Cannot install Malwarebytes, PC acting up a little

Inactive
By Twinfire
Oct 30, 2012
Topic Status:
Not open for further replies.
  1. Hello Team at TechSpot, after some browsing around the net for solutions to installing Malwarebytes (access denied) I came across this site, after some reading I want to clean sweep my pc.

    Can you help me out here or should I put this in a different group?

    The 5 steps call for a virus scan which I did with MSE with no issues found, step 2 calls for malwarebytes but I cannot install this as I get the access denied. An install should be a simple affair (for a simple user) so now I am here.

    Thanks in advance

    Twin
  2. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-10-30 22:03:54
    Windows 6.1.7601 Service Pack 1
    Running: gmer.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a94029713
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a94029713@001baf8a78d3 0xC1 0xF7 0x3A 0x85 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a94029713@002548245a04 0x44 0x52 0xD6 0xE9 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a94029713@d4206d62f809 0x49 0x63 0x71 0x31 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ?????????????????????????&???????o???????????????????|???&???????????????????????????????????????5??-B??oem68.inf??????????????????????????????????????s????bth\ms_bthpan???@???pB???????????????????????????9????????????????????????.????????????n????????????????????????????????-1????????????????????????????X??????????????y?z?z?z???z?z???d???????????????????????????????????????????v???y???y???y???????????????????????????????????A??pt???????????6??????????????oem14.inf???????md???????? ?????????????5.100.68.48??????????????????????????????? ??????v?v?{??????m???? ???????u?????????????,????????????&????????????????????2??? ???????_??????d1??? ???????9??????d-??????????? ???????u?????????????,?????????? ?&????????????????????T???????????:??????? ???????z?????s?{????N??????4????D_01??? ???????"??????d"???????????z???z????????????T??????????????d???????????I????????0??????b??36??????????????????Port_#0008.Hub_#0009????????s ??? ???????8?????4F-??? ???????8??????d9???&???????I???????????????????S???????????I??_a??HID
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBD 0x48 0x5F 0x71 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a94029713 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a94029713@001baf8a78d3 0xC1 0xF7 0x3A 0x85 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a94029713@002548245a04 0x44 0x52 0xD6 0xE9 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a94029713@d4206d62f809 0x49 0x63 0x71 0x31 ...
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ??????????????????????????????????????????????????????????|??????:???????????????????????????????????????????"?????????????????????????{?{????????????N??????o????DCor????<????????g?????????????????????????????????????????????????????????????w??e ????n??????s??vi??????????????????6.1.7600.16385????????????????????????L??????????????????????2??ub???????????o??01??????????????????????????????????????????????????????????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-30007|Desc=@FirewallAPI.dll,-30010|EmbedCtxt=@FirewallAPI.dll,-30002|???? ???{??????????????? P?????????????????? ??????????????n????????????????????d?????????oft??????????ST3320620AS ATA Device???5???????????s???????????????????:??????????????????????????????NVIDIA Corporation?udM??? ???????;??????????6-21-2006???????ne??hid_device?cop???????????`????????????????????????????????F??????2?????
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBD 0x48 0x5F 0x71 ...

    ---- EOF - GMER 1.0.15 ----

    Not sure if it is meant to display like this....?
  3. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    DDS (Ver_2012-10-19.01) - NTFS_AMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_37
    Run by Nunn at 23:37:42 on 2012-10-30
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4091.2603 [GMT 8:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\ProgramData\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\schtasks.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Microsoft Device Center\itype.exe
    C:\Program Files\Microsoft Device Center\ipoint.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\ProgramData\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\servicing\TrustedInstaller.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.claro-search.com/?affID=114508&tt=4112_4&babsrc=HP_clro&mntrId=c03f7e4b00000000000000241dde791b
    uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    mRun: [NPSStartup] <no file>
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    TCP: NameServer = 10.0.0.138
    TCP: Interfaces\{881529C7-8E85-40DB-857A-94BC3D57BE55} : DHCPNameServer = 10.0.0.138
    TCP: Interfaces\{8E0A8F1E-79F9-4CC8-9E15-680A84ADBAA0} : DHCPNameServer = 10.0.0.138
    TCP: Interfaces\{E86EEC0D-8926-45EA-91D7-B2BD16F4A136} : DHCPNameServer = 10.0.0.138
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
    x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Nunn\AppData\Roaming\Mozilla\Firefox\Profiles\9r8lat5j.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - www.google.com.au
    FF - component: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
    FF - component: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-09-02 19:15; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.claro.id, c03f7e4b00000000000000241dde791b
    FF - user.js: extensions.claro.instlDay - 15624
    FF - user.js: extensions.claro.vrsn - 1.6.4.1
    FF - user.js: extensions.claro.vrsni - 1.6.4.1
    FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.123:07:10
    FF - user.js: extensions.claro.prtnrId - claro
    FF - user.js: extensions.claro.prdct - claro
    FF - user.js: extensions.claro.aflt - babsst
    FF - user.js: extensions.claro_i.smplGrp - none
    FF - user.js: extensions.claro.tlbrId - claro
    FF - user.js: extensions.claro.instlRef - sst
    FF - user.js: extensions.claro.dfltLng - en
    FF - user.js: extensions.claro.excTlbr - false
    FF - user.js: extensions.claro.admin - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-16 8704]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2012-6-15 25312]
    R0 tclondrv;tclondrv;C:\Windows\System32\drivers\tclondrv.sys [2012-2-3 26856]
    R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-28 63960]
    R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-1-19 219360]
    R2 Browser Manager;Browser Manager;C:\ProgramData\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe [2012-10-11 2200096]
    R2 cpuz132;cpuz132;C:\Windows\System32\drivers\cpuz132_x64.sys [2010-1-24 19432]
    R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-4-1 21992]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-6-2 188736]
    R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2012-2-4 29288]
    R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2012-2-4 29288]
    R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2012-2-4 29288]
    R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2012-2-4 29288]
    R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2012-2-4 29288]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-3 136176]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-14 1262400]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 250808]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2012-2-15 36328]
    S3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2012-3-24 1918976]
    S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2011-4-19 1254464]
    S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-30 102240]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-20 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-2-9 137728]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-3 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 115168]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-1-19 236544]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-2-15 157672]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-2-15 16872]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-2-15 177640]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2012-2-15 146920]
    S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);C:\Windows\System32\drivers\sscebus.sys [2012-2-15 127488]
    S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;C:\Windows\System32\drivers\sscemdfl.sys [2012-2-15 18944]
    S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;C:\Windows\System32\drivers\sscemdm.sys [2012-2-15 161280]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-7-30 203104]
    S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2011-1-10 16448]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-2 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-10 1255736]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-7-9 14544]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
    S4 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2012-6-15 285152]
    .
    =============== Created Last 30 ================
    .
    2012-10-30 15:30:41 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{25C04FA4-D7B0-40F8-9BFA-D4269EB9A42F}\mpengine.dll
    2012-10-29 00:14:07 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-10-20 11:49:42 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2AABB5B3-B498-4430-80CD-8771973838F0}\gapaengine.dll
    2012-10-14 12:09:02 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
    2012-10-14 12:09:02 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
    2012-10-11 15:06:45 -------- d-----w- C:\ProgramData\Browser Manager
    2012-10-07 13:48:59 -------- d-----w- C:\Program Files (x86)\SpeedFan
    2012-10-01 00:43:26 -------- d-----w- C:\Users\Nunn\AppData\Local\My Games
    .
    ==================== Find3M ====================
    .
    2012-10-14 13:23:16 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-10-14 13:23:16 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-10-14 13:22:56 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-10-09 11:48:29 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-09 11:48:29 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-29 11:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-24 07:32:24 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-09-24 07:32:20 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-09-21 12:03:27 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-09-21 00:08:14 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe
    2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-08-30 14:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2012-08-30 14:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
    2012-08-24 18:05:06 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 16:57:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-08-24 15:59:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 15:20:39 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
    2012-08-21 05:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-08-21 05:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2012-08-21 05:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
    2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2010-07-29 00:50:06 44 ---h--w- C:\Program Files (x86)\b7629276.tmp
    .
    ============= FINISH: 23:38:06.74 ===============
  4. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-19.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 19/01/2010 12:30:10 PM
    System Uptime: 30/10/2012 11:29:22 PM (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | P55-UD3
    Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | Socket 1156 | 2234/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 679.045 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek PCIe GBE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_03\4&1CBEE564&0&00E1
    Manufacturer: Realtek
    Name: Realtek PCIe GBE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_03\4&1CBEE564&0&00E1
    Service: RTL8167
    .
    ==== System Restore Points ===================
    .
    RP556: 20/10/2012 7:48:46 PM - Windows Update
    RP557: 21/10/2012 7:36:06 PM - Installed Java(TM) 6 Update 37
    RP558: 23/10/2012 8:11:32 PM - Windows Update
    RP559: 27/10/2012 7:38:44 PM - Windows Update
    RP560: 30/10/2012 8:36:58 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Download Assistant
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.6
    Alan Wake
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Application Verifier x64 External Package
    ARMA 2: Free
    Audacity 2.0
    Batman: Arkham Asylum GOTY Edition
    Batman: Arkham City Demo
    Batman: Arkham City™ GOTY
    Battlefield 3™
    BigPond Broadband ADSL
    BigPond Media Downloader
    Blacklight: Retribution
    Blender
    Bonjour
    Browser Configuration Utility
    Call of Duty: Black Ops
    Call of Duty: Black Ops - Multiplayer
    CCleaner
    Counter-Strike: Source
    CPUID CPU-Z 1.60
    D3DX10
    Dual-Core Optimizer
    Dungeon Defenders Demo
    ESN Sonar
    Game Booster 3
    Garry's Mod
    Garry's Mod 13 Beta
    Gigabyte Raid Configurer
    Google Earth
    Google Update Helper
    Grand Theft Auto IV
    Grand Theft Auto: Episodes from Liberty City
    Hi-Rez Studios Authenticate and Update Service
    inSSIDer
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 18
    Java(TM) 6 Update 37
    Junk Mail filter update
    Kits Configuration Installer
    LAME v3.99.3 (for Windows)
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Chart Controls for Microsoft .NET Framework 3.5
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Mouse and Keyboard Center
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 3.1
    Mozilla Firefox 16.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSVC80_x64_v2
    MSVC80_x86_v2
    MSVC90_x64
    MSVC90_x86
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NETGEAR WNA3100 wireless USB 2.0 adapter
    NVIDIA 3D Vision Controller Driver 301.42
    NVIDIA 3D Vision Driver 301.42
    NVIDIA Control Panel 301.42
    NVIDIA Endless City demo
    NVIDIA Graphics Driver 301.42
    NVIDIA HD Audio Driver 1.3.16.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0213
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.8.15
    NVIDIA Update Components
    OpenAL
    OpenOffice.org 3.2
    OpenTTD 1.2.1
    Origin
    Osmos
    PunkBuster Services
    PVSonyDll
    Quantum Conundrum Demo
    QuickTime
    RaceRoom Racing Experience
    RAGE
    RealFlight G5 R/C Simulator
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    ResearchSoft Direct Export Helper
    Rockstar Games Social Club
    Saints Row: The Third
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    SDK Debuggers
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Sid Meier's Civilization V: Gods & Kings Demo
    Spec Ops: The Line Demo
    SpeedFan (remove only)
    Steam
    swMSM
    Tribes: Ascend
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Windows App Certification Kit
    Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net (09/25/2008 3.1.0.101)
    Windows Driver Package - NETGEAR Inc. (RTL8187) Net (12/01/2006 6.1258.1201.2006)
    Windows Driver Package - Thomson (USB_RNDIS) Net (02/15/2007 2.0.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Mobile Device Center
    Windows Mobile Device Center Driver Update
    Windows Mobile Device Updater Component
    Windows Software Development Kit
    Windows Software Development Kit DirectX x64 Remote
    Windows Software Development Kit DirectX x86 Remote
    Windows Software Development Kit for Metro style Apps
    Windows Software Development Kit for Metro style Apps DirectX x64 Remote
    Windows Software Development Kit for Metro style Apps DirectX x86 Remote
    Windows Software Development Kit Redistributables
    Wings 3D 1.4.1
    WinRAR archiver
    WPT Redistributables
    WPTx64
    Zune
    Zune Language Pack (CHS)
    Zune Language Pack (CHT)
    Zune Language Pack (CSY)
    Zune Language Pack (DAN)
    Zune Language Pack (DEU)
    Zune Language Pack (ELL)
    Zune Language Pack (ESP)
    Zune Language Pack (FIN)
    Zune Language Pack (FRA)
    Zune Language Pack (HUN)
    Zune Language Pack (IND)
    Zune Language Pack (ITA)
    Zune Language Pack (JPN)
    Zune Language Pack (KOR)
    Zune Language Pack (MSL)
    Zune Language Pack (NLD)
    Zune Language Pack (NOR)
    Zune Language Pack (PLK)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)
    Zune Language Pack (RUS)
    Zune Language Pack (SVE)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    30/10/2012 9:51:26 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    30/10/2012 9:51:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    30/10/2012 9:51:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    30/10/2012 9:51:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    30/10/2012 9:51:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    30/10/2012 9:51:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    30/10/2012 9:51:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    30/10/2012 9:51:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx VWiFiFlt Wanarpv6 WfpLwf
    30/10/2012 9:51:09 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    30/10/2012 9:51:09 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    30/10/2012 9:51:09 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    30/10/2012 9:51:09 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    30/10/2012 9:51:09 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    30/10/2012 9:51:09 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    30/10/2012 9:51:09 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    30/10/2012 9:51:09 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    30/10/2012 9:51:09 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    30/10/2012 9:51:09 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    30/10/2012 9:50:43 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    30/10/2012 11:32:20 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    30/10/2012 11:32:20 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
    .
    ==== End Of File ===========================
  5. Broni

