[A] Trojan svchost.exe picked up by Avast

Inactive
By insound
Oct 23, 2012
Topic Status:
Not open for further replies.
  1. Hey guys, I'm trying to fix my friends computer up, but I'm not sure if it's worked or not, could one of you take a look at the logs for me please?

    Avast picked up a trojan at svchost.exe, I think it's probably from some dodgy download.

    I've done all the scans, I'll post them in the replies in a few moments.

    Thanks very much, I really appreciate what you guys do, you do a lot of good for people.
  2. insound

    insound Newcomer, in training Topic Starter Posts: 21

    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.10.23.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Main PC :: MAINPC-PC [administrator]

    Protection: Enabled

    10/23/2012 2:08:53 PM
    mbam-log-2012-10-23 (14-08-53).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 243107
    Time elapsed: 7 minute(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\$Recycle.Bin\S-1-5-21-2531639372-1648162139-2993820186-1001\$R4IINAG.exe (Trojan.Agent.ck) -> Quarantined and deleted successfully.

    (end)
  3. insound

    insound Newcomer, in training Topic Starter Posts: 21

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-10-23 15:21:25
    Windows 6.1.7601 Service Pack 1
    Running: zh9j9v7n.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@E:\Vuze Downloads\WinZip\xae 15 Pro\winzip150.exe 1

    ---- EOF - GMER 1.0.15 ----
  4. insound

    insound Newcomer, in training Topic Starter Posts: 21

    DDS (Ver_2012-10-19.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421
    Run by Main PC at 15:22:58 on 2012-10-23
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.1868 [GMT 1:00]
    .
    AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: ZoneAlarm Anti-Spyware *Disabled/Outdated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
    FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files (x86)\Vtune\TBPANEL.exe
    C:\Windows\System32\StikyNot.exe
    E:\Steam\Steam.exe
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\GIZMO2\GIZMO.exe
    C:\Users\Main PC\AppData\Local\GIZMO2\Data\deck\basic\basic.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    uRun: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe /A
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    uRun: [Steam] "E:\Steam\steam.exe" -silent
    uRun: [AdobeBridge] <no file>
    mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [GIZMO2] "C:\Program Files (x86)\GIZMO2\GIZMO.exe" -BootProcess
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{D319FBCA-9F26-4E41-894D-EBF1BAFE26CE} : DHCPNameServer = 192.168.2.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    x64-Run: [ISW] <no file>
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Main PC\AppData\Roaming\Mozilla\Firefox\Profiles\ecckv26j.default\
    FF - prefs.js: browser.startup.homepage - www.google.co.uk
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    FF - ExtSQL: 2012-09-05 16:31; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
    FF - ExtSQL: 2012-09-13 21:39; web2pdfextension@web2pdf.adobedotcom; C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF - ExtSQL: 2012-09-13 22:00; {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}; C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-13 55856]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-3-25 969200]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-3-25 359464]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-3-25 283200]
    R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2012-9-5 11864]
    R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-9-23 65192]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-3-25 25232]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-3-25 71600]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-9-4 44808]
    R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-7-14 33712]
    R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-7-14 827560]
    R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-23 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-23 676936]
    R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-25 2348352]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
    R3 LVUVC64;Logitech QuickCam E3500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-23 25928]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-3-25 188224]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-1-11 1290752]
    R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-1-24 18216]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-28 250808]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-3-29 1431888]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-3-28 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 115168]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-3-30 59392]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-29 1255736]
    .
    =============== File Associations ===============
    .
    FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe","%1"
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2012-10-23 13:17:46 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BE1FA09D-E592-4CFB-B56E-18F57FCDF42E}\mpengine.dll
    2012-10-23 13:08:17 -------- d-----w- C:\Users\Main PC\AppData\Roaming\Malwarebytes
    2012-10-23 13:08:07 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-10-23 13:08:06 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-10-23 13:08:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-20 19:52:29 -------- d-----w- C:\Users\Main PC\AppData\Local\{1CC3BFFA-75E0-4EBC-A503-685B25FA54A3}
    2012-10-17 23:57:45 -------- d-----w- C:\Users\Main PC\AppData\Local\{FBFBEF21-3770-4DB7-9C2A-97E5F458A698}
    2012-10-10 17:47:43 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2012-10-05 23:54:12 15112 ----a-w- C:\Users\Main PC\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
    2012-10-05 23:48:53 -------- d-----w- C:\Windows\SysWow64\xlive
    2012-10-05 23:48:52 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    2012-10-01 20:42:08 -------- d-----w- C:\Program Files (x86)\DAVID-LASERSCANNER3
    2012-09-29 23:30:01 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-09-29 23:29:58 -------- d-----w- C:\Users\Main PC\AppData\Local\PunkBuster
    2012-09-29 22:55:06 -------- d-----w- C:\Users\Main PC\AppData\Local\CrashRpt
    2012-09-29 22:53:35 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-09-29 22:53:35 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-09-29 22:53:33 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-09-29 22:53:25 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls
    2012-09-26 09:45:32 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
    2012-09-25 20:43:15 -------- d-----w- C:\Users\Main PC\AppData\Local\{4A8A25B3-0130-4E39-9B07-70D692113BF4}
    2012-09-24 21:02:44 -------- d-----w- C:\Users\Main PC\AppData\Roaming\Dwarfs
    2012-09-24 21:01:00 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
    2012-09-23 19:43:40 208008 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2012-09-23 19:43:40 208008 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2012-10-08 20:53:06 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-08 20:53:06 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
    2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-21 09:13:13 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-08-21 09:13:12 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-08-21 09:13:12 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-08-21 09:12:33 41224 ----a-w- C:\Windows\avastSS.scr
    2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
    2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    .
    ============= FINISH: 15:23:33.84 ===============
  5. insound

    insound Newcomer, in training Topic Starter Posts: 21

    And do I need to post the one that says -
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    I don't like disobeying orders if they are in capital letters!

    Tell me if you need it.

    Anyway, how does it look?
  6. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================

    Disregard DDS internal note.
    Our instructions say to paste all logs including Attach.txt, so provide that.

    You're running two AV programs, Avast and ZoneAlarm.
    You must uninstall one of them.

    Next...

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    =================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =========================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  7. insound

    insound Newcomer, in training Topic Starter Posts: 21

    Thanks man, I've see you helping a lot of people out on here, I appreciate it. I'll send you a couple of quid on Paypal to have a drink on me.
  8. insound

    insound Newcomer, in training Topic Starter Posts: 21

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-19.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/25/2012 6:17:16 PM
    System Uptime: 10/23/2012 2:20:32 PM (1 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4N68T-M-LE-V2
    Processor: AMD Phenom(tm) II X2 555 Processor | AM3 | 3200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 52.288 GiB free.
    D: is CDROM (UDF)
    E: is FIXED (NTFS) - 466 GiB total, 67.046 GiB free.
    F: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP115: 10/1/2012 2:55:12 AM - Windows Update
    RP116: 10/5/2012 8:38:44 PM - Windows Update
    RP117: 10/6/2012 12:45:57 AM - Installed DirectX
    RP118: 10/6/2012 12:48:54 AM - Installed DirectX
    RP119: 10/6/2012 12:55:06 AM - Installed Microsoft Games for Windows - LIVE Redistributable
    RP120: 10/6/2012 10:04:21 PM - Installed DirectX
    RP121: 10/9/2012 2:26:47 PM - Windows Update
    RP122: 10/11/2012 3:00:26 AM - Windows Update
    RP123: 10/16/2012 11:20:57 AM - Windows Update
    RP124: 10/19/2012 1:20:33 PM - Windows Update
    RP125: 10/23/2012 2:16:45 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Community Help
    Adobe Content Viewer
    Adobe Creative Suite 5.5 Master Collection
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Photoshop CS4
    Adobe Photoshop Elements 10
    Adobe Photoshop.com Inspiration Browser
    Adobe Reader XI
    Adobe Setup
    Adobe Story
    Adobe Widget Browser
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Aspire 3.0
    Autodesk 123D Catch
    Autodesk 3ds Max 2012 64-bit - English
    Autodesk Backburner 2012.0.0
    Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit
    Autodesk Material Library 2012
    Autodesk Material Library Base Resolution Image Library 2012
    Autodesk Material Library Medium Resolution Image Library 2012
    avast! Free Antivirus
    Bonjour
    Compatibility Pack for the 2007 Office system
    Composite 2012 64-bit
    Cool & Quiet
    Counter-Strike
    Cut2D 1.1
    Cut3D 1.025
    D3DX10
    DAEMON Tools Lite
    Darkest Hour Server
    Darkest Hour: Europe '44-'45
    Darksiders
    Darwinia
    DAVID-LASERSCANNER 3.4.0.3008
    Day of Defeat
    Deathmatch Classic
    DEFCON
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Deus Ex: Game of the Year Edition
    Deus Ex: Human Revolution
    Deus Ex: Human Revolution - The Missing Link
    Deus Ex: Invisible War
    Dwarfs!?
    Elements 10 Organizer
    Empire: Total War
    Freemake Video Converter version 3.0.2
    GIZMO
    Half-Life
    Half-Life: Blue Shift
    Half-Life: Opposing Force
    HandBrake 0.9.6
    Hitman 2: Silent Assassin
    Hitman: Blood Money
    Hitman: Codename 47
    Homefront
    iTunes
    Junk Mail filter update
    Just Cause 2
    Killing Floor
    Killing Floor Mod: Defence Alliance 2
    Killing Floor SDK
    Lara Croft and the Guardian of Light
    Logitech Vid HD
    Logitech Webcam Software
    Mach3 Mach3VersionR1.83.027
    Malwarebytes Anti-Malware version 1.65.1.1000
    Mare Nostrum
    Medieval II: Total War
    Medieval II: Total War Kingdoms
    Messenger Companion
    Metro 2033
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Office Word Viewer 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Xbox 360 Accessories 1.2
    Microsoft XNA Framework Redistributable 3.1
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    Microsoft_VC90_MFCLOC_x86
    Microsoft_VC90_MFCLOC_x86_x64
    Mozilla Firefox 15.0 (x86 en-US)
    Mozilla Firefox 16.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    Multiwinia
    Napoleon: Total War
    Nexuiz
    NVIDIA 3D Vision Controller Driver 296.10
    NVIDIA 3D Vision Driver 296.10
    NVIDIA Control Panel 296.10
    NVIDIA Drivers
    NVIDIA Graphics Driver 296.10
    NVIDIA HD Audio Driver 1.3.12.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0213
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.7.11
    NVIDIA Update Components
    Pazera Free MP4 to AVI Converter 1.6
    PDF Settings CS5
    Pepakura Designer 3
    Pepakura Viewer 3
    PhotoVCarve 1.1
    Platform
    PSE10 STI Installer
    Psychonauts
    PunkBuster Services
    PxMergeModule
    Quantum Conundrum
    QuickTime
    Red Orchestra 2 SDK
    Red Orchestra 2: Heroes of Stalingrad
    Red Orchestra 2: Heroes of Stalingrad Beta
    Red Orchestra: Ostfront 41-45
    Ricochet
    RollerCoaster Tycoon 2
    RollerCoaster Tycoon 2: Time Twister
    RollerCoaster Tycoon 2: Wacky Worlds
    Rome: Total War - Alexander
    Rome: Total War Gold Edition
    Saints Row: The Third
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Skype™ 5.10
    Steam
    Team Fortress Classic
    TEncoder version 17
    The Ball
    The Binding of Isaac
    Thief 2
    Thief Gold
    Thief: Deadly Shadows
    Tomb Raider: Anniversary
    Tomb Raider: Legend
    Tomb Raider: Underworld
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553092)
    Uplink
    VCarve Pro 6.0
    VIA Platform Device Manager
    Vtune 7.16
    Vuze
    Vuze Remote Toolbar
    Warhammer 40,000 Space Marine
    Warhammer® 40,000™: Dawn of War® II - Chaos Rising™
    Warhammer® 40,000™: Dawn of War® II – Retribution™
    Winamp
    Winamp Detector Plug-in
    Windows Installer Clean Up
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinZip 15.0
    XviD4PSP 5.10.271.0
    ZoneAlarm Antivirus
    ZoneAlarm Firewall
    ZoneAlarm Free Antivirus + Firewall
    ZoneAlarm LTD Toolbar
    ZoneAlarm Security
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/21/2012 1:39:11 AM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress.
    10/19/2012 1:21:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.139.124.0).
    .
    ==== End Of File ===========================
  9. insound

