36:35 | 000,000,016 | ---- | C] () -- C:\ProgramData\autobk.inc
    [2011/06/17 18:46:46 | 007,626,558 | ---- | C] () -- C:\Users\Matt\AppData\Local\_run.qx
    [2011/05/26 14:11:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/04/20 16:00:07 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2011/04/20 16:00:07 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2011/04/20 15:36:10 | 000,001,487 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\isound.xml
    [2011/04/20 15:36:10 | 000,000,099 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\names.xml
    [2011/04/20 15:36:10 | 000,000,096 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\events.xml
    [2011/04/19 20:54:46 | 000,003,071 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
    [2011/03/20 22:05:38 | 000,012,502 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
    [2011/03/20 22:05:31 | 000,018,038 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
    [2011/03/20 22:02:14 | 000,005,894 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.dat
    [2011/03/20 22:01:13 | 000,669,416 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
    [2011/03/20 22:01:13 | 000,003,002 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
    [2011/03/12 00:26:48 | 000,000,151 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/04/01 17:09:01 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\.minecraft
    [2012/08/28 07:53:55 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\.purple
    [2011/04/20 15:36:58 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Abyssmedia
    [2012/04/12 16:39:49 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Any DVD Cloner Platinum
    [2011/05/22 14:49:55 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Asus WebStorage
    [2012/05/15 20:50:53 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Camfrog
    [2011/02/12 23:50:01 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ChessBase
    [2012/02/29 00:40:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Chrome
    [2011/03/29 22:59:45 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\com.amazon.music.uploader
    [2012/09/18 14:55:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\CommFort
    [2011/03/20 23:34:40 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\dBpoweramp
    [2012/09/23 02:49:09 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Dropbox
    [2011/02/10 21:22:31 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\EeeStorageUploader
    [2011/03/18 20:54:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\foobar2000
    [2011/03/03 22:09:24 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\FrostWire
    [2012/08/28 00:15:09 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\gtk-2.0
    [2011/12/11 21:15:21 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\IK Multimedia
    [2012/03/09 02:33:29 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ImgBurn
    [2012/09/15 17:56:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Indline Application Client
    [2012/02/29 19:53:29 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\InfraRecorder
    [2012/01/28 20:14:31 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\JasonRobitaille
    [2011/05/16 20:25:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Jumping Bytes
    [2011/05/21 18:32:48 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LPMultiScore
    [2012/10/08 20:52:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LP_PalScore
    [2012/05/28 17:14:43 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ManyCam
    [2011/02/27 00:52:56 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\mecanto
    [2012/10/15 19:32:54 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\MediaMonkey
    [2012/10/02 16:17:36 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mumble
    [2011/04/01 21:46:48 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\MusicBrainz
    [2012/10/07 19:38:04 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ooVoo Details
    [2012/08/30 08:04:56 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OpenCandy
    [2012/01/09 01:26:22 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OpenOffice.org
    [2011/06/06 22:57:44 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Paltalk
    [2011/02/27 18:30:04 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Philipp Winterberg
    [2011/06/17 19:15:24 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\QuizCreator
    [2011/06/17 19:14:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\QuizXpress
    [2012/05/18 04:05:10 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\rockbox.org
    [2012/09/21 15:41:20 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\SecondLife
    [2011/06/23 20:10:04 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\StreamTorrent
    [2011/06/17 19:14:59 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\SurveyCreator
    [2011/12/20 19:37:53 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Synaptics
    [2012/09/21 15:19:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\SystemRequirementsLab
    [2011/02/15 22:33:07 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TCB Networks
    [2011/05/22 14:48:33 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\temp
    [2012/09/18 15:13:40 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Tencent
    [2011/02/17 23:13:46 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\tidysongs16
    [2011/05/03 21:08:33 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Tific
    [2011/12/11 20:34:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Topten Software
    [2012/10/15 16:33:11 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\uTorrent
    [2012/07/03 00:49:12 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WindSolutions
    [2012/01/25 00:09:33 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\XBMC

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 172 bytes -> C:\ProgramData\Temp:B946D9EE
    @Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:8331D35A