    Broni Malware Annihilator Posts: 45,158   +242

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ==================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  6. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    (1)

    20:01:14.0359 1056 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    20:01:15.0369 1056 ============================================================
    20:01:15.0369 1056 Current date / time: 2012/10/31 20:01:15.0369
    20:01:15.0369 1056 SystemInfo:
    20:01:15.0369 1056
    20:01:15.0369 1056 OS Version: 6.1.7601 ServicePack: 1.0
    20:01:15.0369 1056 Product type: Workstation
    20:01:15.0369 1056 ComputerName: NUNN-PC
    20:01:15.0369 1056 UserName: Nunn
    20:01:15.0369 1056 Windows directory: C:\Windows
    20:01:15.0369 1056 System windows directory: C:\Windows
    20:01:15.0369 1056 Running under WOW64
    20:01:15.0369 1056 Processor architecture: Intel x64
    20:01:15.0369 1056 Number of processors: 4
    20:01:15.0369 1056 Page size: 0x1000
    20:01:15.0369 1056 Boot type: Normal boot
    20:01:15.0369 1056 ============================================================
    20:01:16.0616 1056 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    20:01:16.0694 1056 ============================================================
    20:01:16.0694 1056 \Device\Harddisk0\DR0:
    20:01:16.0694 1056 MBR partitions:
    20:01:16.0694 1056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9CDE9
    20:01:16.0694 1056 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9CE28, BlocksNum 0x74668B99
    20:01:16.0694 1056 ============================================================
    20:01:16.0725 1056 C: <-> \Device\Harddisk0\DR0\Partition2
    20:01:16.0725 1056 ============================================================
    20:01:16.0725 1056 Initialize success
    20:01:16.0725 1056 ============================================================
    20:01:24.0061 2256 ============================================================
    20:01:24.0061 2256 Scan started
    20:01:24.0061 2256 Mode: Manual;
    20:01:24.0061 2256 ============================================================
    20:01:24.0311 2256 ================ Scan system memory ========================
    20:01:24.0311 2256 System memory - ok
    20:01:24.0311 2256 ================ Scan services =============================
    20:01:24.0431 2256 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    20:01:24.0431 2256 1394ohci - ok
    20:01:24.0471 2256 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    20:01:24.0481 2256 ACPI - ok
    20:01:24.0501 2256 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    20:01:24.0501 2256 AcpiPmi - ok
    20:01:24.0611 2256 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    20:01:24.0611 2256 AdobeARMservice - ok
    20:01:24.0711 2256 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    20:01:24.0711 2256 AdobeFlashPlayerUpdateSvc - ok
    20:01:24.0751 2256 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    20:01:24.0751 2256 adp94xx - ok
    20:01:24.0781 2256 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    20:01:24.0781 2256 adpahci - ok
    20:01:24.0791 2256 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    20:01:24.0801 2256 adpu320 - ok
    20:01:24.0821 2256 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    20:01:24.0841 2256 AeLookupSvc - ok
    20:01:25.0001 2256 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    20:01:25.0031 2256 AFD - ok
    20:01:25.0051 2256 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    20:01:25.0051 2256 agp440 - ok
    20:01:25.0081 2256 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    20:01:25.0081 2256 ALG - ok
    20:01:25.0091 2256 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    20:01:25.0091 2256 aliide - ok
    20:01:25.0111 2256 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    20:01:25.0111 2256 amdide - ok
    20:01:25.0121 2256 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    20:01:25.0121 2256 AmdK8 - ok
    20:01:25.0151 2256 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    20:01:25.0151 2256 AmdPPM - ok
    20:01:25.0161 2256 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    20:01:25.0161 2256 amdsata - ok
    20:01:25.0161 2256 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    20:01:25.0171 2256 amdsbs - ok
    20:01:25.0181 2256 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    20:01:25.0181 2256 amdxata - ok
    20:01:25.0221 2256 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
    20:01:25.0221 2256 androidusb - ok
    20:01:25.0261 2256 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    20:01:25.0261 2256 AppID - ok
    20:01:25.0281 2256 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    20:01:25.0281 2256 AppIDSvc - ok
    20:01:25.0321 2256 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    20:01:25.0331 2256 Appinfo - ok
    20:01:25.0391 2256 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    20:01:25.0391 2256 Apple Mobile Device - ok
    20:01:25.0401 2256 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    20:01:25.0401 2256 arc - ok
    20:01:25.0421 2256 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    20:01:25.0421 2256 arcsas - ok
    20:01:25.0541 2256 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    20:01:25.0541 2256 aspnet_state - ok
    20:01:25.0561 2256 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    20:01:25.0561 2256 AsyncMac - ok
    20:01:25.0591 2256 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    20:01:25.0601 2256 atapi - ok
    20:01:25.0651 2256 [ 417B9BAB376E8E50F6770196656FD348 ] athur C:\Windows\system32\DRIVERS\athurx.sys
    20:01:25.0671 2256 athur - ok
    20:01:25.0711 2256 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    20:01:25.0721 2256 AudioEndpointBuilder - ok
    20:01:25.0721 2256 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    20:01:25.0731 2256 AudioSrv - ok
    20:01:25.0771 2256 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    20:01:25.0771 2256 AxInstSV - ok
    20:01:25.0811 2256 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    20:01:25.0821 2256 b06bdrv - ok
    20:01:25.0841 2256 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    20:01:25.0851 2256 b57nd60a - ok
    20:01:25.0911 2256 [ 6FA3557EA5FA09BA705298CC6B0E9F5A ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
    20:01:25.0921 2256 BCMH43XX - ok
    20:01:25.0971 2256 [ F29D375926E36E3A56AF4805C7749302 ] BCUService C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    20:01:25.0971 2256 BCUService - ok
    20:01:26.0001 2256 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    20:01:26.0001 2256 BDESVC - ok
    20:01:26.0031 2256 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    20:01:26.0031 2256 Beep - ok
    20:01:26.0081 2256 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    20:01:26.0091 2256 BFE - ok
    20:01:26.0111 2256 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    20:01:26.0121 2256 BITS - ok
    20:01:26.0141 2256 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    20:01:26.0141 2256 blbdrive - ok
    20:01:26.0181 2256 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    20:01:26.0191 2256 Bonjour Service - ok
    20:01:26.0241 2256 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    20:01:26.0241 2256 bowser - ok
    20:01:26.0251 2256 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    20:01:26.0251 2256 BrFiltLo - ok
    20:01:26.0261 2256 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    20:01:26.0261 2256 BrFiltUp - ok
    20:01:26.0301 2256 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    20:01:26.0301 2256 Browser - ok
    20:01:26.0421 2256 [ 703E0D9D640C5B2E8177EC0ECD0A736A ] Browser Manager C:\ProgramData\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
    20:01:26.0541 2256 Browser Manager - ok
    20:01:26.0561 2256 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    20:01:26.0561 2256 Brserid - ok
    20:01:26.0571 2256 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    20:01:26.0571 2256 BrSerWdm - ok
    20:01:26.0581 2256 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    20:01:26.0581 2256 BrUsbMdm - ok
    20:01:26.0591 2256 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    20:01:26.0601 2256 BrUsbSer - ok
    20:01:26.0621 2256 [ 832B121E4532919CC49F2438F1DCAA21 ] BthAvrcp C:\Windows\system32\DRIVERS\BthAvrcp.sys
    20:01:26.0621 2256 BthAvrcp - ok
    20:01:26.0671 2256 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
    20:01:26.0671 2256 BthEnum - ok
    20:01:26.0701 2256 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    20:01:26.0701 2256 BTHMODEM - ok
    20:01:26.0731 2256 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    20:01:26.0731 2256 BthPan - ok
    20:01:26.0781 2256 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
    20:01:26.0791 2256 BTHPORT - ok
    20:01:26.0811 2256 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    20:01:26.0821 2256 bthserv - ok
    20:01:26.0841 2256 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
    20:01:26.0851 2256 BTHUSB - ok
    20:01:26.0861 2256 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    20:01:26.0871 2256 cdfs - ok
    20:01:26.0911 2256 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    20:01:26.0921 2256 cdrom - ok
    20:01:26.0951 2256 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    20:01:26.0951 2256 CertPropSvc - ok
    20:01:26.0961 2256 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    20:01:26.0961 2256 circlass - ok
    20:01:26.0991 2256 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    20:01:26.0991 2256 CLFS - ok
    20:01:27.0041 2256 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    20:01:27.0041 2256 clr_optimization_v2.0.50727_32 - ok
    20:01:27.0091 2256 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    20:01:27.0091 2256 clr_optimization_v2.0.50727_64 - ok
    20:01:27.0171 2256 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    20:01:27.0171 2256 clr_optimization_v4.0.30319_32 - ok
    20:01:27.0231 2256 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    20:01:27.0241 2256 clr_optimization_v4.0.30319_64 - ok
    20:01:27.0261 2256 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    20:01:27.0271 2256 CmBatt - ok
    20:01:27.0311 2256 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    20:01:27.0311 2256 cmdide - ok
    20:01:27.0351 2256 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    20:01:27.0361 2256 CNG - ok
    20:01:27.0391 2256 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    20:01:27.0391 2256 Compbatt - ok
    20:01:27.0431 2256 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    20:01:27.0431 2256 CompositeBus - ok
    20:01:27.0431 2256 COMSysApp - ok
    20:01:27.0491 2256 [ C9C25778EFE890BAA4087E32937016A0 ] cpuz132 C:\Windows\system32\drivers\cpuz132_x64.sys
    20:01:27.0491 2256 cpuz132 - ok
    20:01:27.0541 2256 [ C08063F052308B6F5882482615387F30 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
    20:01:27.0541 2256 cpuz135 - ok
    20:01:27.0541 2256 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    20:01:27.0541 2256 crcdisk - ok
    20:01:27.0591 2256 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    20:01:27.0591 2256 CryptSvc - ok
    20:01:27.0631 2256 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    20:01:27.0641 2256 DcomLaunch - ok
    20:01:27.0671 2256 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    20:01:27.0681 2256 defragsvc - ok
    20:01:27.0711 2256 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    20:01:27.0711 2256 DfsC - ok
    20:01:27.0751 2256 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
    20:01:27.0751 2256 dg_ssudbus - ok
    20:01:27.0781 2256 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    20:01:27.0791 2256 Dhcp - ok
    20:01:27.0801 2256 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    20:01:27.0801 2256 discache - ok
    20:01:27.0821 2256 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    20:01:27.0821 2256 Disk - ok
    20:01:27.0861 2256 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    20:01:27.0861 2256 Dnscache - ok