    insound Newcomer, in training Topic Starter Posts: 21

    17:39:58.0517 5420 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    17:39:58.0724 5420 ============================================================
    17:39:58.0724 5420 Current date / time: 2012/10/23 17:39:58.0724
    17:39:58.0724 5420 SystemInfo:
    17:39:58.0724 5420
    17:39:58.0724 5420 OS Version: 6.1.7601 ServicePack: 1.0
    17:39:58.0724 5420 Product type: Workstation
    17:39:58.0725 5420 ComputerName: MAINPC-PC
    17:39:58.0725 5420 UserName: Main PC
    17:39:58.0725 5420 Windows directory: C:\Windows
    17:39:58.0725 5420 System windows directory: C:\Windows
    17:39:58.0725 5420 Running under WOW64
    17:39:58.0725 5420 Processor architecture: Intel x64
    17:39:58.0725 5420 Number of processors: 2
    17:39:58.0725 5420 Page size: 0x1000
    17:39:58.0725 5420 Boot type: Normal boot
    17:39:58.0725 5420 ============================================================
    17:40:00.0223 5420 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
    17:40:00.0233 5420 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:40:00.0237 5420 ============================================================
    17:40:00.0237 5420 \Device\Harddisk0\DR0:
    17:40:00.0237 5420 MBR partitions:
    17:40:00.0237 5420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    17:40:00.0237 5420 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
    17:40:00.0237 5420 \Device\Harddisk1\DR1:
    17:40:00.0237 5420 MBR partitions:
    17:40:00.0237 5420 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
    17:40:00.0237 5420 ============================================================
    17:40:00.0259 5420 C: <-> \Device\Harddisk0\DR0\Partition2
    17:40:00.0276 5420 E: <-> \Device\Harddisk1\DR1\Partition1
    17:40:00.0276 5420 ============================================================
    17:40:00.0276 5420 Initialize success
    17:40:00.0276 5420 ============================================================
    17:40:04.0958 3692 ============================================================
    17:40:04.0958 3692 Scan started
    17:40:04.0958 3692 Mode: Manual;
    17:40:04.0958 3692 ============================================================
    17:40:07.0308 3692 ================ Scan system memory ========================
    17:40:07.0308 3692 System memory - ok
    17:40:07.0309 3692 ================ Scan services =============================
    17:40:07.0628 3692 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    17:40:07.0633 3692 1394ohci - ok
    17:40:07.0708 3692 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    17:40:07.0716 3692 ACPI - ok
    17:40:07.0770 3692 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    17:40:07.0771 3692 AcpiPmi - ok
    17:40:07.0848 3692 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
    17:40:07.0851 3692 adfs - ok
    17:40:08.0046 3692 [ C245E08EC469A52A622EFDC9787A0DCC ] AdobeActiveFileMonitor10.0 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    17:40:08.0051 3692 AdobeActiveFileMonitor10.0 - ok
    17:40:08.0207 3692 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    17:40:08.0211 3692 AdobeARMservice - ok
    17:40:08.0388 3692 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    17:40:08.0393 3692 AdobeFlashPlayerUpdateSvc - ok
    17:40:08.0464 3692 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    17:40:08.0475 3692 adp94xx - ok
    17:40:08.0526 3692 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    17:40:08.0530 3692 adpahci - ok
    17:40:08.0551 3692 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    17:40:08.0553 3692 adpu320 - ok
    17:40:08.0605 3692 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    17:40:08.0608 3692 AeLookupSvc - ok
    17:40:08.0678 3692 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    17:40:08.0689 3692 AFD - ok
    17:40:08.0733 3692 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    17:40:08.0734 3692 agp440 - ok
    17:40:08.0753 3692 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    17:40:08.0755 3692 ALG - ok
    17:40:08.0813 3692 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    17:40:08.0815 3692 aliide - ok
    17:40:08.0837 3692 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    17:40:08.0839 3692 amdide - ok
    17:40:08.0864 3692 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    17:40:08.0867 3692 AmdK8 - ok
    17:40:08.0903 3692 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    17:40:08.0905 3692 AmdPPM - ok
    17:40:08.0956 3692 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    17:40:08.0959 3692 amdsata - ok
    17:40:08.0999 3692 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    17:40:09.0001 3692 amdsbs - ok
    17:40:09.0025 3692 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    17:40:09.0026 3692 amdxata - ok
    17:40:09.0076 3692 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    17:40:09.0079 3692 AppID - ok
    17:40:09.0125 3692 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    17:40:09.0128 3692 AppIDSvc - ok
    17:40:09.0192 3692 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    17:40:09.0195 3692 Appinfo - ok
    17:40:09.0287 3692 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    17:40:09.0291 3692 Apple Mobile Device - ok
    17:40:09.0317 3692 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    17:40:09.0320 3692 arc - ok
    17:40:09.0331 3692 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    17:40:09.0334 3692 arcsas - ok
    17:40:09.0457 3692 [ 68726474C69B738EAC3A62E06B33ADDC ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
    17:40:09.0460 3692 AsIO - ok
    17:40:09.0655 3692 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    17:40:09.0658 3692 aspnet_state - ok
    17:40:09.0722 3692 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
    17:40:09.0723 3692 aswFsBlk - ok
    17:40:09.0782 3692 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    17:40:09.0785 3692 aswMonFlt - ok
    17:40:09.0808 3692 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
    17:40:09.0810 3692 aswRdr - ok
    17:40:09.0886 3692 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    17:40:09.0905 3692 aswSnx - ok
    17:40:09.0932 3692 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
    17:40:09.0935 3692 aswSP - ok
    17:40:09.0953 3692 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
    17:40:09.0954 3692 aswTdi - ok
    17:40:09.0974 3692 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    17:40:09.0975 3692 AsyncMac - ok
    17:40:10.0024 3692 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    17:40:10.0025 3692 atapi - ok
    17:40:10.0098 3692 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    17:40:10.0113 3692 AudioEndpointBuilder - ok
    17:40:10.0146 3692 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    17:40:10.0158 3692 AudioSrv - ok
    17:40:10.0315 3692 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    17:40:10.0317 3692 avast! Antivirus - ok
    17:40:10.0387 3692 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    17:40:10.0392 3692 AxInstSV - ok
    17:40:10.0434 3692 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    17:40:10.0445 3692 b06bdrv - ok
    17:40:10.0472 3692 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:40:10.0478 3692 b57nd60a - ok
    17:40:10.0522 3692 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    17:40:10.0524 3692 BDESVC - ok
    17:40:10.0542 3692 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    17:40:10.0543 3692 Beep - ok
    17:40:10.0639 3692 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    17:40:10.0654 3692 BFE - ok
    17:40:10.0681 3692 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    17:40:10.0693 3692 BITS - ok
    17:40:10.0715 3692 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    17:40:10.0716 3692 blbdrive - ok
    17:40:10.0784 3692 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    17:40:10.0795 3692 Bonjour Service - ok
    17:40:10.0850 3692 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    17:40:10.0852 3692 bowser - ok
    17:40:10.0883 3692 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    17:40:10.0886 3692 BrFiltLo - ok
    17:40:10.0910 3692 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    17:40:10.0912 3692 BrFiltUp - ok
    17:40:10.0965 3692 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    17:40:10.0970 3692 Browser - ok
    17:40:11.0014 3692 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    17:40:11.0021 3692 Brserid - ok
    17:40:11.0032 3692 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    17:40:11.0035 3692 BrSerWdm - ok
    17:40:11.0055 3692 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:40:11.0056 3692 BrUsbMdm - ok
    17:40:11.0078 3692 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    17:40:11.0079 3692 BrUsbSer - ok
    17:40:11.0101 3692 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    17:40:11.0102 3692 BTHMODEM - ok
    17:40:11.0171 3692 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    17:40:11.0175 3692 bthserv - ok
    17:40:11.0247 3692 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    17:40:11.0277 3692 cdfs - ok
    17:40:11.0350 3692 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    17:40:11.0354 3692 cdrom - ok
    17:40:11.0401 3692 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    17:40:11.0405 3692 CertPropSvc - ok
    17:40:11.0445 3692 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    17:40:11.0448 3692 circlass - ok
    17:40:11.0504 3692 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    17:40:11.0513 3692 CLFS - ok
    17:40:11.0611 3692 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:40:11.0615 3692 clr_optimization_v2.0.50727_32 - ok
    17:40:11.0695 3692 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    17:40:11.0699 3692 clr_optimization_v2.0.50727_64 - ok
    17:40:11.0831 3692 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    17:40:11.0836 3692 clr_optimization_v4.0.30319_32 - ok
    17:40:11.0858 3692 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    17:40:11.0863 3692 clr_optimization_v4.0.30319_64 - ok
    17:40:11.0886 3692 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    17:40:11.0889 3692 CmBatt - ok
    17:40:11.0912 3692 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    17:40:11.0914 3692 cmdide - ok
    17:40:11.0977 3692 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    17:40:11.0987 3692 CNG - ok
    17:40:12.0011 3692 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    17:40:12.0012 3692 Compbatt - ok
    17:40:12.0072 3692 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    17:40:12.0074 3692 CompositeBus - ok
    17:40:12.0083 3692 COMSysApp - ok
    17:40:12.0134 3692 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    17:40:12.0136 3692 crcdisk - ok
    17:40:12.0212 3692 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    17:40:12.0218 3692 CryptSvc - ok
    17:40:12.0300 3692 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    17:40:12.0318 3692 DcomLaunch - ok
    17:40:12.0386 3692 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    17:40:12.0395 3692 defragsvc - ok
    17:40:12.0479 3692 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    17:40:12.0481 3692 DfsC - ok
    17:40:12.0543 3692 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    17:40:12.0552 3692 Dhcp - ok
    17:40:12.0574 3692 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    17:40:12.0577 3692 discache - ok
    17:40:12.0603 3692 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    17:40:12.0606 3692 Disk - ok
    17:40:12.0666 3692 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    17:40:12.0673 3692 Dnscache - ok
    17:40:12.0739 3692 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    17:40:12.0747 3692 dot3svc - ok
    17:40:12.0803 3692 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    17:40:12.0810 3692 DPS - ok
    17:40:12.0872 3692 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    17:40:12.0874 3692 drmkaud - ok
    17:40:12.0946 3692 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    17:40:12.0953 3692 dtsoftbus01 - ok
    17:40:13.0031 3692 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    17:40:13.0051 3692 DXGKrnl - ok
    17:40:13.0097 3692 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    17:40:13.0103 3692 EapHost - ok
    17:40:13.0240 3692 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    17:40:13.0306 3692 ebdrv - ok
    17:40:13.0347 3692 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    17:40:13.0350 3692 EFS - ok
    17:40:13.0432 3692 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    17:40:13.0448 3692 ehRecvr - ok
    17:40:13.0505 3692 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    17:40:13.0509 3692 ehSched - ok
    17:40:13.0570 3692 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    17:40:13.0582 3692 elxstor - ok
    17:40:13.0629 3692 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    17:40:13.0632 3692 ErrDev - ok
    17:40:13.0682 3692 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    17:40:13.0694 3692 EventSystem - ok
    17:40:13.0724 3692 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    17:40:13.0730 3692 exfat - ok
    17:40:13.0764 3692 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    17:40:13.0767 3692 fastfat - ok
    17:40:13.0833 3692 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    17:40:13.0851 3692 Fax - ok
    17:40:13.0860 3692 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    17:40:13.0863 3692 fdc - ok
    17:40:13.0931 3692 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    17:40:13.0935 3692 fdPHost - ok
    17:40:13.0953 3692 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    17:40:13.0958 3692 FDResPub - ok
    17:40:13.0970 3692 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    17:40:13.0972 3692 FileInfo - ok
    17:40:13.0997 3692 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    17:40:13.0998 3692 Filetrace - ok
    17:40:14.0127 3692 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    17:40:14.0168 3692 FLEXnet Licensing Service 64 - ok
    17:40:14.0172 3692 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    17:40:14.0174 3692 flpydisk - ok
    17:40:14.0253 3692 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    17:40:14.0260 3692 FltMgr - ok
    17:40:14.0347 3692 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    17:40:14.0384 3692 FontCache - ok
    17:40:14.0468 3692 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    17:40:14.0471 3692 FontCache3.0.0.0 - ok
    17:40:14.0505 3692 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    17:40:14.0509 3692 FsDepends - ok
    17:40:14.0560 3692 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
    17:40:14.0563 3692 fssfltr - ok
    17:40:14.0751 3692 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    17:40:14.0788 3692 fsssvc - ok
    17:40:14.0811 3692 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    17:40:14.0813 3692 Fs_Rec - ok
    17:40:14.0902 3692 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    17:40:14.0907 3692 fvevol - ok
    17:40:14.0946 3692 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    17:40:14.0949 3692 gagp30kx - ok
    17:40:15.0019 3692 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    17:40:15.0021 3692 GEARAspiWDM - ok
    17:40:15.0098 3692 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    17:40:15.0117 3692 gpsvc - ok
    17:40:15.0127 3692 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    17:40:15.0128 3692 hcw85cir - ok
    17:40:15.0191 3692 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    17:40:15.0199 3692 HdAudAddService - ok
    17:40:15.0260 3692 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    17:40:15.0264 3692 HDAudBus - ok
    17:40:15.0273 3692 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    17:40:15.0276 3692 HidBatt - ok
    17:40:15.0301 3692 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    17:40:15.0303 3692 HidBth - ok
    17:40:15.0307 3692 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    17:40:15.0309 3692 HidIr - ok
    17:40:15.0352 3692 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    17:40:15.0355 3692 hidserv - ok
    17:40:15.0373 3692 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    17:40:15.0374 3692 HidUsb - ok
    17:40:15.0423 3692 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    17:40:15.0426 3692 hkmsvc - ok
    17:40:15.0476 3692 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    17:40:15.0481 3692 HomeGroupListener - ok
    17:40:15.0528 3692 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    17:40:15.0540 3692 HomeGroupProvider - ok
    17:40:15.0582 3692 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    17:40:15.0585 3692 HpSAMD - ok
    17:40:15.0663 3692 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    17:40:15.0680 3692 HTTP - ok
    17:40:15.0745 3692 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    17:40:15.0747 3692 hwpolicy - ok
    17:40:15.0823 3692 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    17:40:15.0826 3692 i8042prt - ok
    17:40:15.0882 3692 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    17:40:15.0891 3692 iaStorV - ok
    17:40:15.0957 3692 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    17:40:15.0976 3692 idsvc - ok
    17:40:16.0023 3692 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    17:40:16.0025 3692 iirsp - ok
    17:40:16.0096 3692 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    17:40:16.0117 3692 IKEEXT - ok
    17:40:16.0172 3692 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    17:40:16.0173 3692 intelide - ok
    17:40:16.0190 3692 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    17:40:16.0191 3692 intelppm - ok
    17:40:16.0267 3692 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    17:40:16.0274 3692 IPBusEnum - ok
    17:40:16.0325 3692 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:40:16.0326 3692 IpFilterDriver - ok
    17:40:16.0384 3692 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    17:40:16.0400 3692 iphlpsvc - ok
    17:40:16.0452 3692 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    17:40:16.0454 3692 IPMIDRV - ok
    17:40:16.0482 3692 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    17:40:16.0487 3692 IPNAT - ok
    17:40:16.0558 3692 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    17:40:16.0571 3692 iPod Service - ok
    17:40:16.0579 3692 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    17:40:16.0580 3692 IRENUM - ok
    17:40:16.0595 3692 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    17:40:16.0596 3692 isapnp - ok
    17:40:16.0633 3692 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    17:40:16.0636 3692 iScsiPrt - ok
    17:40:16.0706 3692 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    17:40:16.0708 3692 kbdclass - ok
    17:40:16.0759 3692 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    17:40:16.0761 3692 kbdhid - ok
    17:40:16.0791 3692 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    17:40:16.0797 3692 KeyIso - ok
    17:40:16.0854 3692 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    17:40:16.0857 3692 KSecDD - ok
    17:40:16.0912 3692 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    17:40:16.0916 3692 KSecPkg - ok
    17:40:16.0936 3692 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    17:40:16.0939 3692 ksthunk - ok
    17:40:16.0992 3692 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    17:40:17.0006 3692 KtmRm - ok
    17:40:17.0036 3692 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    17:40:17.0042 3692 LanmanServer - ok
    17:40:17.0094 3692 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    17:40:17.0107 3692 LanmanWorkstation - ok
    17:40:17.0135 3692 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    17:40:17.0138 3692 lltdio - ok
    17:40:17.0184 3692 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    17:40:17.0189 3692 lltdsvc - ok
    17:40:17.0208 3692 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    17:40:17.0211 3692 lmhosts - ok
    17:40:17.0237 3692 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    17:40:17.0238 3692 LSI_FC - ok
    17:40:17.0250 3692 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    17:40:17.0251 3692 LSI_SAS - ok
    17:40:17.0267 3692 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    17:40:17.0268 3692 LSI_SAS2 - ok
    17:40:17.0283 3692 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    17:40:17.0284 3692 LSI_SCSI - ok
    17:40:17.0307 3692 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    17:40:17.0309 3692 luafv - ok
    17:40:17.0377 3692 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
    17:40:17.0379 3692 LVPr2M64 - ok
    17:40:17.0402 3692 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
    17:40:17.0404 3692 LVPr2Mon - ok
    17:40:17.0494 3692 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    17:40:17.0526 3692 LVPrcS64 - ok
    17:40:17.0844 3692 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
    17:40:17.0973 3692 LVUVC64 - ok
    17:40:18.0049 3692 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    17:40:18.0051 3692 MBAMProtector - ok
    17:40:18.0134 3692 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    17:40:18.0143 3692 MBAMScheduler - ok
    17:40:18.0209 3692 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    17:40:18.0223 3692 MBAMService - ok
    17:40:18.0270 3692 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    17:40:18.0277 3692 Mcx2Svc - ok
    17:40:18.0306 3692 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    17:40:18.0309 3692 megasas - ok
    17:40:18.0337 3692 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    17:40:18.0340 3692 MegaSR - ok
    17:40:18.0489 3692 [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2012_64 C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
    17:40:18.0493 3692 mi-raysat_3dsmax2012_64 - ok
    17:40:18.0626 3692 Microsoft SharePoint Workspace Audit Service - ok
    17:40:18.0702 3692 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
  10. insound