    < End of report >
     
  19. Dancindazed

    Dancindazed Newcomer, in training Topic Starter

    OTL Extras logfile created on: 10/15/2012 11:18:56 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = D:\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.79 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 36.45% Memory free
    7.58 Gb Paging File | 5.09 Gb Available in Paging File | 67.09% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 116.44 Gb Total Space | 59.31 Gb Free Space | 50.94% Space Free | Partition Type: NTFS
    Drive D: | 306.35 Gb Total Space | 100.27 Gb Free Space | 32.73% Space Free | Partition Type: NTFS
    Drive E: | 178.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive U: | 23.42 Gb Total Space | 10.78 Gb Free Space | 46.00% Space Free | Partition Type: FAT32

    Computer Name: MATT-ASUS | User Name: Matt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url [@ = InternetShortcut] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1"
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1"
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{184B8D5F-A713-4DF6-94F2-D923B964591D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{1BF001E6-31F5-4DA9-969A-A56FDBF98053}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
    "{2177733B-0048-45FB-B7D2-8D4DD47E2118}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{25542363-1F91-4CB9-9826-8E325B87385A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{34473560-E802-4B59-9A47-8ABC41BA0F53}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3BAE154B-FAFA-410A-9881-FD52BC6346EA}" = rport=445 | protocol=6 | dir=out | app=system |
    "{3CD93CFA-8943-4884-B872-47B067E24CFA}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{3EB4ED1D-7261-43EE-ADEC-FFB68CFC22F8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{44672A8A-A58A-4311-B8A0-C0FDF9D5EAA9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5417E7A3-0ADB-49BB-A6AE-F4C9FF607C6D}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{59F901BC-6D95-4734-B06D-86DB8AB135A1}" = lport=137 | protocol=17 | dir=in | app=system |
    "{5D9C3139-AA56-4D06-BB89-864ED36E798E}" = lport=138 | protocol=17 | dir=in | app=system |
    "{75B9CF05-5DA2-4A72-8E97-0C84E59B1953}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
    "{7978D1CF-AAD9-4915-AF83-115CF747FDEB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{858EA5C8-03C5-4333-A79A-99DBD341CD21}" = rport=139 | protocol=6 | dir=out | app=system |
    "{900E5920-E78C-475D-940B-E8583502DB54}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AD7D23FB-FC83-4099-ACE4-A6C608571300}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AE922E28-5B37-4588-B7E7-A1547E42945A}" = rport=138 | protocol=17 | dir=out | app=system |
    "{B8E2D567-B989-4AB6-9177-154960327AED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C1854362-6D82-4873-9DFE-90AB0B9C9936}" = rport=137 | protocol=17 | dir=out | app=system |
    "{C7132D71-A266-4A14-8813-2CD754F374AB}" = lport=139 | protocol=6 | dir=in | app=system |
    "{D0648EA8-9A92-4C08-A02F-BD87F3881FFD}" = lport=445 | protocol=6 | dir=in | app=system |
    "{E25E6EFC-BDD9-45E3-81DD-0F02C03ED7FB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E6E7CF73-46C3-4DA8-82EA-45808195A021}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{E7A86DFD-FC56-4483-9F31-9FD813D17106}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04D4E026-8D3A-4D5B-8A58-49F4E1E9E792}" = protocol=6 | dir=out | app=system |
    "{0852EC74-C8FF-497A-A8A0-D1C00FC231C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{0CF32425-C58C-4FCB-9587-3F2CCE841945}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
    "{105CBF2B-C364-466E-887B-C10FB0931FF8}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\auclt.exe |
    "{16905EBA-15D1-41F6-B0BC-BC2038B33B6B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1D879A47-08C1-4DCC-B337-A3DD032BF709}" = protocol=6 | dir=in | app=c:\users\matt\appdata\roaming\dropbox\bin\dropbox.exe |
    "{2756CA2F-64D1-4409-AAE1-8F82AFA222EF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{2DA5A383-7276-4BD8-9F73-AC597391A116}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{2E338D06-079F-4DF5-8D50-EF48FA5C654F}" = protocol=17 | dir=in | app=c:\users\matt\appdata\roaming\dropbox\bin\dropbox.exe |