    20:01:27.0901 2256 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    20:01:27.0901 2256 dot3svc - ok
    20:01:27.0941 2256 [ B42ED0320C6E41102FDE0005154849BB ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
    20:01:27.0941 2256 dot4 - ok
    20:01:27.0971 2256 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
    20:01:27.0981 2256 Dot4Print - ok
    20:01:27.0991 2256 [ 488669CD1CD3BDCFDD9A5FDA72209069 ] Dot4Scan C:\Windows\system32\DRIVERS\Dot4Scan.sys
    20:01:27.0991 2256 Dot4Scan - ok
    20:01:28.0011 2256 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
    20:01:28.0011 2256 dot4usb - ok
    20:01:28.0041 2256 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    20:01:28.0041 2256 DPS - ok
    20:01:28.0061 2256 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    20:01:28.0061 2256 drmkaud - ok
    20:01:28.0111 2256 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    20:01:28.0121 2256 DXGKrnl - ok
    20:01:28.0151 2256 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    20:01:28.0151 2256 EapHost - ok
    20:01:28.0211 2256 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    20:01:28.0241 2256 ebdrv - ok
    20:01:28.0251 2256 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    20:01:28.0251 2256 EFS - ok
    20:01:28.0281 2256 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    20:01:28.0291 2256 ehRecvr - ok
    20:01:28.0311 2256 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    20:01:28.0311 2256 ehSched - ok
    20:01:28.0351 2256 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    20:01:28.0351 2256 elxstor - ok
    20:01:28.0381 2256 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    20:01:28.0381 2256 ErrDev - ok
    20:01:28.0412 2256 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    20:01:28.0412 2256 EventSystem - ok
    20:01:28.0432 2256 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    20:01:28.0442 2256 exfat - ok
    20:01:28.0452 2256 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    20:01:28.0462 2256 fastfat - ok
    20:01:28.0492 2256 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    20:01:28.0502 2256 Fax - ok
    20:01:28.0522 2256 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    20:01:28.0522 2256 fdc - ok
    20:01:28.0532 2256 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    20:01:28.0532 2256 fdPHost - ok
    20:01:28.0542 2256 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    20:01:28.0552 2256 FDResPub - ok
    20:01:28.0572 2256 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    20:01:28.0572 2256 FileInfo - ok
    20:01:28.0582 2256 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    20:01:28.0582 2256 Filetrace - ok
    20:01:28.0602 2256 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    20:01:28.0602 2256 flpydisk - ok
    20:01:28.0632 2256 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    20:01:28.0632 2256 FltMgr - ok
    20:01:28.0682 2256 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    20:01:28.0692 2256 FontCache - ok
    20:01:28.0742 2256 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    20:01:28.0742 2256 FontCache3.0.0.0 - ok
    20:01:28.0762 2256 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    20:01:28.0762 2256 FsDepends - ok
    20:01:28.0812 2256 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
    20:01:28.0812 2256 fssfltr - ok
    20:01:28.0902 2256 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    20:01:28.0922 2256 fsssvc - ok
    20:01:28.0952 2256 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    20:01:28.0952 2256 Fs_Rec - ok
    20:01:29.0042 2256 [ BAEA55DDFC899B2388C498FFB6227F49 ] fussvc C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe
    20:01:29.0122 2256 fussvc - ok
    20:01:29.0152 2256 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    20:01:29.0152 2256 fvevol - ok
    20:01:29.0172 2256 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    20:01:29.0172 2256 gagp30kx - ok
    20:01:29.0182 2256 gdrv - ok
    20:01:29.0222 2256 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    20:01:29.0222 2256 GEARAspiWDM - ok
    20:01:29.0262 2256 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    20:01:29.0272 2256 gpsvc - ok
    20:01:29.0372 2256 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    20:01:29.0382 2256 gupdate - ok
    20:01:29.0402 2256 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    20:01:29.0402 2256 gupdatem - ok
    20:01:29.0422 2256 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    20:01:29.0422 2256 hcw85cir - ok
    20:01:29.0472 2256 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    20:01:29.0472 2256 HdAudAddService - ok
    20:01:29.0492 2256 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    20:01:29.0492 2256 HDAudBus - ok
    20:01:29.0512 2256 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    20:01:29.0512 2256 HidBatt - ok
    20:01:29.0532 2256 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    20:01:29.0532 2256 HidBth - ok
    20:01:29.0552 2256 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    20:01:29.0552 2256 HidIr - ok
    20:01:29.0572 2256 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    20:01:29.0572 2256 hidserv - ok
    20:01:29.0612 2256 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    20:01:29.0612 2256 HidUsb - ok
    20:01:29.0662 2256 [ 82B2A78BCA8CA0B63BF09005783C6548 ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    20:01:29.0672 2256 HiPatchService - ok
    20:01:29.0712 2256 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    20:01:29.0712 2256 hkmsvc - ok
    20:01:29.0742 2256 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    20:01:29.0752 2256 HomeGroupListener - ok
    20:01:29.0772 2256 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    20:01:29.0772 2256 HomeGroupProvider - ok
    20:01:29.0792 2256 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    20:01:29.0802 2256 HpSAMD - ok
    20:01:29.0842 2256 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    20:01:29.0852 2256 HTTP - ok
    20:01:29.0882 2256 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    20:01:29.0882 2256 hwpolicy - ok
    20:01:29.0912 2256 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    20:01:29.0922 2256 i8042prt - ok
    20:01:29.0942 2256 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    20:01:29.0942 2256 iaStorV - ok
    20:01:29.0982 2256 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    20:01:29.0992 2256 idsvc - ok
    20:01:30.0002 2256 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    20:01:30.0002 2256 iirsp - ok
    20:01:30.0032 2256 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    20:01:30.0072 2256 IKEEXT - ok
    20:01:30.0172 2256 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    20:01:30.0222 2256 IntcAzAudAddService - ok
    20:01:30.0232 2256 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    20:01:30.0232 2256 intelide - ok
    20:01:30.0252 2256 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    20:01:30.0252 2256 intelppm - ok
    20:01:30.0282 2256 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    20:01:30.0282 2256 IPBusEnum - ok
    20:01:30.0322 2256 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    20:01:30.0322 2256 IpFilterDriver - ok
    20:01:30.0372 2256 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    20:01:30.0372 2256 iphlpsvc - ok
    20:01:30.0412 2256 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    20:01:30.0412 2256 IPMIDRV - ok
    20:01:30.0432 2256 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    20:01:30.0432 2256 IPNAT - ok
    20:01:30.0492 2256 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    20:01:30.0512 2256 iPod Service - ok
    20:01:30.0522 2256 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    20:01:30.0532 2256 IRENUM - ok
    20:01:30.0542 2256 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    20:01:30.0542 2256 isapnp - ok
    20:01:30.0562 2256 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    20:01:30.0572 2256 iScsiPrt - ok
    20:01:30.0592 2256 [ 86CFEF6DC6DE51AAB0C10384FE98F48F ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
    20:01:30.0602 2256 JRAID - ok
    20:01:30.0612 2256 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    20:01:30.0612 2256 kbdclass - ok
    20:01:30.0652 2256 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    20:01:30.0652 2256 kbdhid - ok
    20:01:30.0682 2256 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    20:01:30.0682 2256 KeyIso - ok
    20:01:30.0702 2256 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    20:01:30.0702 2256 KSecDD - ok
    20:01:30.0722 2256 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    20:01:30.0722 2256 KSecPkg - ok
    20:01:30.0732 2256 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    20:01:30.0742 2256 ksthunk - ok
    20:01:30.0762 2256 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    20:01:30.0762 2256 KtmRm - ok
    20:01:30.0782 2256 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    20:01:30.0782 2256 LanmanServer - ok
    20:01:30.0812 2256 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    20:01:30.0822 2256 LanmanWorkstation - ok
    20:01:30.0862 2256 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    20:01:30.0862 2256 lltdio - ok
    20:01:30.0892 2256 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    20:01:30.0892 2256 lltdsvc - ok
    20:01:30.0912 2256 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    20:01:30.0912 2256 lmhosts - ok
    20:01:30.0938 2256 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    20:01:30.0938 2256 LSI_FC - ok
    20:01:30.0954 2256 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    20:01:30.0954 2256 LSI_SAS - ok
    20:01:30.0969 2256 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    20:01:30.0969 2256 LSI_SAS2 - ok
    20:01:30.0985 2256 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    20:01:30.0985 2256 LSI_SCSI - ok
    20:01:31.0000 2256 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    20:01:31.0000 2256 luafv - ok
    20:01:31.0032 2256 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    20:01:31.0032 2256 Mcx2Svc - ok
    20:01:31.0063 2256 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    20:01:31.0063 2256 megasas - ok
    20:01:31.0063 2256 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    20:01:31.0078 2256 MegaSR - ok
    20:01:31.0094 2256 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    20:01:31.0094 2256 MMCSS - ok
    20:01:31.0141 2256 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    20:01:31.0141 2256 Modem - ok
    20:01:31.0188 2256 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    20:01:31.0188 2256 monitor - ok
    20:01:31.0219 2256 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    20:01:31.0219 2256 mouclass - ok
    20:01:31.0234 2256 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    20:01:31.0234 2256 mouhid - ok
    20:01:31.0266 2256 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    20:01:31.0266 2256 mountmgr - ok
    20:01:31.0344 2256 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    20:01:31.0344 2256 MozillaMaintenance - ok
    20:01:31.0390 2256 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    20:01:31.0390 2256 MpFilter - ok
    20:01:31.0422 2256 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    20:01:31.0422 2256 mpio - ok
    20:01:31.0437 2256 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    20:01:31.0437 2256 mpsdrv - ok
    20:01:31.0468 2256 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    20:01:31.0484 2256 MpsSvc - ok
    20:01:31.0515 2256 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    20:01:31.0515 2256 MRxDAV - ok
    20:01:31.0546 2256 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    20:01:31.0546 2256 mrxsmb - ok
    20:01:31.0578 2256 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    20:01:31.0593 2256 mrxsmb10 - ok
    20:01:31.0593 2256 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
  7. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    (2)