    insound Newcomer, in training Topic Starter Posts: 21

    17:40:18.0709 3692 MMCSS - ok
    17:40:18.0734 3692 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    17:40:18.0736 3692 Modem - ok
    17:40:18.0803 3692 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    17:40:18.0805 3692 monitor - ok
    17:40:18.0872 3692 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    17:40:18.0875 3692 mouclass - ok
    17:40:18.0902 3692 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    17:40:18.0904 3692 mouhid - ok
    17:40:18.0961 3692 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    17:40:18.0964 3692 mountmgr - ok
    17:40:19.0051 3692 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    17:40:19.0055 3692 MozillaMaintenance - ok
    17:40:19.0108 3692 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    17:40:19.0113 3692 mpio - ok
    17:40:19.0138 3692 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    17:40:19.0142 3692 mpsdrv - ok
    17:40:19.0208 3692 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    17:40:19.0238 3692 MpsSvc - ok
    17:40:19.0300 3692 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    17:40:19.0343 3692 MRxDAV - ok
    17:40:19.0408 3692 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:40:19.0412 3692 mrxsmb - ok
    17:40:19.0430 3692 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:40:19.0436 3692 mrxsmb10 - ok
    17:40:19.0497 3692 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:40:19.0501 3692 mrxsmb20 - ok
    17:40:19.0558 3692 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    17:40:19.0560 3692 msahci - ok
    17:40:19.0614 3692 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    17:40:19.0618 3692 msdsm - ok
    17:40:19.0662 3692 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    17:40:19.0671 3692 MSDTC - ok
    17:40:19.0710 3692 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    17:40:19.0711 3692 Msfs - ok
    17:40:19.0730 3692 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    17:40:19.0731 3692 mshidkmdf - ok
    17:40:19.0780 3692 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    17:40:19.0782 3692 msisadrv - ok
    17:40:19.0840 3692 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    17:40:19.0848 3692 MSiSCSI - ok
    17:40:19.0857 3692 msiserver - ok
    17:40:19.0891 3692 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    17:40:19.0892 3692 MSKSSRV - ok
    17:40:19.0925 3692 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    17:40:19.0926 3692 MSPCLOCK - ok
    17:40:19.0947 3692 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    17:40:19.0948 3692 MSPQM - ok
    17:40:20.0002 3692 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    17:40:20.0010 3692 MsRPC - ok
    17:40:20.0029 3692 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    17:40:20.0031 3692 mssmbios - ok
    17:40:20.0055 3692 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    17:40:20.0056 3692 MSTEE - ok
    17:40:20.0071 3692 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    17:40:20.0072 3692 MTConfig - ok
    17:40:20.0145 3692 [ 2219A3D695405E7BA2186BA6B9EDE14A ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
    17:40:20.0146 3692 MTsensor - ok
    17:40:20.0177 3692 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    17:40:20.0179 3692 Mup - ok
    17:40:20.0246 3692 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    17:40:20.0263 3692 napagent - ok
    17:40:20.0302 3692 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    17:40:20.0307 3692 NativeWifiP - ok
    17:40:20.0384 3692 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    17:40:20.0404 3692 NDIS - ok
    17:40:20.0410 3692 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    17:40:20.0413 3692 NdisCap - ok
    17:40:20.0436 3692 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    17:40:20.0438 3692 NdisTapi - ok
    17:40:20.0487 3692 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    17:40:20.0489 3692 Ndisuio - ok
    17:40:20.0534 3692 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    17:40:20.0539 3692 NdisWan - ok
    17:40:20.0594 3692 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    17:40:20.0597 3692 NDProxy - ok
    17:40:20.0606 3692 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    17:40:20.0609 3692 NetBIOS - ok
    17:40:20.0669 3692 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    17:40:20.0675 3692 NetBT - ok
    17:40:20.0691 3692 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    17:40:20.0697 3692 Netlogon - ok
    17:40:20.0758 3692 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    17:40:20.0764 3692 Netman - ok
    17:40:20.0814 3692 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:40:20.0820 3692 NetMsmqActivator - ok
    17:40:20.0844 3692 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:40:20.0847 3692 NetPipeActivator - ok
    17:40:20.0866 3692 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    17:40:20.0881 3692 netprofm - ok
    17:40:20.0889 3692 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:40:20.0890 3692 NetTcpActivator - ok
    17:40:20.0894 3692 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:40:20.0896 3692 NetTcpPortSharing - ok
    17:40:20.0945 3692 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    17:40:20.0946 3692 nfrd960 - ok
    17:40:21.0003 3692 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    17:40:21.0016 3692 NlaSvc - ok
    17:40:21.0033 3692 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    17:40:21.0036 3692 Npfs - ok
    17:40:21.0088 3692 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    17:40:21.0091 3692 nsi - ok
    17:40:21.0107 3692 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    17:40:21.0108 3692 nsiproxy - ok
    17:40:21.0191 3692 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    17:40:21.0241 3692 Ntfs - ok
    17:40:21.0249 3692 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    17:40:21.0250 3692 Null - ok
    17:40:21.0300 3692 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
    17:40:21.0305 3692 NVENETFD - ok
    17:40:21.0377 3692 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    17:40:21.0383 3692 NVHDA - ok
    17:40:21.0707 3692 [ 0EB204639119370F5F8F2871FBF4E14B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    17:40:21.0961 3692 nvlddmkm - ok
    17:40:22.0034 3692 [ 0AD267A4674805B61A5D7B911D2A978A ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
    17:40:22.0042 3692 NVNET - ok
    17:40:22.0095 3692 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    17:40:22.0100 3692 nvraid - ok
    17:40:22.0151 3692 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    17:40:22.0155 3692 nvstor - ok
    17:40:22.0226 3692 [ 32FF8EE6DCEE5C0CB91FF892FB1CA364 ] nvsvc C:\Windows\system32\nvvsvc.exe
    17:40:22.0253 3692 nvsvc - ok
    17:40:22.0373 3692 [ BD012DC22C78BE1071BC21EB125D782F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    17:40:22.0416 3692 nvUpdatusService - ok
    17:40:22.0439 3692 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    17:40:22.0440 3692 nv_agp - ok
    17:40:22.0488 3692 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    17:40:22.0491 3692 ohci1394 - ok
    17:40:22.0633 3692 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    17:40:22.0638 3692 ose - ok
    17:40:22.0821 3692 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    17:40:22.0847 3692 osppsvc - ok
    17:40:22.0905 3692 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    17:40:22.0918 3692 p2pimsvc - ok
    17:40:22.0980 3692 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    17:40:22.0997 3692 p2psvc - ok
    17:40:23.0059 3692 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    17:40:23.0064 3692 Parport - ok
    17:40:23.0108 3692 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    17:40:23.0111 3692 partmgr - ok
    17:40:23.0132 3692 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    17:40:23.0140 3692 PcaSvc - ok
    17:40:23.0192 3692 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    17:40:23.0194 3692 pci - ok
    17:40:23.0236 3692 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    17:40:23.0238 3692 pciide - ok
    17:40:23.0276 3692 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    17:40:23.0282 3692 pcmcia - ok
    17:40:23.0294 3692 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    17:40:23.0297 3692 pcw - ok
    17:40:23.0333 3692 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    17:40:23.0341 3692 PEAUTH - ok
    17:40:23.0464 3692 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    17:40:23.0471 3692 PerfHost - ok
    17:40:23.0567 3692 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    17:40:23.0617 3692 pla - ok
    17:40:23.0691 3692 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    17:40:23.0708 3692 PlugPlay - ok
    17:40:23.0732 3692 PnkBstrA - ok
    17:40:23.0753 3692 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    17:40:23.0762 3692 PNRPAutoReg - ok
    17:40:23.0790 3692 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    17:40:23.0795 3692 PNRPsvc - ok
    17:40:23.0842 3692 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    17:40:23.0856 3692 PolicyAgent - ok
    17:40:23.0902 3692 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    17:40:23.0908 3692 Power - ok
    17:40:23.0978 3692 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    17:40:23.0981 3692 PptpMiniport - ok
    17:40:24.0016 3692 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    17:40:24.0019 3692 Processor - ok
    17:40:24.0071 3692 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    17:40:24.0083 3692 ProfSvc - ok
    17:40:24.0099 3692 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    17:40:24.0102 3692 ProtectedStorage - ok
    17:40:24.0164 3692 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    17:40:24.0168 3692 Psched - ok
    17:40:24.0236 3692 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    17:40:24.0239 3692 PxHlpa64 - ok
    17:40:24.0308 3692 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    17:40:24.0360 3692 ql2300 - ok
    17:40:24.0390 3692 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    17:40:24.0392 3692 ql40xx - ok
    17:40:24.0441 3692 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    17:40:24.0453 3692 QWAVE - ok
    17:40:24.0470 3692 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    17:40:24.0473 3692 QWAVEdrv - ok
    17:40:24.0500 3692 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    17:40:24.0502 3692 RasAcd - ok
    17:40:24.0550 3692 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:40:24.0553 3692 RasAgileVpn - ok
    17:40:24.0573 3692 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    17:40:24.0583 3692 RasAuto - ok
    17:40:24.0643 3692 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:40:24.0647 3692 Rasl2tp - ok
    17:40:24.0696 3692 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    17:40:24.0711 3692 RasMan - ok
    17:40:24.0736 3692 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    17:40:24.0738 3692 RasPppoe - ok
    17:40:24.0779 3692 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    17:40:24.0781 3692 RasSstp - ok
    17:40:24.0835 3692 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    17:40:24.0843 3692 rdbss - ok
    17:40:24.0867 3692 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    17:40:24.0871 3692 rdpbus - ok
    17:40:24.0899 3692 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:40:24.0902 3692 RDPCDD - ok
    17:40:24.0923 3692 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    17:40:24.0925 3692 RDPENCDD - ok
    17:40:24.0944 3692 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    17:40:24.0945 3692 RDPREFMP - ok
    17:40:25.0000 3692 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    17:40:25.0005 3692 RDPWD - ok
    17:40:25.0060 3692 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    17:40:25.0066 3692 rdyboost - ok
    17:40:25.0122 3692 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    17:40:25.0130 3692 RemoteAccess - ok
    17:40:25.0185 3692 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    17:40:25.0196 3692 RemoteRegistry - ok
    17:40:25.0231 3692 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    17:40:25.0235 3692 RpcEptMapper - ok
    17:40:25.0264 3692 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    17:40:25.0267 3692 RpcLocator - ok
    17:40:25.0316 3692 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    17:40:25.0322 3692 RpcSs - ok
    17:40:25.0336 3692 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    17:40:25.0338 3692 rspndr - ok
    17:40:25.0342 3692 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    17:40:25.0345 3692 SamSs - ok
    17:40:25.0392 3692 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    17:40:25.0395 3692 sbp2port - ok
    17:40:25.0423 3692 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    17:40:25.0435 3692 SCardSvr - ok
    17:40:25.0490 3692 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    17:40:25.0493 3692 scfilter - ok
    17:40:25.0565 3692 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    17:40:25.0599 3692 Schedule - ok
    17:40:25.0644 3692 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    17:40:25.0645 3692 SCPolicySvc - ok
    17:40:25.0706 3692 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    17:40:25.0718 3692 SDRSVC - ok
    17:40:25.0776 3692 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    17:40:25.0778 3692 secdrv - ok
    17:40:25.0831 3692 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    17:40:25.0840 3692 seclogon - ok
    17:40:25.0859 3692 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    17:40:25.0868 3692 SENS - ok
    17:40:25.0885 3692 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    17:40:25.0889 3692 SensrSvc - ok
    17:40:25.0919 3692 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    17:40:25.0920 3692 Serenum - ok
    17:40:25.0931 3692 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    17:40:25.0933 3692 Serial - ok
    17:40:25.0951 3692 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    17:40:25.0952 3692 sermouse - ok
    17:40:26.0000 3692 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    17:40:26.0004 3692 SessionEnv - ok
    17:40:26.0045 3692 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    17:40:26.0046 3692 sffdisk - ok
    17:40:26.0078 3692 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    17:40:26.0080 3692 sffp_mmc - ok
    17:40:26.0089 3692 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    17:40:26.0091 3692 sffp_sd - ok
    17:40:26.0150 3692 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    17:40:26.0153 3692 sfloppy - ok
    17:40:26.0217 3692 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    17:40:26.0229 3692 SharedAccess - ok
    17:40:26.0299 3692 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    17:40:26.0315 3692 ShellHWDetection - ok
    17:40:26.0344 3692 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    17:40:26.0345 3692 SiSRaid2 - ok
    17:40:26.0362 3692 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    17:40:26.0363 3692 SiSRaid4 - ok
    17:40:26.0441 3692 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    17:40:26.0445 3692 SkypeUpdate - ok
    17:40:26.0467 3692 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    17:40:26.0472 3692 Smb - ok
    17:40:26.0507 3692 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    17:40:26.0511 3692 SNMPTRAP - ok
    17:40:26.0528 3692 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    17:40:26.0529 3692 spldr - ok
    17:40:26.0583 3692 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    17:40:26.0592 3692 Spooler - ok
    17:40:26.0715 3692 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    17:40:26.0804 3692 sppsvc - ok
    17:40:26.0814 3692 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    17:40:26.0818 3692 sppuinotify - ok
    17:40:26.0878 3692 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    17:40:26.0888 3692 srv - ok
    17:40:26.0947 3692 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    17:40:26.0956 3692 srv2 - ok
    17:40:27.0018 3692 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    17:40:27.0023 3692 srvnet - ok
    17:40:27.0051 3692 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    17:40:27.0064 3692 SSDPSRV - ok
    17:40:27.0081 3692 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    17:40:27.0085 3692 SstpSvc - ok
    17:40:27.0117 3692 Steam Client Service - ok
    17:40:27.0256 3692 [ FC0A58529A02B1EED55DDC58696B7908 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    17:40:27.0265 3692 Stereo Service - ok
    17:40:27.0320 3692 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    17:40:27.0323 3692 stexstor - ok
    17:40:27.0452 3692 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    17:40:27.0473 3692 stisvc - ok
    17:40:27.0525 3692 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    17:40:27.0528 3692 swenum - ok
    17:40:27.0691 3692 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    17:40:27.0699 3692 SwitchBoard - ok
    17:40:27.0737 3692 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    17:40:27.0746 3692 swprv - ok
    17:40:27.0847 3692 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    17:40:27.0884 3692 SysMain - ok
    17:40:27.0961 3692 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    17:40:27.0972 3692 TabletInputService - ok
    17:40:28.0032 3692 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    17:40:28.0048 3692 TapiSrv - ok
    17:40:28.0071 3692 TBPanel - ok
    17:40:28.0091 3692 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    17:40:28.0095 3692 TBS - ok
    17:40:28.0189 3692 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    17:40:28.0252 3692 Tcpip - ok
    17:40:28.0307 3692 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    17:40:28.0318 3692 TCPIP6 - ok
    17:40:28.0378 3692 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    17:40:28.0380 3692 tcpipreg - ok
    17:40:28.0428 3692 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    17:40:28.0431 3692 TDPIPE - ok
    17:40:28.0488 3692 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    17:40:28.0490 3692 TDTCP - ok
    17:40:28.0547 3692 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    17:40:28.0550 3692 tdx - ok
    17:40:28.0604 3692 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    17:40:28.0607 3692 TermDD - ok
    17:40:28.0677 3692 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    17:40:28.0693 3692 TermService - ok
    17:40:28.0703 3692 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    17:40:28.0708 3692 Themes - ok
    17:40:28.0758 3692 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    17:40:28.0765 3692 THREADORDER - ok
    17:40:28.0788 3692 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    17:40:28.0799 3692 TrkWks - ok
    17:40:28.0895 3692 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    17:40:28.0901 3692 TrustedInstaller - ok
    17:40:28.0963 3692 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:40:28.0966 3692 tssecsrv - ok
    17:40:29.0038 3692 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    17:40:29.0041 3692 TsUsbFlt - ok
    17:40:29.0126 3692 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    17:40:29.0129 3692 tunnel - ok
    17:40:29.0153 3692 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    17:40:29.0156 3692 uagp35 - ok
    17:40:29.0213 3692 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    17:40:29.0221 3692 udfs - ok
    17:40:29.0253 3692 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    17:40:29.0260 3692 UI0Detect - ok
    17:40:29.0277 3692 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    17:40:29.0278 3692 uliagpkx - ok
    17:40:29.0337 3692 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    17:40:29.0340 3692 umbus - ok
    17:40:29.0370 3692 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    17:40:29.0372 3692 UmPass - ok
    17:40:29.0412 3692 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    17:40:29.0428 3692 upnphost - ok
    17:40:29.0490 3692 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    17:40:29.0493 3692 usbaudio - ok
    17:40:29.0554 3692 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    17:40:29.0557 3692 usbccgp - ok
    17:40:29.0609 3692 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    17:40:29.0612 3692 usbcir - ok
    17:40:29.0622 3692 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    17:40:29.0626 3692 usbehci - ok
    17:40:29.0655 3692 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    17:40:29.0661 3692 usbhub - ok
    17:40:29.0665 3692 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    17:40:29.0667 3692 usbohci - ok
    17:40:29.0720 3692 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    17:40:29.0723 3692 usbprint - ok
    17:40:29.0758 3692 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
    17:40:29.0761 3692 USBSTOR - ok
    17:40:29.0804 3692 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    17:40:29.0806 3692 usbuhci - ok
    17:40:29.0862 3692 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    17:40:29.0867 3692 usbvideo - ok
    17:40:29.0897 3692 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    17:40:29.0901 3692 UxSms - ok
    17:40:29.0907 3692 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    17:40:29.0909 3692 VaultSvc - ok
    17:40:29.0918 3692 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    17:40:29.0919 3692 vdrvroot - ok
    17:40:29.0984 3692 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    17:40:30.0005 3692 vds - ok
    17:40:30.0067 3692 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    17:40:30.0070 3692 vga - ok
    17:40:30.0104 3692 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    17:40:30.0105 3692 VgaSave - ok
    17:40:30.0137 3692 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    17:40:30.0139 3692 vhdmp - ok
    17:40:30.0260 3692 [ 712BFD5DAC2668FBA4A2435FB06C3D00 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
    17:40:30.0298 3692 VIAHdAudAddService - ok
    17:40:30.0353 3692 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    17:40:30.0354 3692 viaide - ok
    17:40:30.0372 3692 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    17:40:30.0376 3692 volmgr - ok
    17:40:30.0443 3692 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    17:40:30.0451 3692 volmgrx - ok
    17:40:30.0485 3692 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    17:40:30.0492 3692 volsnap - ok
    17:40:30.0546 3692 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    17:40:30.0551 3692 vsmraid - ok
    17:40:30.0646 3692 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    17:40:30.0695 3692 VSS - ok
    17:40:30.0712 3692 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    17:40:30.0713 3692 vwifibus - ok
    17:40:30.0765 3692 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    17:40:30.0782 3692 W32Time - ok
    17:40:30.0861 3692 [ 37E4600E2CDAD3C1A3613A25B97D457C ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
    17:40:30.0864 3692 wacmoumonitor - ok
    17:40:30.0893 3692 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    17:40:30.0896 3692 WacomPen - ok
    17:40:30.0943 3692 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    17:40:30.0946 3692 WANARP - ok
    17:40:30.0961 3692 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    17:40:30.0964 3692 Wanarpv6 - ok
    17:40:31.0057 3692 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    17:40:31.0088 3692 WatAdminSvc - ok
    17:40:31.0184 3692 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    17:40:31.0247 3692 wbengine - ok
    17:40:31.0304 3692 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    17:40:31.0318 3692 WbioSrvc - ok
    17:40:31.0382 3692 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    17:40:31.0399 3692 wcncsvc - ok
    17:40:31.0424 3692 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    17:40:31.0429 3692 WcsPlugInService - ok
    17:40:31.0446 3692 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    17:40:31.0447 3692 Wd - ok
    17:40:31.0473 3692 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    17:40:31.0480 3692 Wdf01000 - ok
    17:40:31.0499 3692 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    17:40:31.0504 3692 WdiServiceHost - ok
    17:40:31.0508 3692 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    17:40:31.0513 3692 WdiSystemHost - ok
    17:40:31.0560 3692 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    17:40:31.0567 3692 WebClient - ok
    17:40:31.0580 3692 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    17:40:31.0587 3692 Wecsvc - ok
    17:40:31.0642 3692 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    17:40:31.0653 3692 wercplsupport - ok
    17:40:31.0682 3692 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    17:40:31.0690 3692 WerSvc - ok
    17:40:31.0708 3692 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    17:40:31.0710 3692 WfpLwf - ok
    17:40:31.0730 3692 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    17:40:31.0731 3692 WIMMount - ok
    17:40:31.0753 3692 WinDefend - ok
    17:40:31.0762 3692 WinHttpAutoProxySvc - ok
    17:40:31.0858 3692 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    17:40:31.0865 3692 Winmgmt - ok
    17:40:31.0972 3692 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    17:40:32.0047 3692 WinRM - ok
    17:40:32.0119 3692 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    17:40:32.0122 3692 WinUsb - ok
    17:40:32.0188 3692 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    17:40:32.0218 3692 Wlansvc - ok
    17:40:32.0405 3692 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    17:40:32.0468 3692 wlidsvc - ok
    17:40:32.0512 3692 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    17:40:32.0513 3692 WmiAcpi - ok
    17:40:32.0570 3692 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    17:40:32.0577 3692 wmiApSrv - ok
    17:40:32.0600 3692 WMPNetworkSvc - ok
    17:40:32.0617 3692 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    17:40:32.0621 3692 WPCSvc - ok
    17:40:32.0667 3692 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    17:40:32.0672 3692 WPDBusEnum - ok
    17:40:32.0714 3692 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    17:40:32.0717 3692 ws2ifsl - ok
    17:40:32.0738 3692 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    17:40:32.0743 3692 wscsvc - ok
    17:40:32.0746 3692 WSearch - ok
    17:40:32.0857 3692 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    17:40:32.0914 3692 wuauserv - ok
    17:40:32.0931 3692 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    17:40:32.0932 3692 WudfPf - ok
    17:40:32.0972 3692 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:40:32.0974 3692 WUDFRd - ok
    17:40:33.0022 3692 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    17:40:33.0034 3692 wudfsvc - ok
    17:40:33.0095 3692 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    17:40:33.0110 3692 WwanSvc - ok
    17:40:33.0167 3692 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
    17:40:33.0171 3692 xusb21 - ok
    17:40:33.0179 3692 ================ Scan global ===============================
    17:40:33.0221 3692 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    17:40:33.0277 3692 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    17:40:33.0300 3692 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    17:40:33.0353 3692 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    17:40:33.0407 3692 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    17:40:33.0422 3692 [Global] - ok
    17:40:33.0425 3692 ================ Scan MBR ==================================
    17:40:33.0439 3692 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    17:40:33.0639 3692 \Device\Harddisk0\DR0 - ok
    17:40:33.0658 3692 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
    17:40:33.0667 3692 \Device\Harddisk1\DR1 - ok
    17:40:33.0668 3692 ================ Scan VBR ==================================
    17:40:33.0687 3692 [ 220B1D0E83D8BE24F888591B880ED6C0 ] \Device\Harddisk0\DR0\Partition1
    17:40:33.0688 3692 \Device\Harddisk0\DR0\Partition1 - ok
    17:40:33.0695 3692 [ 86FE6FF5D631D9621B1ECAEA1BBA885C ] \Device\Harddisk0\DR0\Partition2
    17:40:33.0697 3692 \Device\Harddisk0\DR0\Partition2 - ok
    17:40:33.0702 3692 [ 4E50DBB99E915D31D2D80F0C56E50CB2 ] \Device\Harddisk1\DR1\Partition1
    17:40:33.0703 3692 \Device\Harddisk1\DR1\Partition1 - ok
    17:40:33.0704 3692 ============================================================
    17:40:33.0704 3692 Scan finished
    17:40:33.0704 3692 ============================================================
    17:40:33.0714 2588 Detected object count: 0
    17:40:33.0714 2588 Actual detected object count: 0
  11. insound