    "{33442210-3921-4A4D-AAD0-1882A0C931C5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{3E446485-F921-4CCA-B27D-794A482A0FB7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{3F05E8B6-ED28-461E-94F4-18027CFD242D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\zoo tycoon 2\zt.exe |
    "{41F5B974-740E-4805-B50C-D2CEFA6EF0CE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{42D4ECB0-3735-4CB4-B3BE-2667D233ABA1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{46808531-A65D-4AE3-A10F-65ACE8A56C25}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
    "{4ED2DC92-F151-4DBD-8628-353A3C5CFC7D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
    "{4F62EE32-1CDF-4B23-84B4-376A5EE38CBF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\zoo tycoon 2\zt.exe |
    "{523D311B-97D1-4078-A947-DDF819596C21}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{52B67149-C5F8-422F-BBD8-CFB70CDE66CA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{58207776-04F9-4343-8FCB-C00B7FA8220B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{5CFFB4F6-940A-48E8-8FF2-19B97E4893B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{6AEBA490-30A3-4B8A-B82B-DAB4ECFD0226}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{6E222D30-6105-48E8-8AF3-368E24FACEAC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{733B4C8D-CE8A-4257-960B-6B9B29A2F6A3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{7B1E2EF7-79F6-4690-9D9B-FC4C0B6C9F83}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{7D8EF8C6-3C10-436C-B129-8BD28F25EAF5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{84E43B64-F76E-464C-B257-626AAE7B3C1A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{8B0D0D59-74D4-4B7A-A332-E49C24D38AD3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8D347242-064C-46AF-B5CF-2B774D1534B1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{8D8884C3-9E65-4A3E-8402-4F6B38BCA440}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
    "{8F13E4FF-E81A-45EE-BD80-C05D3372A42C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{8F9EDBA2-C00D-4C74-B3B6-5EEE851532C0}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
    "{96B8E928-CB10-4942-90DE-45A3805297ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A2857293-D8CA-4803-B611-DDBF0D4C250B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{A4312BCF-290A-4DF1-87D7-969E13973F95}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\txupd.exe |
    "{AB08B4BD-0C88-4E3E-A3AE-20DF41056E2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{B3D730ED-4241-4EAE-810B-B680C2495FA7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{BB96F56E-9A54-4FF8-8E60-C2C34656B86B}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
    "{C1932994-CF67-43FD-844E-43E44C322176}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
    "{CBD78687-9C52-4AD7-8A89-2A41B7DA3E6A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{CE14875C-1DB6-45E7-BD8E-DBBECB9928D6}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{CFB1F69E-908B-4FA1-B274-FDEC6F79DF84}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\txupd.exe |
    "{DDF94146-CC42-47C5-B008-87F241F54449}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{E31838FF-F2AA-4930-A865-7D993EFAC7CF}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\auclt.exe |
    "{E8EA9839-19C1-4CD7-A748-30AC24E9736F}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{EF3BA8B9-8AAE-41C6-9EE6-2F8B4BD45083}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "TCP Query User{10FCE3E4-95BA-483B-80F3-128E10FF2E3F}C:\users\matt\appdata\local\temp\pyl4efc.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\temp\pyl4efc.tmp\pyrun.exe |
    "TCP Query User{17755FC1-A3EF-4BDD-BE10-94FE7CD9136A}C:\users\matt\downloads\couchpotato r36\couchpotato.exe" = protocol=6 | dir=in | app=c:\users\matt\downloads\couchpotato r36\couchpotato.exe |
    "TCP Query User{1C8B3CC3-9474-4CC6-9BFD-92760FA8FAD7}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
    "TCP Query User{1EB5EEAE-96AC-4E9E-98BD-BA50C44D4014}C:\program files (x86)\ispq videochat 9\ispqvideochat9.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ispq videochat 9\ispqvideochat9.exe |
    "TCP Query User{2CA34597-47EE-44D6-AB80-B861CFA7747A}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe |
    "TCP Query User{2CB88325-BACA-4D6F-8B47-478D3B123CD5}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
    "TCP Query User{3498FC7A-B8C8-49FA-B2F3-922D46F437D1}C:\program files (x86)\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\paltalk messenger\paltalk.exe |