    20:01:31.0609 2256 mrxsmb20 - ok
    20:01:31.0619 2256 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    20:01:31.0619 2256 msahci - ok
    20:01:31.0649 2256 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    20:01:31.0649 2256 msdsm - ok
    20:01:31.0659 2256 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    20:01:31.0659 2256 MSDTC - ok
    20:01:31.0669 2256 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    20:01:31.0669 2256 Msfs - ok
    20:01:31.0689 2256 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    20:01:31.0689 2256 mshidkmdf - ok
    20:01:31.0699 2256 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    20:01:31.0699 2256 msisadrv - ok
    20:01:31.0719 2256 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    20:01:31.0729 2256 MSiSCSI - ok
    20:01:31.0729 2256 msiserver - ok
    20:01:31.0739 2256 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    20:01:31.0739 2256 MSKSSRV - ok
    20:01:31.0799 2256 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    20:01:31.0799 2256 MsMpSvc - ok
    20:01:31.0819 2256 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    20:01:31.0819 2256 MSPCLOCK - ok
    20:01:31.0829 2256 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    20:01:31.0829 2256 MSPQM - ok
    20:01:31.0859 2256 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    20:01:31.0869 2256 MsRPC - ok
    20:01:31.0879 2256 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    20:01:31.0879 2256 mssmbios - ok
    20:01:31.0889 2256 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    20:01:31.0889 2256 MSTEE - ok
    20:01:31.0899 2256 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    20:01:31.0899 2256 MTConfig - ok
    20:01:31.0919 2256 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    20:01:31.0919 2256 Mup - ok
    20:01:31.0959 2256 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    20:01:31.0959 2256 napagent - ok
    20:01:31.0969 2256 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    20:01:31.0979 2256 NativeWifiP - ok
    20:01:32.0019 2256 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    20:01:32.0029 2256 NDIS - ok
    20:01:32.0049 2256 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    20:01:32.0049 2256 NdisCap - ok
    20:01:32.0069 2256 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    20:01:32.0079 2256 NdisTapi - ok
    20:01:32.0099 2256 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    20:01:32.0099 2256 Ndisuio - ok
    20:01:32.0129 2256 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    20:01:32.0139 2256 NdisWan - ok
    20:01:32.0179 2256 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    20:01:32.0179 2256 NDProxy - ok
    20:01:32.0199 2256 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    20:01:32.0199 2256 NetBIOS - ok
    20:01:32.0239 2256 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    20:01:32.0249 2256 NetBT - ok
    20:01:32.0259 2256 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    20:01:32.0259 2256 Netlogon - ok
    20:01:32.0289 2256 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    20:01:32.0299 2256 Netman - ok
    20:01:32.0339 2256 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:01:32.0339 2256 NetMsmqActivator - ok
    20:01:32.0349 2256 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:01:32.0349 2256 NetPipeActivator - ok
    20:01:32.0369 2256 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    20:01:32.0379 2256 netprofm - ok
    20:01:32.0389 2256 netr28ux - ok
    20:01:32.0399 2256 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:01:32.0399 2256 NetTcpActivator - ok
    20:01:32.0399 2256 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:01:32.0409 2256 NetTcpPortSharing - ok
    20:01:32.0419 2256 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    20:01:32.0429 2256 nfrd960 - ok
    20:01:32.0469 2256 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    20:01:32.0469 2256 NisDrv - ok
    20:01:32.0499 2256 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    20:01:32.0499 2256 NisSrv - ok
    20:01:32.0519 2256 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    20:01:32.0519 2256 NlaSvc - ok
    20:01:32.0559 2256 [ C31FA031335EFF434B2D94278E74BCCE ] NPF C:\Windows\system32\DRIVERS\npf.sys
    20:01:32.0559 2256 NPF - ok
    20:01:32.0569 2256 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    20:01:32.0569 2256 Npfs - ok
    20:01:32.0589 2256 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    20:01:32.0589 2256 nsi - ok
    20:01:32.0599 2256 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    20:01:32.0599 2256 nsiproxy - ok
    20:01:32.0649 2256 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    20:01:32.0669 2256 Ntfs - ok
    20:01:32.0689 2256 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    20:01:32.0689 2256 Null - ok
    20:01:32.0739 2256 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    20:01:32.0739 2256 NVHDA - ok
    20:01:32.0959 2256 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    20:01:33.0089 2256 nvlddmkm - ok
    20:01:33.0129 2256 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    20:01:33.0129 2256 nvraid - ok
    20:01:33.0159 2256 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    20:01:33.0159 2256 nvstor - ok
    20:01:33.0209 2256 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
    20:01:33.0229 2256 nvsvc - ok
    20:01:33.0329 2256 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    20:01:33.0349 2256 nvUpdatusService - ok
    20:01:33.0399 2256 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    20:01:33.0399 2256 nv_agp - ok
    20:01:33.0439 2256 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    20:01:33.0439 2256 ohci1394 - ok
    20:01:33.0469 2256 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    20:01:33.0479 2256 p2pimsvc - ok
    20:01:33.0489 2256 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    20:01:33.0499 2256 p2psvc - ok
    20:01:33.0529 2256 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    20:01:33.0529 2256 Parport - ok
    20:01:33.0569 2256 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    20:01:33.0569 2256 partmgr - ok
    20:01:33.0589 2256 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    20:01:33.0589 2256 PcaSvc - ok
    20:01:33.0609 2256 pccsmcfd - ok
    20:01:33.0629 2256 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    20:01:33.0639 2256 pci - ok
    20:01:33.0649 2256 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    20:01:33.0649 2256 pciide - ok
    20:01:33.0664 2256 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    20:01:33.0680 2256 pcmcia - ok
    20:01:33.0680 2256 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    20:01:33.0680 2256 pcw - ok
    20:01:33.0711 2256 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    20:01:33.0711 2256 PEAUTH - ok
    20:01:33.0789 2256 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    20:01:33.0789 2256 PerfHost - ok
    20:01:33.0852 2256 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    20:01:33.0867 2256 pla - ok
    20:01:33.0898 2256 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    20:01:33.0914 2256 PlugPlay - ok
    20:01:33.0945 2256 PnkBstrA - ok
    20:01:33.0976 2256 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    20:01:33.0976 2256 PNRPAutoReg - ok
    20:01:33.0976 2256 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    20:01:33.0992 2256 PNRPsvc - ok
    20:01:34.0023 2256 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
    20:01:34.0023 2256 Point64 - ok
    20:01:34.0039 2256 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    20:01:34.0039 2256 PolicyAgent - ok
    20:01:34.0070 2256 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    20:01:34.0070 2256 Power - ok
    20:01:34.0117 2256 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    20:01:34.0117 2256 PptpMiniport - ok
    20:01:34.0132 2256 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    20:01:34.0132 2256 Processor - ok
    20:01:34.0164 2256 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    20:01:34.0179 2256 ProfSvc - ok
    20:01:34.0179 2256 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    20:01:34.0195 2256 ProtectedStorage - ok
    20:01:34.0226 2256 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    20:01:34.0226 2256 Psched - ok
    20:01:34.0273 2256 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    20:01:34.0288 2256 ql2300 - ok
    20:01:34.0304 2256 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    20:01:34.0304 2256 ql40xx - ok
    20:01:34.0320 2256 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    20:01:34.0335 2256 QWAVE - ok
    20:01:34.0335 2256 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    20:01:34.0335 2256 QWAVEdrv - ok
    20:01:34.0398 2256 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
    20:01:34.0398 2256 RapiMgr - ok
    20:01:34.0413 2256 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    20:01:34.0413 2256 RasAcd - ok
    20:01:34.0444 2256 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    20:01:34.0444 2256 RasAgileVpn - ok
    20:01:34.0444 2256 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    20:01:34.0460 2256 RasAuto - ok
    20:01:34.0460 2256 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    20:01:34.0460 2256 Rasl2tp - ok
    20:01:34.0491 2256 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    20:01:34.0507 2256 RasMan - ok
    20:01:34.0522 2256 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    20:01:34.0522 2256 RasPppoe - ok
    20:01:34.0538 2256 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    20:01:34.0538 2256 RasSstp - ok
    20:01:34.0554 2256 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    20:01:34.0554 2256 rdbss - ok
    20:01:34.0569 2256 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    20:01:34.0569 2256 rdpbus - ok
    20:01:34.0585 2256 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    20:01:34.0585 2256 RDPCDD - ok
    20:01:34.0600 2256 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    20:01:34.0600 2256 RDPENCDD - ok
    20:01:34.0616 2256 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    20:01:34.0616 2256 RDPREFMP - ok
    20:01:34.0632 2256 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    20:01:34.0632 2256 RDPWD - ok
    20:01:34.0663 2256 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    20:01:34.0678 2256 rdyboost - ok