    insound Newcomer, in training Topic Starter Posts: 21

    RogueKiller V8.2.0 [10/22/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Main PC [Admin rights]
    Mode : Remove -- Date : 10/23/2012 17:43:12

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] basic.exe -- C:\Users\Main PC\AppData\Local\GIZMO2\Data\deck\basic\basic.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
    127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
    127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
    127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
    127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
    127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD50 00AADS-00S9B SCSI Disk Device +++++
    --- User ---
    [MBR] 62630ffe0dbf5876cd31c2c21ed16574
    [BSP] d5947cc14c3a35bb704d0035acbf4998 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive1: WDC WD50 00AAKS-00A7B SCSI Disk Device +++++
    --- User ---
    [MBR] f105f7daebc229befb789593adfcb0e6
    [BSP] 252f2d1edd170138117d560f5f43b20c : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  12. insound

    insound Newcomer, in training Topic Starter Posts: 21

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-23 17:44:35
    -----------------------------
    17:44:35.543 OS Version: Windows x64 6.1.7601 Service Pack 1
    17:44:35.543 Number of processors: 2 586 0x403
    17:44:35.543 ComputerName: MAINPC-PC UserName: Main PC
    17:44:36.989 Initialize success
    17:44:38.477 AVAST engine defs: 12102300
    17:44:50.708 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
    17:44:50.723 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
    17:44:50.723 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000063
    17:44:50.723 Disk 1 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
    17:44:50.755 Disk 0 MBR read successfully
    17:44:50.755 Disk 0 MBR scan
    17:44:50.755 Disk 0 Windows 7 default MBR code
    17:44:50.755 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    17:44:50.770 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
    17:44:50.786 Disk 0 scanning C:\Windows\system32\drivers
    17:45:04.222 Service scanning
    17:45:29.524 Modules scanning
    17:45:29.540 Disk 0 trace - called modules:
    17:45:29.587 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
    17:45:29.602 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048ed790]
    17:45:29.618 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa8003a9e590]
    17:45:29.618 5 ACPI.sys[fffff88000f8e7a1] -> nt!IofCallDriver -> \Device\00000062[0xfffffa8003a95060]
    17:45:30.335 AVAST engine scan C:\Windows
    17:45:32.207 AVAST engine scan C:\Windows\system32
    17:48:10.464 AVAST engine scan C:\Windows\system32\drivers
    17:48:23.646 AVAST engine scan C:\Users\Main PC
    17:59:37.316 AVAST engine scan C:\ProgramData
    18:03:30.338 Scan finished successfully
    18:06:40.862 Disk 0 MBR has been saved successfully to "C:\Users\Main PC\Desktop\MBR.dat"
    18:06:40.862 The log file has been saved successfully to "C:\Users\Main PC\Desktop\aswMBR.txt"
  13. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  14. insound

    insound Newcomer, in training Topic Starter Posts: 21

    ComboFix 12-10-23.01 - Main PC 10/23/2012 18:23:11.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.1611 [GMT 1:00]
    Running from: c:\users\Main PC\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
    FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: ZoneAlarm Anti-Spyware *Disabled/Outdated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    E:\install.exe
    c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
    c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_nvsvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-23 to 2012-10-23 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-23 13:17 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE1FA09D-E592-4CFB-B56E-18F57FCDF42E}\mpengine.dll
    2012-10-23 13:08 . 2012-10-23 13:08 -------- d-----w- c:\users\Main PC\AppData\Roaming\Malwarebytes
    2012-10-23 13:08 . 2012-10-23 13:08 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-23 13:08 . 2012-10-23 13:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-23 13:08 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-05 23:48 . 2012-10-05 23:48 -------- d-----w- c:\windows\SysWow64\xlive
    2012-10-05 23:48 . 2012-10-05 23:49 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
    2012-10-01 20:42 . 2012-10-01 21:48 -------- d-----w- c:\program files (x86)\DAVID-LASERSCANNER3
    2012-09-29 23:30 . 2012-10-09 20:38 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-09-29 23:29 . 2012-09-29 23:29 -------- d-----w- c:\users\Main PC\AppData\Local\PunkBuster
    2012-09-29 22:55 . 2012-09-29 22:55 -------- d-----w- c:\users\Main PC\AppData\Local\CrashRpt
    2012-09-29 22:53 . 2012-10-09 20:38 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-09-29 22:53 . 2012-10-09 20:35 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-09-29 22:53 . 2012-09-30 16:48 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-09-29 22:53 . 2012-09-29 22:53 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls
    2012-09-26 09:45 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-09-24 21:02 . 2012-09-25 12:14 -------- d-----w- c:\users\Main PC\AppData\Roaming\Dwarfs
    2012-09-24 21:01 . 2012-09-24 21:01 -------- d-----w- c:\program files (x86)\Microsoft XNA
    2012-09-23 19:43 . 2012-09-23 19:43 208008 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-11 02:04 . 2012-05-08 11:28 65309168 ----a-w- c:\windows\system32\MRT.exe
    2012-10-08 20:53 . 2012-03-28 16:43 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-08 20:53 . 2012-03-25 18:20 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-13 19:40 . 2012-09-13 19:40 3584 ----a-r- c:\users\Main PC\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
    2012-08-24 11:15 . 2012-09-22 22:33 17810944 ----a-w- c:\windows\system32\mshtml.dll
    2012-08-24 10:39 . 2012-09-22 22:33 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-08-24 10:31 . 2012-09-22 22:33 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 10:22 . 2012-09-22 22:33 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-08-24 10:21 . 2012-09-22 22:33 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 10:20 . 2012-09-22 22:33 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-24 10:18 . 2012-09-22 22:33 237056 ----a-w- c:\windows\system32\url.dll
    2012-08-24 10:17 . 2012-09-22 22:33 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-08-24 10:14 . 2012-09-22 22:33 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 10:14 . 2012-09-22 22:33 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-08-24 10:13 . 2012-09-22 22:33 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 10:12 . 2012-09-22 22:33 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-08-24 10:11 . 2012-09-22 22:33 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-08-24 10:10 . 2012-09-22 22:33 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-08-24 10:09 . 2012-09-22 22:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-24 10:04 . 2012-09-22 22:33 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-08-24 06:59 . 2012-09-22 22:33 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-08-24 06:51 . 2012-09-22 22:33 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-08-24 06:51 . 2012-09-22 22:33 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47 . 2012-09-22 22:33 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47 . 2012-09-22 22:33 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-08-24 06:43 . 2012-09-22 22:33 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-08-22 18:12 . 2012-09-12 10:08 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 10:08 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-12 10:08 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 10:08 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 09:13 . 2012-03-25 18:49 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-08-21 09:13 . 2012-03-25 18:49 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-08-21 09:13 . 2012-03-25 18:49 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-08-21 09:13 . 2012-03-25 18:49 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-08-21 09:13 . 2012-03-25 18:49 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-08-21 09:13 . 2012-03-25 18:49 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-08-21 09:12 . 2012-03-25 18:47 41224 ----a-w- c:\windows\avastSS.scr
    2012-08-21 09:12 . 2012-03-25 18:47 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-08-21 09:12 . 2012-03-25 18:49 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-08-20 17:38 . 2012-10-10 17:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-08-02 17:58 . 2012-09-12 10:08 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-08-02 16:57 . 2012-09-12 10:08 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2010-12-23 2236416]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
    "Steam"="e:\steam\steam.exe" [2012-08-21 1353080]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-02-10 2770432]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
    "GIZMO2"="c:\program files (x86)\GIZMO2\GIZMO.exe" [2011-01-21 137048]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-09-03 1431888]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-12 115168]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-29 1255736]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-25 283200]
    S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
    S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
    S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-22 86016]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
    S3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-01-11 1290752]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 18216]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 20:53]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\Main PC\AppData\Roaming\Mozilla\Firefox\Profiles\ecckv26j.default\
    FF - prefs.js: browser.startup.homepage - www.google.co.uk
    FF - ExtSQL: 2012-09-05 16:31; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
    FF - ExtSQL: 2012-09-13 21:39; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF - ExtSQL: 2012-09-13 22:00; {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}; c:\program files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKLM-Run-ZoneAlarm Installer - c:\program files (x86)\CheckPoint\Install\Launcher.exe
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    AddRemove-Steam App 10 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 113200 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 130 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 1500 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 1510 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 1520 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 20 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 200010 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 30 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 3830 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 40 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 4780 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 50 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 60 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 6980 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 70 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 8000 - c:\program files (x86)\Steam\steam.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2531639372-1648162139-2993820186-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-2531639372-1648162139-2993820186-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\01B115A1CF11BAC4C9848646F190FC00\2103A79158C83DF4BA66E97C1ED39BE2]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="Setup.exe"
    "ComponentVersion"="1.1.0.5790"
    "ProductVersion"="1.1.0"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\25E1F06034CBD4D4D9DA91E700CD5D9C\2103A79158C83DF4BA66E97C1ED39BE2]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="adobecp.dll"
    "ComponentVersion"="1.1.0.5"
    "ProductVersion"="1.1.0"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\90A2D107EB418F542933C10EDE00329A\2103A79158C83DF4BA66E97C1ED39BE2]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="AdobeAIR.dll"
    "ComponentVersion"="1.1.0.5790"
    "ProductVersion"="1.1.0"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\98D0EE5F5CB32574E9BB35B330E68A90\2103A79158C83DF4BA66E97C1ED39BE2]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="air.exe"
    "ComponentVersion"="1.1.0.5790"
    "ProductVersion"="1.1.0"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\9EB9F2B71F1DD4E4A90FDA80F570B333\2103A79158C83DF4BA66E97C1ED39BE2]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="airappinstaller.exe"
    "ComponentVersion"="1.1.0.5580"
    "ProductVersion"="1.1.0"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\FC8775A70DB513942842346B032C2437\2103A79158C83DF4BA66E97C1ED39BE2]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="NPSWF32.dll"
    "ComponentVersion"="9.0.124.0"
    "ProductVersion"="1.1.0"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\04\02\03\0d,\0b?"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-23 18:41:07 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-23 17:41
    .
    Pre-Run: 64,423,706,624 bytes free
    Post-Run: 68,790,263,808 bytes free
    .
    - - End Of File - - 85A6AD1B114241C4C63882A8E444A3FA
  15. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Looks good.