    "TCP Query User{350D4203-9C2A-4177-B419-274671C92200}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
    "TCP Query User{3B66E0D9-7B10-4C9A-BAE9-EC1663A22A09}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    "TCP Query User{3C228E4E-36D6-42EE-AC6F-B04829407E37}C:\users\matt\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{3D00FAAC-9A88-4A32-ACF3-A654461B609F}C:\program files (x86)\nero\nero 11\nero backitup\backitup.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 11\nero backitup\backitup.exe |
    "TCP Query User{4197C584-DCEC-4FF2-AA09-8D9383A80DB3}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
    "TCP Query User{5D342F9B-EDBD-4579-A26D-CE486F286CFA}C:\program files (x86)\zakfromanotherplanet\yazak chat\yazak.exe" = protocol=6 | dir=in | app=c:\program files (x86)\zakfromanotherplanet\yazak chat\yazak.exe |
    "TCP Query User{65258E74-BA94-4461-9DD4-9607CAFC6E81}C:\users\matt\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\matt\appdata\roaming\spotify\spotify.exe |
    "TCP Query User{76C04B89-D77A-4EA9-902C-7916C84D98F0}C:\users\matt\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\matt\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{7B32D7F6-FB1F-48A4-8F75-91274A89FE97}C:\users\matt\appdata\local\temp\pylda95.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\temp\pylda95.tmp\pyrun.exe |
    "TCP Query User{83BECB7E-AD77-4D5D-BA25-9296AE6C7217}C:\program files (x86)\ultramixer\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ultramixer\jre\bin\javaw.exe |
    "TCP Query User{8EB7B59A-7402-4D1C-AB7A-541069A44ABB}C:\program files (x86)\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe |
    "TCP Query User{9598961B-58B6-4ECB-B35F-61FAE30D9AB0}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
    "TCP Query User{977C1BFB-3681-44AE-9C57-EEFC762650AB}C:\program files (x86)\buzzamp online\buzzamponline.exe" = protocol=6 | dir=in | app=c:\program files (x86)\buzzamp online\buzzamponline.exe |
    "TCP Query User{9C0C4633-B029-4D85-A7AC-6720234DFA3F}C:\program files (x86)\secondlifeviewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe |
    "TCP Query User{AEC54BA3-F94A-438F-9711-CB385D19B1AD}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
    "TCP Query User{B7840F88-99C3-4D49-958D-B1E2A65BD663}C:\program files (x86)\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\paltalk messenger\paltalk.exe |
    "TCP Query User{CAF53448-96EC-4157-9799-BEA8E283404A}C:\users\matt\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{D4D9A89E-AA0B-4B3E-9E76-87AB39F7D6A0}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe |
    "UDP Query User{0A3437F3-EDF3-4CE2-A7C0-235445799F4D}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
    "UDP Query User{0D1A9AC4-F9E2-4FCB-AD33-DB60E2CF8B74}C:\program files (x86)\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\paltalk messenger\paltalk.exe |
    "UDP Query User{1446408B-7A25-4032-A75E-945C3C6F42E1}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
    "UDP Query User{1B433224-C848-4D37-80BD-6EC0E7644501}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
    "UDP Query User{26343EDD-F20F-49A7-A5F4-11FDE66B6823}C:\users\matt\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{26A66205-0345-42FA-8C22-443CC31D777E}C:\program files (x86)\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\paltalk messenger\paltalk.exe |
    "UDP Query User{2BEF0463-3E21-41DA-8B52-63ECCC1BA0F0}C:\program files (x86)\secondlifeviewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe |
    "UDP Query User{2E57BC53-42F2-418D-B1FD-540A9B50D68F}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    "UDP Query User{427DEFF9-628D-4AF5-842C-7824A258D9D4}C:\program files (x86)\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe |
    "UDP Query User{4C401CA7-2DA9-4775-A5F1-4E1077F4CACC}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
    "UDP Query User{4F79482F-7C5C-4917-969C-7B0FB11F1E95}C:\program files (x86)\ispq videochat 9\ispqvideochat9.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ispq videochat 9\ispqvideochat9.exe |
    "UDP Query User{542577BF-4365-4A39-834E-B0F779CB15DA}C:\program files (x86)\buzzamp online\buzzamponline.exe" = protocol=17 | dir=in | app=c:\program files (x86)\buzzamp online\buzzamponline.exe |