    20:01:34.0710 2256 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    20:01:34.0710 2256 RemoteAccess - ok
    20:01:34.0741 2256 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    20:01:34.0741 2256 RemoteRegistry - ok
    20:01:34.0756 2256 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    20:01:34.0772 2256 RFCOMM - ok
    20:01:34.0788 2256 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    20:01:34.0788 2256 RpcEptMapper - ok
    20:01:34.0803 2256 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    20:01:34.0803 2256 RpcLocator - ok
    20:01:34.0850 2256 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    20:01:34.0850 2256 RpcSs - ok
    20:01:34.0866 2256 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    20:01:34.0866 2256 rspndr - ok
    20:01:34.0897 2256 [ F65F171165FBB613F7AA3CC78E8CAB42 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    20:01:34.0897 2256 RTL8167 - ok
    20:01:34.0897 2256 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    20:01:34.0912 2256 SamSs - ok
    20:01:34.0944 2256 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    20:01:34.0944 2256 sbp2port - ok
    20:01:34.0975 2256 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    20:01:34.0990 2256 SCardSvr - ok
    20:01:35.0022 2256 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    20:01:35.0022 2256 scfilter - ok
    20:01:35.0053 2256 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    20:01:35.0068 2256 Schedule - ok
    20:01:35.0115 2256 [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
    20:01:35.0115 2256 SCMNdisP - ok
    20:01:35.0146 2256 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    20:01:35.0162 2256 SCPolicySvc - ok
    20:01:35.0193 2256 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    20:01:35.0203 2256 SDRSVC - ok
    20:01:35.0223 2256 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    20:01:35.0223 2256 secdrv - ok
    20:01:35.0243 2256 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    20:01:35.0253 2256 seclogon - ok
    20:01:35.0263 2256 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    20:01:35.0273 2256 SENS - ok
    20:01:35.0293 2256 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    20:01:35.0293 2256 SensrSvc - ok
    20:01:35.0333 2256 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    20:01:35.0343 2256 Serenum - ok
    20:01:35.0403 2256 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    20:01:35.0403 2256 Serial - ok
    20:01:35.0463 2256 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    20:01:35.0463 2256 sermouse - ok
    20:01:35.0513 2256 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    20:01:35.0513 2256 SessionEnv - ok
    20:01:35.0553 2256 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    20:01:35.0563 2256 sffdisk - ok
    20:01:35.0603 2256 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    20:01:35.0603 2256 sffp_mmc - ok
    20:01:35.0633 2256 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    20:01:35.0643 2256 sffp_sd - ok
    20:01:35.0673 2256 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    20:01:35.0673 2256 sfloppy - ok
    20:01:35.0703 2256 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    20:01:35.0713 2256 SharedAccess - ok
    20:01:35.0753 2256 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    20:01:35.0753 2256 ShellHWDetection - ok
    20:01:35.0773 2256 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    20:01:35.0783 2256 SiSRaid2 - ok
    20:01:35.0793 2256 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    20:01:35.0793 2256 SiSRaid4 - ok
    20:01:35.0813 2256 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    20:01:35.0813 2256 Smb - ok
    20:01:35.0843 2256 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    20:01:35.0853 2256 SNMPTRAP - ok
    20:01:35.0893 2256 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
    20:01:35.0913 2256 speedfan - ok
    20:01:35.0923 2256 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    20:01:35.0923 2256 spldr - ok
    20:01:35.0963 2256 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    20:01:35.0973 2256 Spooler - ok
    20:01:36.0063 2256 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    20:01:36.0103 2256 sppsvc - ok
    20:01:36.0123 2256 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    20:01:36.0123 2256 sppuinotify - ok
    20:01:36.0183 2256 [ 34F974F8B3C86DE03A30DCBE79091C97 ] sptd C:\Windows\system32\Drivers\sptd.sys
    20:01:36.0183 2256 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34F974F8B3C86DE03A30DCBE79091C97
    20:01:36.0193 2256 sptd ( LockedFile.Multi.Generic ) - warning
    20:01:36.0193 2256 sptd - detected LockedFile.Multi.Generic (1)
    20:01:36.0233 2256 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    20:01:36.0233 2256 srv - ok
    20:01:36.0273 2256 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    20:01:36.0273 2256 srv2 - ok
    20:01:36.0293 2256 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    20:01:36.0293 2256 srvnet - ok
    20:01:36.0333 2256 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
    20:01:36.0333 2256 ssadbus - ok
    20:01:36.0353 2256 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
    20:01:36.0353 2256 ssadmdfl - ok
    20:01:36.0363 2256 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
    20:01:36.0373 2256 ssadmdm - ok
    20:01:36.0383 2256 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
    20:01:36.0383 2256 ssadserd - ok
    20:01:36.0423 2256 [ F74634F46692C8315E7F37F698AF3225 ] sscebus C:\Windows\system32\DRIVERS\sscebus.sys
    20:01:36.0423 2256 sscebus - ok
    20:01:36.0443 2256 [ 82732B391EFD69B0548044BE9CB37BFC ] sscemdfl C:\Windows\system32\DRIVERS\sscemdfl.sys
    20:01:36.0443 2256 sscemdfl - ok
    20:01:36.0473 2256 [ 43D56ACE4469D90F9790E8352D87D9B5 ] sscemdm C:\Windows\system32\DRIVERS\sscemdm.sys
    20:01:36.0473 2256 sscemdm - ok
    20:01:36.0503 2256 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    20:01:36.0513 2256 SSDPSRV - ok
    20:01:36.0533 2256 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    20:01:36.0543 2256 SstpSvc - ok
    20:01:36.0573 2256 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
    20:01:36.0583 2256 ssudmdm - ok
    20:01:36.0613 2256 Steam Client Service - ok
    20:01:36.0693 2256 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    20:01:36.0693 2256 Stereo Service - ok
    20:01:36.0713 2256 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    20:01:36.0723 2256 stexstor - ok
    20:01:36.0773 2256 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    20:01:36.0783 2256 stisvc - ok
    20:01:36.0813 2256 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    20:01:36.0813 2256 swenum - ok
    20:01:36.0833 2256 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    20:01:36.0833 2256 swprv - ok
    20:01:36.0883 2256 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    20:01:36.0913 2256 SysMain - ok
    20:01:36.0933 2256 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    20:01:36.0943 2256 TabletInputService - ok
    20:01:36.0953 2256 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    20:01:36.0963 2256 TapiSrv - ok
    20:01:36.0983 2256 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    20:01:36.0993 2256 TBS - ok
    20:01:37.0023 2256 [ BB7C91D0E97AA8126212838D32DCC83C ] tclondrv C:\Windows\system32\DRIVERS\tclondrv.sys
    20:01:37.0023 2256 tclondrv - ok
    20:01:37.0093 2256 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    20:01:37.0113 2256 Tcpip - ok
    20:01:37.0143 2256 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    20:01:37.0153 2256 TCPIP6 - ok
    20:01:37.0183 2256 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    20:01:37.0183 2256 tcpipreg - ok
    20:01:37.0213 2256 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    20:01:37.0213 2256 TDPIPE - ok
    20:01:37.0249 2256 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    20:01:37.0249 2256 TDTCP - ok
    20:01:37.0264 2256 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    20:01:37.0280 2256 tdx - ok
    20:01:37.0311 2256 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    20:01:37.0311 2256 TermDD - ok
    20:01:37.0342 2256 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    20:01:37.0358 2256 TermService - ok
    20:01:37.0405 2256 [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
    20:01:37.0420 2256 TFsExDisk - ok
    20:01:37.0436 2256 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    20:01:37.0436 2256 Themes - ok
    20:01:37.0467 2256 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    20:01:37.0467 2256 THREADORDER - ok
    20:01:37.0514 2256 [ 3E24B7FE52BC455DA8D6E2CC2B4CA23F ] tifsfilter C:\Windows\system32\DRIVERS\tifsfilt.sys
    20:01:37.0514 2256 tifsfilter - ok
    20:01:37.0530 2256 [ EC4FD4D147985A97E881729E808E6F34 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
    20:01:37.0545 2256 timounter - ok
    20:01:37.0576 2256 [ 519CB7D7F697F4BA47DE05845C20F158 ] TlntSvr C:\Windows\System32\tlntsvr.exe
    20:01:37.0576 2256 TlntSvr - ok
    20:01:37.0592 2256 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    20:01:37.0592 2256 TrkWks - ok
    20:01:37.0623 2256 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    20:01:37.0639 2256 TrustedInstaller - ok
    20:01:37.0670 2256 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    20:01:37.0670 2256 tssecsrv - ok
    20:01:37.0686 2256 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    20:01:37.0686 2256 TsUsbFlt - ok
    20:01:37.0717 2256 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    20:01:37.0732 2256 tunnel - ok
    20:01:37.0748 2256 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    20:01:37.0748 2256 uagp35 - ok
    20:01:37.0779 2256 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    20:01:37.0779 2256 udfs - ok
    20:01:37.0810 2256 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    20:01:37.0810 2256 UI0Detect - ok
    20:01:37.0842 2256 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    20:01:37.0842 2256 uliagpkx - ok
    20:01:37.0888 2256 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    20:01:37.0888 2256 umbus - ok
    20:01:37.0920 2256 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    20:01:37.0920 2256 UmPass - ok
    20:01:37.0935 2256 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    20:01:37.0951 2256 upnphost - ok