    Any current issues?

    ========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  16. insound

    insound Newcomer, in training Topic Starter Posts: 21

    No, it was just that one warning, and everything looks like it is working alright. It's just good to get these things checked out, I'm a bit over my head with malware and the like.

    So it all looks fine? That's good.

    I'm going to paypal you a little donation for your time. Thanks a lot mate.
  17. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Very well.

    Go ahead with OTL.
  18. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Still with me?
     
  19. insound

    insound Newcomer, in training Topic Starter Posts: 21

    I'm so sorry! I misread your post. When you said "looks good, any current issues?" I assumed we were all good to go, I didn't realise there was more to do. I hate those people who get what they need then abandon thread, so I assure you it was just my mistake!

    Anyway

    OTL logfile created on: 10/29/2012 3:09:49 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Main PC\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 57.61% Memory free
    8.00 Gb Paging File | 6.08 Gb Available in Paging File | 76.02% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 60.59 Gb Free Space | 13.01% Space Free | Partition Type: NTFS
    Drive D: | 1.41 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive E: | 465.76 Gb Total Space | 87.61 Gb Free Space | 18.81% Space Free | Partition Type: NTFS

    Computer Name: MAINPC-PC | User Name: Main PC | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/29 15:09:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Main PC\Downloads\OTL.exe
    PRC - [2012/10/25 12:30:25 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2012/09/30 16:48:39 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/08/21 14:47:33 | 001,353,080 | ---- | M] (Valve Corporation) -- E:\Steam\Steam.exe
    PRC - [2012/08/21 09:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/08/21 09:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/06/28 15:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
    PRC - [2012/03/01 00:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012/02/29 12:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/09/01 01:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    PRC - [2011/02/22 20:52:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
    PRC - [2011/01/21 11:00:24 | 000,137,048 | ---- | M] (ants Inc.) -- C:\Program Files (x86)\GIZMO2\GIZMO.exe
    PRC - [2011/01/21 11:00:24 | 000,137,048 | ---- | M] (ants Inc.) -- C:\Users\Main PC\AppData\Local\GIZMO2\Data\deck\basic\basic.exe
    PRC - [2010/12/23 09:42:02 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
    PRC - [2010/10/25 14:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    PRC - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    PRC - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    PRC - [2009/10/07 00:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/10/25 12:30:22 | 020,317,008 | ---- | M] () -- E:\Steam\bin\libcef.dll
    MOD - [2012/10/25 12:30:20 | 001,099,616 | ---- | M] () -- E:\Steam\bin\avcodec-53.dll
    MOD - [2012/10/25 12:30:20 | 000,902,480 | ---- | M] () -- E:\Steam\bin\chromehtml.dll
    MOD - [2012/10/25 12:30:20 | 000,190,816 | ---- | M] () -- E:\Steam\bin\avformat-53.dll
    MOD - [2012/10/25 12:30:20 | 000,123,232 | ---- | M] () -- E:\Steam\bin\avutil-51.dll
    MOD - [2012/10/08 20:53:06 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/01/20 19:14:52 | 000,871,424 | ---- | M] () -- C:\Program Files (x86)\GIZMO2\js32.dll
    MOD - [2010/12/23 09:42:02 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
    MOD - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    MOD - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    MOD - [1998/10/31 03:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBMANAGE.DLL


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/03 21:40:04 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2012/08/21 09:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2011/02/22 20:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
    SRV:64bit: - [2009/10/07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
    SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/10/26 21:53:58 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/25 12:30:25 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/10/08 20:53:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/30 16:48:39 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/03/01 00:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/02/29 12:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011/09/01 01:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/08/21 09:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/08/21 09:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/08/21 09:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/08/21 09:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/08/21 09:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/08/21 09:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/03/25 19:43:07 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/17 12:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/08/12 11:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
    DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010/01/24 21:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
    DRV:64bit: - [2010/01/11 17:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV:64bit: - [2009/10/07 07:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
    DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
    DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
    DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 20:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/14 08:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
    DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2531639372-1648162139-2993820186-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2531639372-1648162139-2993820186-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 6F 96 88 AB 0A CD 01 [binary data]
    IE - HKU\S-1-5-21-2531639372-1648162139-2993820186-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2531639372-1648162139-2993820186-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2531639372-1648162139-2993820186-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2531639372-1648162139-2993820186-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2531639372-1648162139-2993820186-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
    FF - prefs.js..extensions.enabledAddons: en-GB@dictionaries.addons.mozilla.org:1.19.1
    FF - prefs.js..extensions.enabledAddons: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
    FF - prefs.js..extensions.enabledAddons: donottrackplus@abine.com:2.2.1.829
    FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
    FF - prefs.js..extensions.enabledAddons: nishan.naseer.googimagesearch@gmail.com:0.5
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/03 23:40:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/09/13 20:39:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/09/13 21:00:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 21:53:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/26 21:53:53 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 21:53:59 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/26 21:53:53 | 000,000,000 | ---D | M]

    [2012/03/25 17:22:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Main PC\AppData\Roaming\Mozilla\Extensions
    [2012/10/26 11:42:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Main PC\AppData\Roaming\Mozilla\Firefox\Profiles\ecckv26j.default\extensions
    [2012/08/31 14:45:29 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\Main PC\AppData\Roaming\Mozilla\Firefox\Profiles\ecckv26j.default\extensions\donottrackplus@abine.com
    [2012/06/01 13:21:23 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Main PC\AppData\Roaming\Mozilla\Firefox\Profiles\ecckv26j.default\extensions\en-GB@dictionaries.addons.mozilla.org
    [2012/07/15 13:28:38 | 000,401,328 | ---- | M] () (No name found) -- C:\Users\Main PC\AppData\Roaming\Mozilla\Firefox\Profiles\ecckv26j.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
    [2012/09/25 23:11:49 | 000,004,287 | ---- | M] () (No name found) -- C:\Users\Main PC\AppData\Roaming\Mozilla\Firefox\Profiles\ecckv26j.default\extensions\nishan.naseer.googimagesearch@gmail.com.xpi
    [2012/03/25 18:44:34 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\Main PC\AppData\Roaming\Mozilla\Firefox\Profiles\ecckv26j.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
    [2012/10/26 11:42:58 | 000,530,068 | ---- | M] () (No name found) -- C:\Users\Main PC\AppData\Roaming\Mozilla\Firefox\Profiles\ecckv26j.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2012/07/24 21:15:10 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Main PC\AppData\Roaming\Mozilla\Firefox\Profiles\ecckv26j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012/08/29 20:56:22 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\Main PC\AppData\Roaming\Mozilla\Firefox\Profiles\ecckv26j.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js
    [2012/10/26 21:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/09/03 23:40:41 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2012/10/26 21:53:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/06/28 15:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
    [2012/08/30 22:22:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/10/12 17:49:10 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/10/23 17:35:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-2531639372-1648162139-2993820186-1001\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [GIZMO2] C:\Program Files (x86)\GIZMO2\GIZMO.exe (ants Inc.)
    O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
    O4 - HKU\S-1-5-21-2531639372-1648162139-2993820186-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-2531639372-1648162139-2993820186-1001..\Run: [Steam] E:\Steam\steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-21-2531639372-1648162139-2993820186-1001..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
    O4 - HKU\S-1-5-21-2531639372-1648162139-2993820186-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2531639372-1648162139-2993820186-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2531639372-1648162139-2993820186-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2531639372-1648162139-2993820186-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-2531639372-1648162139-2993820186-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D319FBCA-9F26-4E41-894D-EBF1BAFE26CE}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/26 21:53:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/10/24 23:50:50 | 000,000,000 | ---D | C] -- C:\Users\Main PC\AppData\Local\{F78E1A12-408B-4E98-B13C-B3963B308619}
    [2012/10/23 20:06:42 | 000,000,000 | ---D | C] -- C:\Users\Main PC\AppData\Local\{A85765E5-698B-4142-866A-E0C2AEFDF227}
    [2012/10/23 17:35:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/10/23 17:21:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/23 17:21:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/23 17:21:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/23 17:21:47 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/10/23 17:21:09 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/23 17:20:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/23 13:08:17 | 000,000,000 | ---D | C] -- C:\Users\Main PC\AppData\Roaming\Malwarebytes
    [2012/10/23 13:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/23 13:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/23 13:08:06 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/10/23 13:08:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/10/20 19:52:29 | 000,000,000 | ---D | C] -- C:\Users\Main PC\AppData\Local\{1CC3BFFA-75E0-4EBC-A503-685B25FA54A3}
    [2012/10/18 14:34:29 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/10/17 23:57:45 | 000,000,000 | ---D | C] -- C:\Users\Main PC\AppData\Local\{FBFBEF21-3770-4DB7-9C2A-97E5F458A698}
    [2012/10/05 23:49:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
    [2012/10/05 23:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
    [2012/10/05 23:48:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
    [2012/10/05 23:48:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    [2012/10/01 20:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAVID-LASERSCANNER 3
    [2012/10/01 20:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAVID-LASERSCANNER3
    [2012/09/29 23:29:58 | 000,000,000 | ---D | C] -- C:\Users\Main PC\AppData\Local\PunkBuster
    [2012/09/29 22:55:06 | 000,000,000 | ---D | C] -- C:\Users\Main PC\AppData\Local\CrashRpt
    [2012/09/29 22:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/29 14:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/10/29 11:04:43 | 000,010,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/29 11:04:43 | 000,010,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/29 11:02:45 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/29 11:02:45 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/29 11:02:45 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/29 10:56:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/29 10:56:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
    [2012/10/29 10:56:02 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/27 14:27:59 | 000,001,456 | ---- | M] () -- C:\Users\Main PC\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2012/10/27 01:17:53 | 000,048,691 | ---- | M] () -- C:\Users\Main PC\Desktop\tumblr_m2sdizjpwv1r0lfe2o1_1280.jpg
    [2012/10/27 01:13:53 | 000,101,320 | ---- | M] () -- C:\Users\Main PC\Desktop\tumblr_m7iy6ajAeb1rbi2zoo1_500.jpg
    [2012/10/27 01:13:02 | 000,335,562 | ---- | M] () -- C:\Users\Main PC\Desktop\tumblr_m7s8e4f6l91r2wgimo1_1280.jpg
    [2012/10/27 01:12:49 | 000,709,717 | ---- | M] () -- C:\Users\Main PC\Desktop\tumblr_m7snod2Ki41ra4ygdo1_500.png
    [2012/10/27 01:10:05 | 000,814,688 | ---- | M] () -- C:\Users\Main PC\Desktop\tumblr_m8g1i2Uz4g1r861hjo1_1280.png
    [2012/10/27 01:07:28 | 000,278,648 | ---- | M] () -- C:\Users\Main PC\Desktop\tumblr_m92uzfv0G21r8e990o1_1280.jpg
    [2012/10/27 01:04:57 | 000,282,955 | ---- | M] () -- C:\Users\Main PC\Desktop\tumblr_m9wwuwLmnr1qftpcmo1_1280.jpg
    [2012/10/27 01:04:45 | 000,496,343 | ---- | M] () -- C:\Users\Main PC\Desktop\tumblr_m9xxi3L8tl1r3nw5eo1_1280.jpg
    [2012/10/27 01:04:26 | 000,111,831 | ---- | M] () -- C:\Users\Main PC\Desktop\tumblr_ma1bchBlwb1rdlqyeo1_500.jpg
    [2012/10/27 01:04:11 | 000,354,220 | ---- | M] () -- C:\Users\Main PC\Desktop\tumblr_m9x9rfEAuk1rn4hkjo1_500.png
    [2012/10/27 01:03:13 | 000,259,946 | ---- | M] () -- C:\Users\Main PC\Desktop\tumblr_maah02lECs1qf7vg3.jpg
    [2012/10/27 01:01:51 | 001,021,879 | ---- | M] () -- C:\Users\Main PC\Desktop\tumblr_m9nqdhNd9d1rn4hkjo1_500.gif
    [2012/10/27 01:00:45 | 001,013,475 | ---- | M] () -- C:\Users\Main PC\Desktop\tumblr_mavhdeQVqp1qgslaao1_500.gif
    [2012/10/26 18:05:16 | 000,141,125 | ---- | M] () -- C:\Users\Main PC\Desktop\IMG_6051.JPG
    [2012/10/26 17:55:23 | 000,037,813 | ---- | M] () -- C:\Users\Main PC\Desktop\Untitled.jpg
    [2012/10/23 19:41:54 | 000,383,250 | R--- | M] () -- C:\Users\Main PC\Desktop\Changes for our client PDF small.pdf
    [2012/10/23 17:35:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/10/18 14:34:37 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
    [2012/10/18 14:31:15 | 000,443,225 | R--- | M] () -- C:\Users\Main PC\Desktop\Joseph Fox document.pdf
    [2012/10/09 20:38:12 | 000,280,792 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2012/10/09 20:38:12 | 000,280,792 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/10/09 20:35:06 | 000,281,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
    [2012/10/03 16:33:40 | 000,047,020 | ---- | M] () -- C:\Users\Main PC\Documents\Partnership_Act_1890.pdf
    [2012/09/30 16:48:39 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012/09/29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/10/27 01:17:53 | 000,048,691 | ---- | C] () -- C:\Users\Main PC\Desktop\tumblr_m2sdizjpwv1r0lfe2o1_1280.jpg
    [2012/10/27 01:13:52 | 000,101,320 | ---- | C] () -- C:\Users\Main PC\Desktop\tumblr_m7iy6ajAeb1rbi2zoo1_500.jpg
    [2012/10/27 01:13:02 | 000,335,562 | ---- | C] () -- C:\Users\Main PC\Desktop\tumblr_m7s8e4f6l91r2wgimo1_1280.jpg
    [2012/10/27 01:12:49 | 000,709,717 | ---- | C] () -- C:\Users\Main PC\Desktop\tumblr_m7snod2Ki41ra4ygdo1_500.png
    [2012/10/27 01:10:05 | 000,814,688 | ---- | C] () -- C:\Users\Main PC\Desktop\tumblr_m8g1i2Uz4g1r861hjo1_1280.png
    [2012/10/27 01:07:28 | 000,278,648 | ---- | C] () -- C:\Users\Main PC\Desktop\tumblr_m92uzfv0G21r8e990o1_1280.jpg
    [2012/10/27 01:04:57 | 000,282,955 | ---- | C] () -- C:\Users\Main PC\Desktop\tumblr_m9wwuwLmnr1qftpcmo1_1280.jpg
    [2012/10/27 01:04:44 | 000,496,343 | ---- | C] () -- C:\Users\Main PC\Desktop\tumblr_m9xxi3L8tl1r3nw5eo1_1280.jpg
    [2012/10/27 01:04:26 | 000,111,831 | ---- | C] () -- C:\Users\Main PC\Desktop\tumblr_ma1bchBlwb1rdlqyeo1_500.jpg
    [2012/10/27 01:04:11 | 000,354,220 | ---- | C] () -- C:\Users\Main PC\Desktop\tumblr_m9x9rfEAuk1rn4hkjo1_500.png
    [2012/10/27 01:03:13 | 000,259,946 | ---- | C] () -- C:\Users\Main PC\Desktop\tumblr_maah02lECs1qf7vg3.jpg
    [2012/10/27 01:01:50 | 001,021,879 | ---- | C] () -- C:\Users\Main PC\Desktop\tumblr_m9nqdhNd9d1rn4hkjo1_500.gif
    [2012/10/27 01:00:42 | 001,013,475 | ---- | C] () -- C:\Users\Main PC\Desktop\tumblr_mavhdeQVqp1qgslaao1_500.gif
    [2012/10/26 18:05:15 | 000,141,125 | ---- | C] () -- C:\Users\Main PC\Desktop\IMG_6051.JPG
    [2012/10/26 17:55:23 | 000,037,813 | ---- | C] () -- C:\Users\Main PC\Desktop\Untitled.jpg
    [2012/10/23 19:41:55 | 000,383,250 | R--- | C] () -- C:\Users\Main PC\Desktop\Changes for our client PDF small.pdf
    [2012/10/23 17:21:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/23 17:21:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/23 17:21:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/23 17:21:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/23 17:21:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/18 14:34:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    [2012/10/18 14:34:37 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
    [2012/10/18 14:31:17 | 000,443,225 | R--- | C] () -- C:\Users\Main PC\Desktop\Joseph Fox document.pdf
    [2012/10/03 16:33:40 | 000,047,020 | ---- | C] () -- C:\Users\Main PC\Documents\Partnership_Act_1890.pdf
    [2012/09/29 23:30:01 | 000,280,792 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2012/09/29 22:53:35 | 000,281,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
    [2012/09/29 22:53:35 | 000,280,792 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/09/29 22:53:33 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012/09/15 12:40:20 | 000,001,456 | ---- | C] () -- C:\Users\Main PC\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2012/09/03 21:33:38 | 000,772,214 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/17 16:09:53 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
    [2012/07/17 16:09:53 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2012/07/17 16:09:48 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
    [2012/07/17 16:09:48 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
    [2012/05/16 20:01:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2012/04/06 19:37:36 | 001,527,650 | ---- | C] () -- C:\Windows\SysWow64\libfftw3f-3.dll
    [2012/04/06 19:37:36 | 001,527,650 | ---- | C] () -- C:\Windows\SysWow64\fftw3.dll
    [2012/04/06 19:37:36 | 000,140,288 | ---- | C] () -- C:\Windows\SysWow64\avsfilter.dll
    [2012/04/06 19:37:36 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\avisynth_c.dll
    [2012/04/06 19:37:36 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\AvsRecursion.dll
    [2012/03/28 14:01:18 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
    [2012/03/25 19:58:20 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2012/02/29 12:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