    "UDP Query User{5840C4FB-4BBC-47B1-9032-FA192D7F966E}C:\program files (x86)\nero\nero 11\nero backitup\backitup.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 11\nero backitup\backitup.exe |
    "UDP Query User{6F058CC6-1F75-49F6-8937-77AD2FBE8E5E}C:\program files (x86)\zakfromanotherplanet\yazak chat\yazak.exe" = protocol=17 | dir=in | app=c:\program files (x86)\zakfromanotherplanet\yazak chat\yazak.exe |
    "UDP Query User{7334F031-F3B3-4DFC-AD05-6BB5E8B3E5FE}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe |
    "UDP Query User{75E9C5FD-C0A2-4F1E-A9A7-B8341247ECAD}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
    "UDP Query User{78433A7C-CAB4-41B3-9E2C-5FC3E011B6BD}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
    "UDP Query User{927062B2-151F-4FD8-9024-C568699D2E1F}C:\users\matt\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\matt\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{BCF32602-1063-4F06-AEFD-C6B1B1A43E90}C:\users\matt\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\matt\appdata\roaming\spotify\spotify.exe |
    "UDP Query User{BE03119A-EEC0-4CFE-8AD5-DFA2B427E1E2}C:\program files (x86)\ultramixer\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ultramixer\jre\bin\javaw.exe |
    "UDP Query User{C32E8357-4F31-44FA-89FF-2D64B06557FC}C:\users\matt\appdata\local\temp\pyl4efc.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\temp\pyl4efc.tmp\pyrun.exe |
    "UDP Query User{D2B864BB-7C51-414B-AC82-9741E69AEE1E}C:\users\matt\appdata\local\temp\pylda95.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\temp\pylda95.tmp\pyrun.exe |
    "UDP Query User{D5AD8707-C6C5-411A-8EA0-88356B934ACC}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe |
    "UDP Query User{D5F4CE75-C85B-4E2C-A348-89B4D6E78549}C:\users\matt\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{DAC166AB-B474-4AF4-8486-4B4F0A764628}C:\users\matt\downloads\couchpotato r36\couchpotato.exe" = protocol=17 | dir=in | app=c:\users\matt\downloads\couchpotato r36\couchpotato.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{2C22EA92-CB30-4932-0052-000001000000}" = InfraRecorder 0.52 (x64 edition)
    "{37DEBC1E-0A1F-448A-8DDD-A2FF4B1578EB}" = Motorola Driver Installation 4.6.0
    "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
    "{4183655A-5FC6-4A23-A804-7764145EC57C}" = ESET NOD32 Antivirus
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd
    "{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
    "{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1" = AmpliTube 3 version 3.7.0
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
    "AutoHotkey" = AutoHotkey_L 1.1.08.01
    "Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
    "{0320AB41-0926-4218-A8A6-68AC84E6BB93}" = Nero Recode 11
    "{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
    "{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
    "{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
    "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
    "{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
    "{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
    "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
    "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
    "{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
    "{38EE230F-F631-451F-8800-E29F5E5C9E7D}" = iTunes Library Updater
    "{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{46F42615-BA31-45A0-BE10-2D2119749E95}" = iQuiz Maker
    "{47107F5F-FDEC-4A01-896C-E76245743F1A}" = X-Edit
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A6E2455-E318-4A60-9174-754D1BE5E7A4}" = Nero 11
    "{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = Welcome App (Start-up experience)
    "{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
    "{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
    "{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
    "{587B7A6F-CA1F-4639-9083-16F9BB2363B4}" = Sound Blaster X-Fi Go! Pro
    "{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
    "{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
    "{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84BBFA13-C40E-4287-85EF-E8B1034451AA}" = Windows Media Encoder 9 Series SDK
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{942EEA05-E3B1-4183-95BC-F6504BE05E45}" = Deep Rybka 3
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