    20:01:37.0951 2256 upperdev - ok
    20:01:38.0013 2256 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    20:01:38.0013 2256 USBAAPL64 - ok
    20:01:38.0060 2256 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    20:01:38.0060 2256 usbccgp - ok
    20:01:38.0091 2256 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    20:01:38.0091 2256 usbcir - ok
    20:01:38.0107 2256 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    20:01:38.0107 2256 usbehci - ok
    20:01:38.0138 2256 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    20:01:38.0138 2256 usbhub - ok
    20:01:38.0154 2256 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    20:01:38.0154 2256 usbohci - ok
    20:01:38.0185 2256 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    20:01:38.0185 2256 usbprint - ok
    20:01:38.0216 2256 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    20:01:38.0216 2256 usbscan - ok
    20:01:38.0232 2256 UsbserFilt - ok
    20:01:38.0247 2256 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    20:01:38.0247 2256 USBSTOR - ok
    20:01:38.0247 2256 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    20:01:38.0263 2256 usbuhci - ok
    20:01:38.0263 2256 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    20:01:38.0263 2256 UxSms - ok
    20:01:38.0278 2256 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    20:01:38.0278 2256 VaultSvc - ok
    20:01:38.0278 2256 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    20:01:38.0278 2256 vdrvroot - ok
    20:01:38.0325 2256 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    20:01:38.0325 2256 vds - ok
    20:01:38.0341 2256 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    20:01:38.0341 2256 vga - ok
    20:01:38.0372 2256 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    20:01:38.0372 2256 VgaSave - ok
    20:01:38.0388 2256 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    20:01:38.0388 2256 vhdmp - ok
    20:01:38.0419 2256 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    20:01:38.0419 2256 viaide - ok
    20:01:38.0434 2256 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    20:01:38.0434 2256 volmgr - ok
    20:01:38.0466 2256 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    20:01:38.0466 2256 volmgrx - ok
    20:01:38.0481 2256 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    20:01:38.0497 2256 volsnap - ok
    20:01:38.0512 2256 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    20:01:38.0512 2256 vsmraid - ok
    20:01:38.0559 2256 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    20:01:38.0575 2256 VSS - ok
    20:01:38.0590 2256 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    20:01:38.0606 2256 vwifibus - ok
    20:01:38.0622 2256 [ 6A3D66263414FF0D6FA754C646612F3F ] VWiFiFlt C:\Windows\system32\DRIVERS\vwififlt.sys
    20:01:38.0622 2256 VWiFiFlt - ok
    20:01:38.0637 2256 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    20:01:38.0637 2256 vwifimp - ok
    20:01:38.0653 2256 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    20:01:38.0668 2256 W32Time - ok
    20:01:38.0684 2256 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    20:01:38.0684 2256 WacomPen - ok
    20:01:38.0715 2256 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    20:01:38.0715 2256 WANARP - ok
    20:01:38.0715 2256 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    20:01:38.0731 2256 Wanarpv6 - ok
    20:01:38.0778 2256 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    20:01:38.0793 2256 WatAdminSvc - ok
    20:01:38.0844 2256 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    20:01:38.0854 2256 wbengine - ok
    20:01:38.0874 2256 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    20:01:38.0874 2256 WbioSrvc - ok
    20:01:38.0904 2256 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
    20:01:38.0914 2256 WcesComm - ok
    20:01:38.0944 2256 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    20:01:38.0944 2256 wcncsvc - ok
    20:01:38.0954 2256 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    20:01:38.0964 2256 WcsPlugInService - ok
    20:01:38.0974 2256 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    20:01:38.0974 2256 Wd - ok
    20:01:38.0994 2256 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    20:01:39.0004 2256 Wdf01000 - ok
    20:01:39.0024 2256 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    20:01:39.0024 2256 WdiServiceHost - ok
    20:01:39.0044 2256 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    20:01:39.0044 2256 WdiSystemHost - ok
    20:01:39.0074 2256 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    20:01:39.0074 2256 WebClient - ok
    20:01:39.0124 2256 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    20:01:39.0124 2256 Wecsvc - ok
    20:01:39.0144 2256 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    20:01:39.0154 2256 wercplsupport - ok
    20:01:39.0204 2256 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    20:01:39.0214 2256 WerSvc - ok
    20:01:39.0234 2256 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    20:01:39.0234 2256 WfpLwf - ok
    20:01:39.0264 2256 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    20:01:39.0264 2256 WIMMount - ok
    20:01:39.0294 2256 WinDefend - ok
    20:01:39.0304 2256 WinHttpAutoProxySvc - ok
    20:01:39.0354 2256 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    20:01:39.0364 2256 Winmgmt - ok
    20:01:39.0464 2256 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
    20:01:39.0464 2256 WinRing0_1_2_0 - ok
    20:01:39.0514 2256 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    20:01:39.0544 2256 WinRM - ok
    20:01:39.0594 2256 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    20:01:39.0594 2256 WinUsb - ok
    20:01:39.0644 2256 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    20:01:39.0664 2256 Wlansvc - ok
    20:01:39.0774 2256 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    20:01:39.0804 2256 wlidsvc - ok
    20:01:39.0834 2256 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    20:01:39.0834 2256 WmiAcpi - ok
    20:01:39.0844 2256 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    20:01:39.0854 2256 wmiApSrv - ok
    20:01:39.0864 2256 WMPNetworkSvc - ok
    20:01:39.0934 2256 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
    20:01:39.0934 2256 WMZuneComm - ok
    20:01:39.0964 2256 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    20:01:39.0974 2256 WPCSvc - ok
    20:01:40.0004 2256 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    20:01:40.0004 2256 WPDBusEnum - ok
    20:01:40.0024 2256 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    20:01:40.0024 2256 ws2ifsl - ok
    20:01:40.0064 2256 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(1) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
    20:01:40.0074 2256 WsAudio_DeviceS(1) - ok
    20:01:40.0094 2256 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(2) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
    20:01:40.0104 2256 WsAudio_DeviceS(2) - ok
    20:01:40.0104 2256 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(3) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
    20:01:40.0114 2256 WsAudio_DeviceS(3) - ok
    20:01:40.0124 2256 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(4) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
    20:01:40.0124 2256 WsAudio_DeviceS(4) - ok
    20:01:40.0144 2256 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(5) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
    20:01:40.0144 2256 WsAudio_DeviceS(5) - ok
    20:01:40.0154 2256 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    20:01:40.0154 2256 wscsvc - ok
    20:01:40.0164 2256 WSearch - ok
    20:01:40.0214 2256 [ D0697918519A4CF059C2C7E3B9E93A53 ] WSWNA3100 C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
    20:01:40.0214 2256 WSWNA3100 - ok
    20:01:40.0274 2256 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    20:01:40.0304 2256 wuauserv - ok
    20:01:40.0324 2256 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    20:01:40.0334 2256 WudfPf - ok
    20:01:40.0354 2256 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    20:01:40.0364 2256 WUDFRd - ok
    20:01:40.0394 2256 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    20:01:40.0404 2256 wudfsvc - ok
    20:01:40.0424 2256 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    20:01:40.0424 2256 WwanSvc - ok
    20:01:40.0564 2256 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
    20:01:40.0634 2256 ZuneNetworkSvc - ok
    20:01:40.0694 2256 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
    20:01:40.0704 2256 ZuneWlanCfgSvc - ok
    20:01:40.0814 2256 ================ Scan global ===============================
    20:01:40.0844 2256 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    20:01:40.0864 2256 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    20:01:40.0874 2256 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    20:01:40.0914 2256 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    20:01:40.0934 2256 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    20:01:40.0944 2256 [Global] - ok
    20:01:40.0944 2256 ================ Scan MBR ==================================
    20:01:40.0944 2256 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    20:01:41.0084 2256 \Device\Harddisk0\DR0 - ok
    20:01:41.0084 2256 ================ Scan VBR ==================================
    20:01:41.0084 2256 [ C1DA1EE85E0E539223163E2F4B986086 ] \Device\Harddisk0\DR0\Partition1
    20:01:41.0084 2256 \Device\Harddisk0\DR0\Partition1 - ok
    20:01:41.0114 2256 [ 6901E0D7EAEAD1E22A0EB455B5FBE2EC ] \Device\Harddisk0\DR0\Partition2
    20:01:41.0114 2256 \Device\Harddisk0\DR0\Partition2 - ok
    20:01:41.0114 2256 ============================================================
    20:01:41.0114 2256 Scan finished
    20:01:41.0114 2256 ============================================================
    20:01:41.0124 2140 Detected object count: 1
    20:01:41.0124 2140 Actual detected object count: 1
    20:01:57.0096 2140 sptd ( LockedFile.Multi.Generic ) - skipped by user
    20:01:57.0096 2140 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    21:06:32.0329 4800 Deinitialize success
  8. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    RogueKiller V8.2.1 [10/29/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Nunn [Admin rights]
    Mode : Remove -- Date : 10/31/2012 21:09:41