    ========== ZeroAccess Check ==========

    [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/09/03 21:44:12 | 000,000,000 | ---D | M] -- C:\Users\Main PC\AppData\Roaming\Autodesk
    [2012/04/06 18:23:51 | 000,000,000 | ---D | M] -- C:\Users\Main PC\AppData\Roaming\avidemux
    [2012/10/29 12:55:31 | 000,000,000 | ---D | M] -- C:\Users\Main PC\AppData\Roaming\Azureus
    [2012/09/05 15:31:50 | 000,000,000 | ---D | M] -- C:\Users\Main PC\AppData\Roaming\CheckPoint
    [2012/03/28 13:55:02 | 000,000,000 | ---D | M] -- C:\Users\Main PC\AppData\Roaming\DAEMON Tools Lite
    [2012/09/25 12:14:20 | 000,000,000 | ---D | M] -- C:\Users\Main PC\AppData\Roaming\Dwarfs
    [2012/04/07 12:19:07 | 000,000,000 | ---D | M] -- C:\Users\Main PC\AppData\Roaming\HandBrake
    [2012/03/25 17:31:35 | 000,000,000 | ---D | M] -- C:\Users\Main PC\AppData\Roaming\Leadertech
    [2012/09/13 21:31:11 | 000,000,000 | ---D | M] -- C:\Users\Main PC\AppData\Roaming\PACE Anti-Piracy
    [2012/07/24 03:06:27 | 000,000,000 | ---D | M] -- C:\Users\Main PC\AppData\Roaming\The Creative Assembly
    [2012/04/06 18:41:02 | 000,000,000 | ---D | M] -- C:\Users\Main PC\AppData\Roaming\VC

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 1134 bytes -> C:\Users\Main PC\AppData\Local\lzxDwiC2XxoyU:87jqMGYrks9rUBOt77Z

    < End of report >
  20. insound

    insound Newcomer, in training Topic Starter Posts: 21

    OTL Extras logfile created on: 10/29/2012 3:09:49 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Main PC\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 57.61% Memory free
    8.00 Gb Paging File | 6.08 Gb Available in Paging File | 76.02% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 60.59 Gb Free Space | 13.01% Space Free | Partition Type: NTFS
    Drive D: | 1.41 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive E: | 465.76 Gb Total Space | 87.61 Gb Free Space | 18.81% Space Free | Partition Type: NTFS