    "{97BA4659-5388-434B-84FD-FF9F6213954C}" = QuizXpress 3.3
    "{9A0F591C-6ACB-225D-7CEE-4C5F9BEFEB7D}" = Amazon MP3 Uploader
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
    "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}" = TSP_CODEC
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
    "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AE8A1CE1-EFBD-4ED9-9672-A50DB2D944E5}" = Deep Rybka 3
    "{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B6E5783A-4A63-44B6-A6E1-2D43A5FC59B2}_is1" = Indline
    "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
    "{B9FDEDF1-DD77-42BD-B2BD-ABCB30655C73}_is1" = Virtual Audio Streaming 4.0
    "{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}" = syncables desktop SE
    "{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
    "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{C71067FC-288F-4E0B-88C6-44DFDA8311E2}" = System Requirements Lab for Intel
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
    "{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
    "{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
    "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
    "{DDC5B3E0-C656-4070-9CF0-E592EC60AD42}" = MotoConnect
    "{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
    "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
    "{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
    "{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
    "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
    "{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
    "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
    "{F69ECEE2-D489-49FE-A2E9-5C7349AE9AE5}" = MP3Quiz
    "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
    "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
    "{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
    "7-Zip" = 7-Zip 9.22beta
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Any DVD Cloner Platinum_is1" = Any DVD Cloner Platinum 1.1.6
    "AutoHotkey" = AutoHotkey 1.0.48.05
    "Buzzamp ONLINE" = Buzzamp ONLINE 4.0
    "Buzzamp SP 2" = Buzzamp SP 2 2.0
    "Camfrog 6.2" = Camfrog Video Chat 6.2
    "Camfrog Cloud Server 1.1" = Camfrog Cloud Server 1.1 (remove only)
    "Cantabile 2.0 Lite" = Cantabile 2.0 Lite
    "com.amazon.music.uploader" = Amazon MP3 Uploader
    "dBpoweramp [Multi Encoder] Codec" = dBpoweramp [Multi Encoder] Codec
    "dBpoweramp CD Writer" = dBpoweramp CD Writer
    "dBpoweramp DSP Effects" = dBpoweramp DSP Effects
    "dBpoweramp Music Converter" = dBpoweramp Music Converter
    "dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
    "Digital Editions" = Adobe Digital Editions
    "DVD Shrink_is1" = DVD Shrink 3.2
    "Free RAR Extract Frog" = Free RAR Extract Frog
    "GoldWave v5.58" = GoldWave v5.58
    "Google Chrome" = Google Chrome
    "ImgBurn" = ImgBurn
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
    "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
    "Internet Scrabble Club_is1" = WordBiz version 1.8
    "I-Sound Recorder for Windows 7_is1" = I-Sound Recorder Pro 7.0.3.0
    "K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN
    "LameACM" = Lame ACM MP3 Codec
    "LastFM_is1" = Last.fm 1.5.4.27091
    "LP_PalScore_is1" = LP_PalScore V1.0.5
    "LPMultiScore_is1" = LPMultiScore V1.0.3
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "ManyCam" = ManyCam 3.0.68 (remove only)
    "MeCanto" = MeCanto 1.0.5722
    "MediaMonkey_is1" = MediaMonkey 4.0
    "MusicBrainz Picard" = MusicBrainz Picard
    "Paltalk Messenger" = Paltalk Messenger 10.2
    "Picasa 3" = Picasa 3
    "Pidgin" = Pidgin
    "PowerISO" = PowerISO
    "PowerMenu" = PowerMenu 1.51
    "Soulseek2" = SoulSeek 157 NS 13e
    "StreamTorrent 1.0" = StreamTorrent 1.0
    "SysInfo" = Creative System Information
    "Tag&Rename_is1" = Tag&Rename 3.5.7
    "uTorrent" = µTorrent
    "VBRunDLL" = VBRunDLL 3.4
    "VLC media player" = VLC media player 1.1.7
    "Winamp" = Winamp
    "Windows 7 - Codec Pack" = Windows 7 Codec Pack 4.0.3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "Wondershare QuizCreator (Build 4.0.1)_is1" = QuizCreator
    "Wubi" = Ubuntu
    "X-Edit" = X-Edit
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update
    "Yazak Chat" = Yazak Chat 8.90.18
    "YTdetect" = Yahoo! Detect
    "Zortam Mp3 Media Studio_is1" = Zortam Mp3 Media Studio 13.30