    ¤¤¤ Bad processes : 4 ¤¤¤
    [SUSP PATH] browsermngr.exe -- C:\ProgramData\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe -> KILLED [TermProc]
    [SUSP PATH] browsermngr.exe -- C:\ProgramData\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe -> KILLED [TermProc]
    [RESIDUE] browsermngr.exe -- C:\ProgramData\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe -> KILLED [TermProc]
    [RESIDUE] browsermngr.exe -- C:\ProgramData\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤
  9. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    Thank you for taking the time to help me out with this, after I (with your help) finish cleaning up my pc can you in laymans terms explain what was wrong/faulty with my machine.

    I'm doing a aswMBR scan now...

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-31 23:25:32
    -----------------------------
    23:25:32.919 OS Version: Windows x64 6.1.7601 Service Pack 1
    23:25:32.919 Number of processors: 4 586 0x1E05
    23:25:32.919 ComputerName: NUNN-PC UserName: Nunn
    23:25:33.709 Initialize success
    23:27:29.766 AVAST engine defs: 12103100
    23:28:39.815 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-6
    23:28:39.815 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
    23:28:39.835 Disk 0 MBR read successfully
    23:28:39.835 Disk 0 MBR scan
    23:28:39.855 Disk 0 Windows 7 default MBR code
    23:28:39.855 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 313 MB offset 63
    23:28:39.905 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953553 MB offset 642600
    23:28:39.975 Disk 0 scanning C:\Windows\system32\drivers
    23:28:53.928 Service scanning
    23:29:21.441 Modules scanning
    23:29:21.441 Disk 0 trace - called modules:
    23:29:21.473 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800400f2c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    23:29:21.473 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004783060]
    23:29:21.488 3 CLASSPNP.SYS[fffff88001bcf43f] -> nt!IofCallDriver -> [0xfffffa8004143e40]
    23:29:21.488 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-6[0xfffffa8004153060]
    23:29:21.504 \Driver\atapi[0xfffffa800413c060] -> IRP_MJ_CREATE -> 0xfffffa800400f2c0
    23:29:22.362 AVAST engine scan C:\Windows
    23:29:29.848 AVAST engine scan C:\Windows\system32
    23:32:53.831 AVAST engine scan C:\Windows\system32\drivers
    23:33:11.189 AVAST engine scan C:\Users\Nunn
    23:41:32.112 Disk 0 MBR has been saved successfully to "C:\Users\Nunn\Desktop\MBR.dat"
    23:41:32.172 The log file has been saved successfully to "C:\Users\Nunn\Desktop\aswMBR.txt"
  10. Broni