    Computer Name: MAINPC-PC | User Name: Main PC | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2531639372-1648162139-2993820186-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{057ACFC6-18BE-48C0-AD62-C7E0C951C76A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{17A05CB1-527A-44BF-A6DE-0E29D40D05F2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1DE6ACA5-1FA1-47E9-AA09-D68A8013B2EC}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{1E797B93-6ACB-497C-A71B-A3603D692FE7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{21DAC582-1270-4162-8234-17CD4E14A0D1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{236A5DD2-F87E-4F0F-8549-AE31A4C3BAA8}" = lport=139 | protocol=6 | dir=in | app=system |
    "{3611823C-3469-492C-8D83-5FDA7D88BFC1}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{3B8B587D-CB59-4D43-9325-C876E63FC519}" = rport=137 | protocol=17 | dir=out | app=system |
    "{459992A4-6E28-465D-A2CE-27D4287392C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{494530C2-B0D2-43CB-B6F7-20F959A312A8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4A87491D-582A-4A49-832A-C90007F3A090}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{56B8FA2A-4D9A-42E0-BC74-90EEB666E44D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{598984DD-20DA-4368-9F30-605E421DDE4B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5BFAD84C-BDC3-4299-98C9-75821F0B0B8A}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
    "{5ECA829F-FD8A-45D8-BD72-0D32CBE21C4A}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{62CAEA14-1FA4-47A3-AB75-CF0221AC205E}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6E55B091-A45B-4D1D-9815-2DB69628A34E}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{6ED2162B-F491-4DF7-9C85-D238CDF7D98A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{783FD172-765F-4C89-B383-505A1F3A6159}" = rport=138 | protocol=17 | dir=out | app=system |
    "{7A0C184C-DD0A-4280-975D-1555B54EF0E5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7E636A69-4900-48A5-9386-29FD8B153518}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{86B04894-4C53-409D-880F-8F286F7D1706}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{8B2573A7-60F1-42AA-BCE5-8C4AB6E7680E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{8DE8C27E-E892-438D-88A5-B9CB1F0C3A43}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{8E1035FD-825B-446E-A0CD-F8D32B175C75}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9A87F361-F397-4164-895D-855DA8CAD320}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9DA70A5B-2D0B-4140-9D31-2EB4A5BCD134}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A2ED7567-C521-49D9-8526-7AFFDD379187}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{A41A9863-99AF-4BB8-B245-5BD23C0022B2}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{A6D29496-3A65-496D-8951-08E5DA9920B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A6E79046-7B5C-4E03-A4CD-3386C54A278A}" = rport=139 | protocol=6 | dir=out | app=system |
    "{A77F4333-15EC-4C17-A341-DC6DB8D6047C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A8C7B56B-EE18-4E11-A203-0CF9D658346C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A9861EB3-0DC7-4F17-8D7B-DD160611C2C9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B9E125AC-5E4C-4DC6-8981-F01A26178588}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C013B5C3-F3CE-4005-BBF3-797A082608EB}" = rport=445 | protocol=6 | dir=out | app=system |
    "{C0CAD51F-9189-453C-B050-03BBFFC0EF03}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{C17C4D72-6DF2-4F83-8E62-E3A1B4D2BE0A}" = lport=445 | protocol=6 | dir=in | app=system |
    "{C2FD9503-9CC2-4E61-8EAD-902FDE7B5018}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C5CF3D0F-B0F6-4345-91AD-2C9415BBA423}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{C6DD7251-895A-4FDD-9AC3-60287A2720AD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D0BD520F-E28E-48A0-91C4-4DC4FBBFAE9C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{D2809348-9341-420A-BA86-754F13965BF9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D93C4FEA-B273-4E76-8B11-1441DC1D38ED}" = lport=137 | protocol=17 | dir=in | app=system |
    "{DE95EFC6-B256-42E3-A2E0-7E4A684C3E0B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{DEB68155-F34E-458B-A019-89B13CAB5FF0}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{E1311FE9-B0E6-4C3B-B559-96241464DF28}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{E731D5E3-36A4-4A21-BE05-D0245296FC54}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 |
    "{F24B30E7-75CC-4CF5-A59B-244332AF5C06}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{F463F830-9F88-4559-883F-B99C943569FF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00552F95-4ADB-4919-A413-95EB24AF97FE}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\rome total war gold\rometw-bi.exe |
    "{010CEA3B-9223-470C-8907-0BF2A355CC3F}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\the binding of isaac\isaac.exe |
    "{0315FC54-BEFF-45A9-B687-A8BC242317F5}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\deus ex\system\deusex.exe |
    "{04753930-4E57-455E-A254-2112EE55B11F}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\tomb raider underworld\tru.exe |
    "{0543697B-AE37-4A34-AE10-1E969CA8A4F0}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{07483160-259E-4F9C-B0FA-88194760BC29}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe |
    "{07520996-E212-4A77-ACD8-854E374A3B79}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{089BB57C-33C0-4D3F-A3A2-08B5EE43D961}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
    "{08D8EE68-BF38-4429-B944-C70ABE9EC5F2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{09B321DA-5B38-4093-B1D7-1258BD35D2BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\insound87\ricochet\hl.exe |
    "{0A99659D-571C-45FB-839B-9154AA2EFE6E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{0BBE8051-CDDA-41EF-9327-1C80A9C1F6B7}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
    "{0BCDA19B-4D11-4110-A11E-E66B82D9912B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{0D542AF1-B237-4756-A7C3-EB7B47C570F4}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{0E29C6B1-0BED-4A01-AA92-A70A5A3D666C}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\tomb raider underworld\tru.exe |
    "{0E8E89DD-209B-405D-9EDE-9AEFBE7DAD8F}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\thief_2\thief2.exe |
    "{10755EF6-230B-49B5-819C-50BE0583A5EC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\insound87\team fortress classic\hl.exe |
    "{110E5E60-BAD4-4B3F-AC15-D272EE7D639F}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\empire total war\empire.exe |
    "{13343115-1BEC-43BE-AA2E-F0C47E52A2AF}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\tomb raider anniversary\tra.exe |
    "{13372C06-2587-4841-B9C3-EC5C90626DA1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{13645978-F0D8-423D-BE55-2C75BF3F7FA6}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\medieval ii total war\launcher.exe |
    "{13C8146D-0EA2-49EB-A660-9A03021C26D0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{15A2E297-2C69-41D4-8AC0-0CD7455EEC39}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\napoleon total war\napoleon.exe |
    "{16AA7E3D-6B1F-4D54-9A37-93F3DBCC217B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider anniversary\tra.exe |
    "{16EE7A8A-E786-474E-B94E-5732CCBA0635}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\thief_2\thief2.exe |
    "{1841C230-9CED-4C91-B47A-F612869EA7A8}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\company of heroes\reliccoh.exe |
    "{18D2E358-F752-47DC-BAD6-A0C20FAFE8B4}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dwarfs\dwarfs.exe |
    "{197C208A-9E56-4451-847A-351AC62535A8}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\multiwinia\multiwinia.exe |
    "{1A15A74E-5B10-44B2-9692-555DFE6E4E39}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dwarfs\dwarfs.exe |
    "{1AE425BB-80C1-49B1-8617-3DE7C0CB00A1}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\rome total war gold\rometw.exe |
    "{1B4C6345-B416-42C8-977F-B2614277801D}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\napoleon total war\napoleon.exe |
    "{1BBEEAC0-9DA9-4E4E-A58E-06C7B0361ABB}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2012\3dsmax.exe |
    "{1C0853C4-096F-4AF2-B03D-C948A2B1D622}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{1C4EBF51-9C86-43B6-9986-1837B2644774}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{1C5D8EEF-DCDA-4626-B6E9-1A2DF9D94A27}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{1C8D6029-A04C-488D-8FC2-D7E340E9092D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\hitman codename 47\setup.exe |
    "{1CE97785-5D50-4404-B313-9F627DBA7D1B}" = protocol=6 | dir=out | app=system |
    "{1E11D2A5-778A-4C98-A4C2-07C2A9C91D2B}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
    "{1EC7A12C-8BC8-45FC-B837-D260326882FA}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe |
    "{1F8FCA7D-A1EC-4B36-82E5-424497A8E96A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{21287F2C-39B0-4ADF-9149-217FBA1DCA64}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{224C8BA2-A4BD-4F72-B1AC-6D55797229E5}" = protocol=17 | dir=in | app=e:\steam\steamapps\insound87\counter-strike\hl.exe |
    "{24D71348-22E6-4711-9E9E-22B9355A77CC}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\darwinia\darwinia.exe |
    "{278FDB2E-CC02-491B-93FD-E2E2A9F82A15}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\nexuiz\bin32\nexuiz.exe |
    "{279BA7A7-2449-4E6A-A756-56EFEA5DFAD6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\insound87\deathmatch classic\hl.exe |
    "{2A39D7E0-B804-4206-8B5D-B506A0EDF6F6}" = protocol=6 | dir=in | app=e:\steam\steamapps\insound87\ricochet\hl.exe |
    "{2B12B886-7F8F-44B2-AA56-D4F3C3FDFA56}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\tomb raider legend\trl.exe |
    "{2B578DA8-9A6B-4F31-80FC-4E9D28E75443}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\red orchestra 2\binaries\win64\rogame.exe |
    "{2BEDCD3D-21D8-4C08-A067-8843AC9CA2B9}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe |
    "{2EA87716-03D7-4B52-8981-3A91A23D6B51}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\killingfloor\system\killingfloor.exe |
    "{304738E6-E2FB-48FC-9C12-2D75AC548989}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\hitman codename 47\hitman.exe |
    "{3056C71F-3DDB-432B-9512-A19C6AE04A78}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
    "{312956B6-1AD6-40F0-B7E3-17695450A8B6}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\the ball\binaries\win32\theball.exe |
    "{3337BF43-55FD-4550-B6F8-0637D9AAF166}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{333D2AC1-D0AA-4308-A5B6-1F8657393536}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe |
    "{371BC876-E255-4D5A-BED4-8ACAF94E6FFC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\insound87\half-life\hl.exe |
    "{37A47B94-7305-4CD9-872F-EEF97247F67F}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
    "{39A6A497-0FED-4441-873B-FCDC99CEB48F}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\homefront\binaries\homefront.exe |
    "{3AA85B1B-BC64-4069-B8DA-4590A58F9D64}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe |
    "{3ADC8133-058C-45D2-966C-C6F7346E59DE}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\darksiders\darksiderspc.exe |
    "{3AEE5718-5082-41A4-B797-F0DA65E9D196}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3B9E4308-2540-4DFE-8C8D-D53D2E564235}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\thief_gold\thief.exe |
    "{3D2BD44F-8A45-4E12-B04D-2A2BCF2B34CA}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\rome total war gold\rometw.exe |
    "{3F7BBD6C-050E-4266-A5B7-194FBED32A30}" = protocol=6 | dir=in | app=e:\steam\steamapps\insound87\deathmatch classic\hl.exe |
    "{409975FB-FCD9-4CDB-96A4-B463CEF8D81C}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
    "{40DBF56D-7DFB-41C4-8D80-95BDB3B04A22}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{441ADF34-1D4D-4BE2-B3CC-3F00311C61B4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{450D4ED2-09DA-42C9-8F2D-0BA361D038EF}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\homefront\binaries\homefront.exe |
    "{457A8A8C-C2D4-4318-B4D7-529C4DA46F2C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
    "{45CEC09E-60D6-44DF-A510-8ACD21EBE40A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{467BDC4E-14C5-45B9-9FB6-476DEC5AECA4}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dawn of war 2\dow2.exe |
    "{46FDD178-FD41-4223-91C4-50E744060F0C}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\lara croft and the guardian of light\lcgol.exe |
    "{473AB091-5EE9-4DC8-8A29-4B779775DA46}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\nexuiz\bin32\nexuiz.exe |
    "{486E8194-339A-4EAA-87E7-016B7A436858}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2012\3dsmax.exe |
    "{48C2409C-AD6A-4F74-8522-0945CADE1F65}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\killingfloor\system\killingfloor.exe |
    "{49F4B25B-1F06-4FBA-8C08-94C188C59516}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\insound87\counter-strike\hl.exe |
    "{4A1CDC4E-FCA9-4483-97A5-F6FAAB0ED252}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
    "{4AF394B2-15D5-4EFB-B2A8-FEB6D72E65C4}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\redorchestra2beta\binaries\win32\rogame.exe |
    "{4F790D32-61C7-4D78-8BFC-4971443E1D8D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
    "{5132BC43-1FF2-4335-A6F0-B7C1ECA691DF}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\uplink\uplink.exe |
    "{51377895-FD26-4F6A-BF71-BF57F28ACAF0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5206E5B1-02E3-40C2-AC01-BA03C69A703E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{53A00451-10F3-4AEB-B927-574B24B450F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\insound87\deathmatch classic\hl.exe |
    "{54147EDB-5AD7-48A9-ACE0-553F0732CC89}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
    "{541E4F38-13D7-49E3-9872-ABAE19106FF6}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{55BE6670-55AB-47D5-8746-A9A51A6104BB}" = protocol=6 | dir=in | app=e:\steam\steamapps\insound87\day of defeat\hl.exe |
    "{55F0C604-1107-4FEB-986C-42C32A4CC2E3}" = protocol=6 | dir=in | app=e:\steam\steamapps\insound87\half-life\hl.exe |
    "{57C8CE06-423D-4637-B2E8-4AA35C45B698}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{58D2BDCE-838C-46CD-B919-9B9336A52B1E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{595AB54F-8C1E-4AAE-9618-469437D18F69}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\just cause 2\justcause2.exe |
    "{5A21915E-FB6A-4614-82D7-2C1AE2F1C427}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\the binding of isaac\isaac.exe |
    "{5A72CAFD-724D-47A1-8D0A-9ADE4BB87591}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
    "{60715FC4-C72C-4B16-A92E-72C10ED3214B}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\nexuiz\bin32\editor.exe |
    "{6154218C-46BD-4E2D-97F2-50FD5FDFBE8C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{6161485D-F052-4DDA-A7FA-2BB6ED4AA2A6}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
    "{618D8922-FC6B-496E-B9F5-9294398DDCD0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{62388F18-0464-476D-82FC-1DC9B211A533}" = protocol=17 | dir=in | app=e:\steam\steamapps\insound87\team fortress classic\hl.exe |
    "{62832D4F-2DE5-4CC3-A264-8B5D495A823D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{646C015E-1EB3-4D1E-A2D5-02AE8AFE3AEF}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
    "{653B1CDA-0D52-41E9-907C-BF90C17CBB76}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\hitman 2 silent assassin\config.exe |
    "{66DA6E68-4941-422F-9268-A7EBAA562552}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\thief deadly shadows\system\runme.exe |
    "{676831B8-9642-4972-A78B-2C41C8FEE8A0}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\titan quest immortal throne\tqit.exe |
    "{6783C319-F542-4CE5-A35F-1A75F4A455D7}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\hitman blood money\configure.exe |
    "{6A1EEE76-9A39-4953-953C-690AD98D098D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{6B0D38D8-9ABF-4F61-86BA-5EA1BBF03E48}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{6D276672-D03F-4991-A386-7BDC789A675C}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
    "{6ED6F29C-80F2-4476-AB8F-B13F85C75A57}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe |
    "{6F5EE782-F7ED-4487-9487-6F6EF18D8512}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\deus ex\system\deusex.exe |
    "{70668641-8E18-4730-93A8-40FE9DD017C8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{7087C964-8201-4B64-A79E-A8E3022B0D0C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe |
    "{70E3808D-706E-4BE0-8CE7-F23268EA5E7C}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
    "{71B027BF-C120-49B9-866D-6AB36C46257D}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
    "{725E36F1-649D-40F2-B92B-75C10F00F953}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\saints row the third\game_launcher.exe |
    "{72C2415F-A1F9-49FD-9A51-EF14E4F6B2A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{7496AF83-116E-4920-B86A-773EF2044145}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dawn of war 2\dow2.exe |
    "{74DF511B-64F8-470A-B93C-935FC452294B}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{752A659B-C97D-45BA-8DFC-3DD24BC22C4B}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
    "{775BD9E3-D1C7-4526-9452-8B773396198D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{77D3DF33-5B96-4415-978A-B2C822F2812F}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\nexuiz\bin32\editor.exe |
    "{7805F6B6-631E-46FB-A694-2C6F79928867}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{78BDB313-4FBD-4049-9876-83647381D70D}" = protocol=17 | dir=in | app=e:\steam\steamapps\insound87\day of defeat\hl.exe |
    "{792A55A8-C612-4764-A5AD-CC1E998748F9}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\rome total war alexander\testappa.exe |
    "{81CB155B-659F-4021-BA6E-873D326301E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\uplink\uplink.exe |
    "{8243A9AE-8AE0-4DC9-BCD2-EFBE64EA65BB}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dxhrml\dxhrml.exe |
    "{8324B246-9D86-45AD-B685-AC4A3BE6C95F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum conundrum\binaries\win32\trygame-win32-shipping.exe |
    "{86340B7E-15DF-4BBB-9488-4B8152B2A010}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\titan quest\titan quest.exe |
    "{866838CA-A318-4377-806E-1066F297E0F3}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\red orchestra 2\binaries\win64\rogame.exe |
    "{87F437D8-B240-4FA7-9B01-8F2B2FAB6AD2}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\red orchestra\system\redorchestra.exe |
    "{88E68F86-D598-4FA5-9BAE-0B1B4CE154F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\insound87\counter-strike\hl.exe |
    "{8A5D0D42-8E95-4C86-B0C5-955D581D51C0}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\metro 2033\metro2033.exe |
    "{8AA5A6DF-939B-4EA8-9C9C-5C9B8652AD65}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{8AB7CA80-941E-43AF-BCE7-513DE958568A}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
    "{8CA2718B-37D7-42FF-8537-F48486201449}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\insound87\day of defeat\hl.exe |
    "{8D9AB570-A8B6-4FF5-918E-6C417BAB3692}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
    "{91814351-A25C-4500-9213-4B5A3500B650}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief deadly shadows\system\runme.exe |
    "{9388BD38-B91D-4453-AF02-C101596C9885}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\red orchestra\system\redorchestra.exe |
    "{95C6650B-4424-4C07-BA92-7522AB0E921A}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
    "{975E56E8-9EAC-4064-9103-5EAB5DDB8991}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\hitman codename 47\hitman.exe |
    "{98905947-5F11-475A-96A9-93B77FC66DE1}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\rome total war gold\rometw-bi.exe |
    "{9DEB502A-A007-4434-B209-4909CEEFFB49}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
    "{9E0060A8-77B1-4C54-9F9A-9B1CBBB28646}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{9EBE3EB4-B7AC-4BA1-B4D0-4BF6C6C5D36D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief deadly shadows\system\runme.exe |
    "{9F7E54B9-44C9-4A86-BF24-0F0005F52C33}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\uplink\uplink.exe |
    "{A3AB7DFA-18C8-466F-BC09-329D457808B7}" = protocol=17 | dir=in | app=e:\steam\steamapps\insound87\half-life\hl.exe |
    "{A48793D5-97E3-44FB-9084-8E9CC7C2D9FF}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\quantum conundrum\binaries\win32\trygame-win32-shipping.exe |
    "{A49BD139-25DC-4DB1-8335-A1EFE35B9385}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
    "{A4EAEC28-25BC-41B7-9C8B-49BD3AF5E66E}" = protocol=17 | dir=in | app=e:\steam\steamapps\insound87\deathmatch classic\hl.exe |
    "{A85AEA66-A0D1-4EC3-AB12-C6680A2EE3AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darwinia\darwinia.exe |
    "{ABC347B1-482C-43D7-A75C-48E756C64C69}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{AC4654FD-263E-4705-9124-786C018B75A7}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\darwinia\darwinia.exe |
    "{ADB75554-8F98-49E5-930A-102D90FA36B2}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dxhrml\dxhrml.exe |
    "{AE4D8E6A-9CFA-457F-B10B-B06395E6514C}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\the ball\binaries\win32\theball.exe |
    "{AED9D2CE-9423-4E3E-8A91-8DD077A56EA8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{AFCD1906-8596-4FF9-B447-40862CE0148F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
    "{B0DDDFE4-5653-4BFD-9719-730EF1FF1B3D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\just cause 2\justcause2.exe |
    "{B36BA3BB-AEE7-423A-A25D-1EF5DA0B9E50}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\killingfloor\system\kfed.exe |
    "{B445EFC9-C072-4B3B-8D28-13C297B3A1F9}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
    "{B586F74D-FEFC-4499-9685-B4F8DD8C0064}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B6A2E038-13C1-4215-B078-23AFF7C41D30}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\insound87\team fortress classic\hl.exe |
    "{B71FE2F1-7402-49B6-B16B-FC028726FF2F}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\quantum conundrum\binaries\win32\trygame-win32-shipping.exe |
    "{B769930C-1293-4887-B885-7E38A66B8144}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider anniversary\tra.exe |
    "{B8ECFF66-305A-4A7F-8BA0-D4ED3C084971}" = protocol=17 | dir=in | app=e:\steam\steamapps\insound87\ricochet\hl.exe |
    "{B91A4C36-07E9-4B38-980C-61AE73987982}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{B92B5378-9B09-4B76-9490-F185FBEF8AA8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\insound87\half-life\hl.exe |
    "{BA737267-D275-426C-9E14-3156CA8C2283}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\hitman codename 47\setup.exe |
    "{BADCB007-C7BE-4A56-8FD2-9DBE11E6F695}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{BBCB4A15-0EE5-47D9-B6B8-D4219A0CFCAE}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\medieval ii total war\launcher.exe |
    "{BD07181E-AA88-4916-B9CC-43568164B24C}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\titan quest immortal throne\tqit.exe |
    "{BDD836F4-ED00-4E2E-B32E-0E6F2DB3F8AE}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
    "{BE2B7B24-674C-440B-89D4-E5C4C5B3258B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{BE8613BB-E1E0-4B0D-9907-885AEAD71C5A}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\titan quest\titan quest.exe |
    "{BF19C6D5-8211-4309-A0C4-1B04D5ABA8DE}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\psychonauts\psychonauts.exe |
    "{BF2691C1-0164-4EC9-A31D-5B9B78295CF7}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\tomb raider legend\trl.exe |
    "{BF92AD90-F3A6-4879-AAA8-9ADDC6A4AF7D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
    "{C30AC77E-F745-4CE7-A058-8450CCB84DB5}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\deus ex invisible war\system\dx2.exe |
    "{C75DBD98-2601-4CFE-BC75-B758AE9F5636}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\killingfloor\system\kfed.exe |
    "{C9DD2912-2825-4412-87A0-4A91A4FDF01D}" = protocol=6 | dir=in | app=e:\steam\steamapps\insound87\team fortress classic\hl.exe |
    "{C9EA0332-7818-4E53-9C96-306E9D11E51E}" = protocol=6 | dir=in | app=e:\steam\steamapps\insound87\counter-strike\hl.exe |
    "{CA17091A-D4A4-4DC8-B36D-67BD19F2D799}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\thief deadly shadows\system\runme.exe |
    "{CB2FC80E-3D71-4DA0-9DB1-6B2599AEF894}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\hitman 2 silent assassin\hitman2.exe |
    "{CE171F66-F76A-417B-AEAE-94E2BB27F83D}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\redorchestra2beta\binaries\win32\rogame.exe |
    "{D03BB060-BE14-46EC-AFA4-B8D4CC9C239C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D0C732C4-EFF3-475D-867A-84A3AEACC219}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{D111BFFC-F1AA-4C16-BC45-7D58ED37F487}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\lara croft and the guardian of light\lcgol.exe |
    "{D358513A-84F9-4F7A-9822-B2D5D288B9A7}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\deus ex invisible war\system\dx2.exe |
    "{D3653EFC-62CE-484A-8474-17F1C55387FE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{D4831DF4-5025-4B84-96D3-C1C0C72DFDF8}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\metro 2033\metro2033.exe |
    "{D6321EFE-A3AF-4548-B779-BCBB0C690154}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D69EFEB3-62FF-4F6F-8C2E-E1B57DB209F1}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\tomb raider anniversary\tra.exe |
    "{D879660F-C277-4A33-85E4-163108C64C83}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
    "{DD133206-6B8E-4AE6-9E64-1B36F1779371}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum conundrum\binaries\win32\trygame-win32-shipping.exe |
    "{DD5E0185-2926-4952-A657-F5D393711E28}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\hitman blood money\configure.exe |
    "{DED6BF0B-5BB4-428F-8DC6-28EAFD808AF7}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\saints row the third\game_launcher.exe |
    "{E28E173F-0C08-4E44-B258-B48991E65BCC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darwinia\darwinia.exe |
    "{E4A4DCE9-5F5B-43A3-B499-CA36274D809F}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
    "{E60ED370-E3DB-4B68-9AB1-4914AD153EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{E6AD5720-6916-435C-A56C-8B36C871B08B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\insound87\day of defeat\hl.exe |
    "{E7D5A6C8-8CAC-41AB-BC19-2218DFC693BF}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\darksiders\darksiderspc.exe |
    "{ED432611-1408-486F-8DDA-8FA562AE43D2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{F076A14A-E2AB-4B4F-A978-4C5B752EEC7E}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe |
    "{F12DA5A7-6260-410D-A06B-349B04D1445B}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\rome total war alexander\testappa.exe |
    "{F190167E-D8FB-41BF-99EF-4C97EBC9241A}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\psychonauts\psychonauts.exe |
    "{F1E2E4E4-11A8-497F-858B-3570A55CA238}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{F268EAE4-7E07-40B5-9C0E-5A4F9B33424E}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\hitman 2 silent assassin\config.exe |
    "{F2AE6B5E-7228-4A8F-9648-68130F8C5C80}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\multiwinia\multiwinia.exe |
    "{F398320C-AD0F-4704-9ABD-D44C2DB5B9EF}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\empire total war\empire.exe |
    "{F44BA3A4-3B1C-4942-B6C2-BD54C7DF964C}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\company of heroes\reliccoh.exe |
    "{F6A15B7E-B3B9-4603-A779-D1493E374004}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{F75AFD57-8409-48B6-AE91-E5353A33AF3D}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
    "{F7A2C692-9346-48DA-8743-A6E9D89F0D4E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F83E4F42-9142-4F96-818B-3F200CB59ACA}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
    "{F877FC56-8884-4473-B5AA-3F1EC7EE303E}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{FA6A7B8D-650D-4297-AE88-73BF7BF93499}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{FB47668C-0D26-4621-A7D3-B4942FFD027E}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{FC3C158D-BD37-457C-8462-51736358B2FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\insound87\ricochet\hl.exe |
    "{FD66B122-272F-4DDB-AE3B-A97D4AAC2C14}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{FE178C06-CCEC-49C1-A72E-888304B288CD}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\uplink\uplink.exe |
    "{FE4F340A-21E6-41AF-8021-C15F101CD4D2}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\thief_gold\thief.exe |
    "{FE786C02-EC43-48B8-AD43-5B73D8EF6206}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\hitman 2 silent assassin\hitman2.exe |
    "{FEB36F61-FBF5-4C62-BEF0-09E40F08F255}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "TCP Query User{00C6A66A-FCD1-4F83-B337-D303FFDD58E2}E:\steam\steamapps\insound87\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\insound87\team fortress 2\hl2.exe |
    "TCP Query User{5310F280-D612-4A57-B32F-73F69FF94C87}C:\program files (x86)\steam\steamapps\common\defcon\defcon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defcon\defcon.exe |
    "TCP Query User{DF57678F-D38E-4B7E-B32A-A9A96704317E}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "UDP Query User{16AFAE1D-FF99-4C9F-B987-D1E921D179FC}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "UDP Query User{4C67D1C2-C4BB-4ECD-9F0E-10D6C4C16102}C:\program files (x86)\steam\steamapps\common\defcon\defcon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defcon\defcon.exe |
    "UDP Query User{FBB79AD8-A80A-4702-88FB-5D45901803A4}E:\steam\steamapps\insound87\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\insound87\team fortress 2\hl2.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
    "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{723C8298-C7B0-0409-A1B6-C3BA6F3FFAB1}" = Autodesk 3ds Max 2012 64-bit - English
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Autodesk 3ds Max 2012 64-bit - English" = Autodesk 3ds Max 2012 64-bit - English
    "Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit" = Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "NVIDIA Drivers" = NVIDIA Drivers
    "ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
  21. insound