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "CopyTrans Suite" = CopyTrans Suite Remove Only
    "Dropbox" = Dropbox
    "UnityWebPlayer" = Unity Web Player
    "Winamp Detect" = Winamp Detector Plug-in
    "WinDirStat" = WinDirStat 1.1.2
    "XBMC" = XBMC

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/9/2012 7:30:49 PM | Computer Name = Matt-Asus | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5124321

    Error - 10/9/2012 7:30:50 PM | Computer Name = Matt-Asus | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/9/2012 7:30:50 PM | Computer Name = Matt-Asus | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 5125319

    Error - 10/9/2012 7:30:50 PM | Computer Name = Matt-Asus | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5125319

    Error - 10/9/2012 7:30:51 PM | Computer Name = Matt-Asus | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/9/2012 7:30:51 PM | Computer Name = Matt-Asus | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 5126318

    Error - 10/9/2012 7:30:51 PM | Computer Name = Matt-Asus | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5126318

    Error - 10/9/2012 7:30:52 PM | Computer Name = Matt-Asus | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/9/2012 7:30:52 PM | Computer Name = Matt-Asus | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 5127347

    Error - 10/9/2012 7:30:52 PM | Computer Name = Matt-Asus | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5127347

    [ System Events ]
    Error - 5/18/2012 5:16:50 AM | Computer Name = Matt-Asus | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\DR2, has a bad block.

    Error - 5/18/2012 5:16:50 AM | Computer Name = Matt-Asus | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\DR2, has a bad block.

    Error - 5/18/2012 5:16:50 AM | Computer Name = Matt-Asus | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\DR2, has a bad block.

    Error - 5/18/2012 5:16:50 AM | Computer Name = Matt-Asus | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\DR2, has a bad block.

    Error - 5/18/2012 5:16:50 AM | Computer Name = Matt-Asus | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\DR2, has a bad block.

    Error - 5/18/2012 5:16:50 AM | Computer Name = Matt-Asus | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\DR2, has a bad block.

    Error - 5/18/2012 5:16:50 AM | Computer Name = Matt-Asus | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\DR2, has a bad block.

    Error - 5/18/2012 5:16:50 AM | Computer Name = Matt-Asus | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\DR2, has a bad block.

    Error - 5/18/2012 5:16:50 AM | Computer Name = Matt-Asus | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\DR2, has a bad block.

    Error - 5/18/2012 5:16:50 AM | Computer Name = Matt-Asus | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\DR2, has a bad block.


    < End of report >
  20. Dancindazed

    Dancindazed Newcomer, in training Topic Starter

    Ok so above is the OTL.txt in two parts and the Extras.txt in one post.
  21. Broni

    Broni Malware Annihilator Posts: 46,148   +251

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local>
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe File not found
      O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
      O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
      [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      @Alternate Data Stream - 172 bytes -> C:\ProgramData\Temp:B946D9EE
      @Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:8331D35A
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ===============================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please, run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Checkmark I have read and accepted the license terms.
    • Click on Run Check button.
    • Quick scan (recommended) option will come pre-checked. Don't change it.
    • Click on Start button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
  22. Broni

    Broni Malware Annihilator Posts: 46,148   +251

    Still with me?
  23. Broni

    Broni Malware Annihilator Posts: 46,148   +251

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.