    insound Newcomer, in training Topic Starter Posts: 21

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{33174C6A-9C4C-4A39-81FB-E26F5015191B}_is1" = TEncoder version 17
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
    "{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6
    "{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{829E7CC4-A239-40a8-9332-F247D5366D01}_is1" = DAVID-LASERSCANNER 3.4.0.3008
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B1AD83A0-DC92-41E3-B111-E9472349768C}" = RollerCoaster Tycoon 2: Wacky Worlds
    "{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}" = RollerCoaster Tycoon 2: Time Twister
    "{BC64CEDA-74F9-4007-B9DE-09EDE0A35A67}" = Autodesk 123D Catch
    "{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
    "{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0529F5A-C45C-40C0-8457-6A5AF24ABC6E}" = GIZMO
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
    "{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "8461-7759-5462-8226" = Vuze
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "Aspire" = Aspire 3.0
    "avast" = avast! Free Antivirus
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.dmp.contentviewer" = Adobe Content Viewer
    "com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
    "Cut2D" = Cut2D 1.1
    "Cut3D" = Cut3D 1.025
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "Freemake Video Converter_is1" = Freemake Video Converter version 3.0.2
    "HandBrake" = HandBrake 0.9.6
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "Logitech Vid" = Logitech Vid HD
    "Mach3 Mach3VersionR1.83.027" = Mach3 Mach3VersionR1.83.027
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MySSID_is1" = Vtune 7.16
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "pepakura_designer3en" = Pepakura Designer 3
    "pepakura_viewer3en" = Pepakura Viewer 3
    "PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
    "PhotoVCarve" = PhotoVCarve 1.1
    "PunkBusterSvc" = PunkBuster Services
    "Steam App 10" = Counter-Strike
    "Steam App 104310" = Red Orchestra 2 SDK
    "Steam App 104320" = Red Orchestra 2: Heroes of Stalingrad Beta
    "Steam App 10500" = Empire: Total War
    "Steam App 113200" = The Binding of Isaac
    "Steam App 1200" = Red Orchestra: Ostfront 41-45
    "Steam App 1230" = Mare Nostrum
    "Steam App 1250" = Killing Floor
    "Steam App 1260" = Killing Floor SDK
    "Steam App 1280" = Darkest Hour: Europe '44-'45
    "Steam App 1290" = Darkest Hour Server
    "Steam App 130" = Half-Life: Blue Shift
    "Steam App 1500" = Darwinia
    "Steam App 1510" = Uplink
    "Steam App 1520" = DEFCON
    "Steam App 1530" = Multiwinia
    "Steam App 20" = Team Fortress Classic
    "Steam App 200010" = Quantum Conundrum
    "Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
    "Steam App 20570" = Warhammer® 40,000™: Dawn of War® II - Chaos Rising™
    "Steam App 211600" = Thief Gold
    "Steam App 211740" = Thief 2
    "Steam App 28050" = Deus Ex: Human Revolution
    "Steam App 30" = Day of Defeat
    "Steam App 34030" = Napoleon: Total War
    "Steam App 35130" = Lara Croft and the Guardian of Light
    "Steam App 35420" = Killing Floor Mod: Defence Alliance 2
    "Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
    "Steam App 35460" = The Ball
    "Steam App 35480" = Dwarfs!?
    "Steam App 3830" = Psychonauts
    "Steam App 40" = Deathmatch Classic
    "Steam App 43110" = Metro 2033
    "Steam App 4700" = Medieval II: Total War
    "Steam App 4760" = Rome: Total War Gold Edition
    "Steam App 4770" = Rome: Total War - Alexander
    "Steam App 4780" = Medieval II: Total War Kingdoms
    "Steam App 50" = Half-Life: Opposing Force
    "Steam App 50620" = Darksiders
    "Steam App 55100" = Homefront
    "Steam App 55150" = Warhammer 40,000 Space Marine
    "Steam App 55230" = Saints Row: The Third
    "Steam App 56400" = Warhammer® 40,000™: Dawn of War® II – Retribution™
    "Steam App 60" = Ricochet
    "Steam App 6850" = Hitman 2: Silent Assassin
    "Steam App 6860" = Hitman: Blood Money
    "Steam App 6900" = Hitman: Codename 47
    "Steam App 6910" = Deus Ex: Game of the Year Edition
    "Steam App 6920" = Deus Ex: Invisible War
    "Steam App 6980" = Thief: Deadly Shadows
    "Steam App 70" = Half-Life
    "Steam App 7000" = Tomb Raider: Legend
    "Steam App 8000" = Tomb Raider: Anniversary
    "Steam App 8140" = Tomb Raider: Underworld
    "Steam App 8190" = Just Cause 2
    "Steam App 96800" = Nexuiz
    "VCarve Pro" = VCarve Pro 6.0
    "Vuze_Remote Toolbar" = Vuze Remote Toolbar
    "Winamp" = Winamp
    "WinLiveSuite" = Windows Live Essentials
    "XviD4PSP5_is1" = XviD4PSP 5.10.271.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2531639372-1648162139-2993820186-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/23/2012 1:17:02 PM | Computer Name = MainPC-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
    Description = Cryptographic Services failed while processing the OnIdentity() call
    in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
    of binary kl2. System Error: The system cannot find the file specified. .

    Error - 10/23/2012 1:17:02 PM | Computer Name = MainPC-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
    Description = Cryptographic Services failed while processing the OnIdentity() call
    in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
    of binary Kaspersky Lab Driver. System Error: The system cannot find the file specified.
    .

    Error - 10/23/2012 1:17:02 PM | Computer Name = MainPC-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
    Description = Cryptographic Services failed while processing the OnIdentity() call
    in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
    of binary Zone Alarm Firewall Driver. System Error: The system cannot find the file
    specified. .

    Error - 10/24/2012 1:05:34 PM | Computer Name = MainPC-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
    2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 10/24/2012 2:27:20 PM | Computer Name = MainPC-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
    2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 10/25/2012 9:45:16 AM | Computer Name = MainPC-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
    2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 10/26/2012 3:21:37 PM | Computer Name = MainPC-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
    2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 10/26/2012 7:41:43 PM | Computer Name = MainPC-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
    2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 10/27/2012 7:30:20 PM | Computer Name = MainPC-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
    2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 10/29/2012 9:30:45 AM | Computer Name = MainPC-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
    2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    [ Media Center Events ]
    Error - 5/20/2012 2:35:44 PM | Computer Name = MainPC-PC | Source = MCUpdate | ID = 0
    Description = 7:35:44 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/21/2012 7:40:24 AM | Computer Name = MainPC-PC | Source = MCUpdate | ID = 0
    Description = 12:40:24 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/21/2012 2:47:46 PM | Computer Name = MainPC-PC | Source = MCUpdate | ID = 0
    Description = 7:47:46 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/22/2012 7:03:02 AM | Computer Name = MainPC-PC | Source = MCUpdate | ID = 0
    Description = 12:02:54 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/26/2012 2:33:05 PM | Computer Name = MainPC-PC | Source = MCUpdate | ID = 0
    Description = 7:33:05 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/27/2012 6:31:46 AM | Computer Name = MainPC-PC | Source = MCUpdate | ID = 0
    Description = 11:31:37 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/27/2012 2:03:29 PM | Computer Name = MainPC-PC | Source = MCUpdate | ID = 0
    Description = 7:03:29 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/28/2012 2:51:57 AM | Computer Name = MainPC-PC | Source = MCUpdate | ID = 0
    Description = 7:51:49 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/28/2012 2:58:31 PM | Computer Name = MainPC-PC | Source = MCUpdate | ID = 0
    Description = 7:58:31 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/29/2012 2:08:15 PM | Computer Name = MainPC-PC | Source = MCUpdate | ID = 0
    Description = 7:08:15 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    [ System Events ]
    Error - 10/23/2012 1:31:11 PM | Computer Name = MainPC-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 10/23/2012 1:32:14 PM | Computer Name = MainPC-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 10/23/2012 1:32:24 PM | Computer Name = MainPC-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 10/23/2012 2:30:01 PM | Computer Name = MainPC-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Apple
    Mobile Device service to connect.

    Error - 10/23/2012 2:30:01 PM | Computer Name = MainPC-PC | Source = Service Control Manager | ID = 7000
    Description = The Apple Mobile Device service failed to start due to the following
    error: %%1053

    Error - 10/23/2012 6:37:42 PM | Computer Name = MainPC-PC | Source = Service Control Manager | ID = 7031
    Description = The avast! Antivirus service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
    Restart the service.

    Error - 10/24/2012 10:57:36 AM | Computer Name = MainPC-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Apple
    Mobile Device service to connect.

    Error - 10/24/2012 10:57:36 AM | Computer Name = MainPC-PC | Source = Service Control Manager | ID = 7000
    Description = The Apple Mobile Device service failed to start due to the following
    error: %%1053

    Error - 10/25/2012 8:31:00 AM | Computer Name = MainPC-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
    Client Service service to connect.

    Error - 10/25/2012 8:31:00 AM | Computer Name = MainPC-PC | Source = Service Control Manager | ID = 7000
    Description = The Steam Client Service service failed to start due to the following
    error: %%1053


    < End of report >
  22. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
      O4 - HKU\S-1-5-21-2531639372-1648162139-2993820186-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      @Alternate Data Stream - 1134 bytes -> C:\Users\Main PC\AppData\Local\lzxDwiC2XxoyU:87jqMGYrks9rUBOt77Z
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =====================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  23. insound

    insound Newcomer, in training Topic Starter Posts: 21

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2531639372-1648162139-2993820186-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    ADS C:\Users\Main PC\AppData\Local\lzxDwiC2XxoyU:87jqMGYrks9rUBOt77Z deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Main PC
    ->Temp folder emptied: 14015248 bytes
    ->Temporary Internet Files folder emptied: 228745271 bytes
    ->FireFox cache emptied: 154193724 bytes
    ->Flash cache emptied: 9953 bytes

    User: Mcx1-MAINPC-PC
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 773194 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46378758 bytes
    RecycleBin emptied: 9372828 bytes

    Total Files Cleaned = 433.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Main PC

    User: Mcx1-MAINPC-PC

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Main PC
    ->Flash cache emptied: 0 bytes

    User: Mcx1-MAINPC-PC

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10292012_173659

    Files\Folders moved on Reboot...
    C:\Users\Main PC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  24. insound

    insound Newcomer, in training Topic Starter Posts: 21

    Results of screen317's Security Check version 0.99.54
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    Adobe Flash Player 11.4.402.287
    Mozilla Firefox (16.0.2)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
  25. insound

    insound Newcomer, in training Topic Starter Posts: 21

    Farbar Service Scanner Version: 27-10-2012
    Ran by Main PC (administrator) on 29-10-2012 at 18:48:15
    Running from "C:\Users\Main PC\Downloads"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.