    Broni Malware Annihilator Posts: 45,158   +242

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    =================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  11. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    ComboFix 12-10-31.03 - Nunn 01/11/2012 20:34:50.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4091.2659 [GMT 8:00]
    Running from: c:\users\Nunn\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Nunn\AppData\Roaming\Microsoft\Windows\Recent\Batman Arkham Asylum GOTY Edition.url
    c:\windows\security\Database\tmp.edb
    c:\windows\SysWow64\d2d1debug1.dll
    c:\windows\SysWow64\muzapp.exe
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\pthreadVC.dll
    c:\windows\SysWow64\readme.rtf
    c:\windows\SysWow64\System32\MASetupCleaner.exe
    c:\windows\SysWow64\System32\muzapp.exe
    c:\windows\SysWow64\tmp46E0.tmp
    c:\windows\SysWow64\tmp46E1.tmp
    c:\windows\SysWow64\tmpD171.tmp
    c:\windows\SysWow64\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-31 23:45 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE168A3A-27DF-4289-94BE-9F11E85EA374}\mpengine.dll
    2012-10-30 15:38 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-10-21 11:37 . 2012-10-21 11:37 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-10-20 11:49 . 2012-10-03 10:45 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2AABB5B3-B498-4430-80CD-8771973838F0}\gapaengine.dll
    2012-10-14 12:09 . 2012-10-28 13:01 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
    2012-10-14 12:09 . 2012-10-28 13:01 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
    2012-10-11 15:07 . 2012-10-11 15:07 98 ----a-w- C:\user.js
    2012-10-11 15:06 . 2012-10-11 15:06 -------- d-----w- c:\programdata\Browser Manager
    2012-10-07 13:48 . 2012-10-14 14:37 -------- d-----w- c:\program files (x86)\SpeedFan
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-14 13:23 . 2012-09-16 23:30 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-10-14 13:23 . 2012-09-16 15:00 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-10-14 13:22 . 2012-09-16 15:00 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-10-10 16:11 . 2010-01-19 05:28 65309168 ----a-w- c:\windows\system32\MRT.exe
    2012-10-09 11:48 . 2012-04-06 00:54 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-09 11:48 . 2011-08-27 00:38 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-03 10:45 . 2011-03-27 08:42 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-09-29 11:54 . 2010-07-17 13:57 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-24 07:32 . 2012-09-02 11:15 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-09-24 07:32 . 2010-06-13 08:26 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-09-21 12:03 . 2012-09-16 15:00 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-09-21 00:08 . 2012-09-21 11:04 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
    2012-08-30 14:03 . 2012-08-30 14:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-08-30 14:03 . 2010-10-24 13:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-08-24 18:05 . 2012-09-22 10:19 1188864 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 18:05 . 2012-09-22 10:19 1494528 ----a-w- c:\windows\system32\urlmon.dll
    2012-08-24 18:05 . 2012-09-22 10:18 134144 ----a-w- c:\windows\system32\url.dll
    2012-08-24 18:03 . 2012-09-22 10:19 9056256 ----a-w- c:\windows\system32\mshtml.dll
    2012-08-24 18:03 . 2012-09-22 10:18 97792 ----a-w- c:\windows\system32\mshtmled.dll
    2012-08-24 18:03 . 2012-09-22 10:19 735744 ----a-w- c:\windows\system32\msfeeds.dll
    2012-08-24 18:03 . 2012-09-22 10:18 64512 ----a-w- c:\windows\system32\jsproxy.dll
    2012-08-24 18:02 . 2012-09-22 10:18 247808 ----a-w- c:\windows\system32\ieui.dll
    2012-08-24 18:02 . 2012-09-22 10:19 12295680 ----a-w- c:\windows\system32\ieframe.dll
    2012-08-24 18:02 . 2012-09-22 10:18 2453504 ----a-w- c:\windows\system32\iertutil.dll
    2012-08-24 16:57 . 2012-09-22 10:19 981504 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-08-24 15:59 . 2012-09-22 10:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-24 15:20 . 2012-09-22 10:18 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-08-22 18:12 . 2012-09-12 02:15 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 02:15 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-12 02:15 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 02:15 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01 . 2012-09-27 00:41 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-08-21 05:01 . 2012-09-19 11:18 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-08-21 05:01 . 2012-07-06 14:55 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
    2012-08-21 05:01 . 2012-07-06 14:55 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2012-08-20 17:38 . 2012-10-10 14:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2010-07-29 00:50 . 2010-07-30 12:50 44 ---h--w- c:\program files (x86)\b7629276.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
    "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-02-03 3508624]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~3\browse~1\23759~1.138\{61d8b~1\browse~1.dll c:\progra~3\browse~1\23759~1.138\{61d8b~1\browsermngr.dll
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-03 136176]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 36328]
    R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-07-27 1918976]
    R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2011-04-19 1254464]
    R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
    R3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;c:\program files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-02-09 137728]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-03 136176]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-28 115168]
    R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-12-08 146920]
    R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2011-12-08 127488]
    R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2011-12-08 18944]
    R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2011-12-08 161280]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]
    R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-10 1255736]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-10-31 14544]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R4 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-08-26 285152]
    S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-02-13 503352]
    S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys [2011-10-19 26856]
    S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
    S2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe [2012-09-28 2200096]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-14 382272]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
    S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]
    S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-12-19 29288]
    S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-12-19 29288]
    S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-12-19 29288]
    S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-12-19 29288]
    S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-12-19 29288]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 11:48]
    .
    2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-03 09:13]
    .
    2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-03 09:13]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
    "IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
    "IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.claro-search.com/?affID=114508&tt=4112_4&babsrc=HP_clro&mntrId=c03f7e4b00000000000000241dde791b
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 10.0.0.138
    FF - ProfilePath - c:\users\Nunn\AppData\Roaming\Mozilla\Firefox\Profiles\9r8lat5j.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - www.google.com.au
    FF - ExtSQL: 2012-09-02 19:15; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.claro.id, c03f7e4b00000000000000241dde791b
    FF - user.js: extensions.claro.instlDay - 15624
    FF - user.js: extensions.claro.vrsn - 1.6.4.1
    FF - user.js: extensions.claro.vrsni - 1.6.4.1
    FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.123:07
    FF - user.js: extensions.claro.prtnrId - claro
    FF - user.js: extensions.claro.prdct - claro
    FF - user.js: extensions.claro.aflt - babsst
    FF - user.js: extensions.claro_i.smplGrp - none
    FF - user.js: extensions.claro.tlbrId - claro
    FF - user.js: extensions.claro.instlRef - sst
    FF - user.js: extensions.claro.dfltLng - en
    FF - user.js: extensions.claro.excTlbr - false
    FF - user.js: extensions.claro.admin - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
    Wow6432Node-HKLM-Run-NPSStartup - (no file)
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,9b,cc,69,30,54,b3,40,88,b2,7e,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,9b,cc,69,30,54,b3,40,88,b2,7e,\
    .
    [HKEY_USERS\S-1-5-21-1673626267-40826026-1453921036-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-1673626267-40826026-1453921036-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-1673626267-40826026-1453921036-1000\Software\SecuROM\License information*]
    "datasecu"=hex:af,cf,25,19,f4,68,fd,d0,81,39,4b,fe,36,40,16,43,21,a5,0e,09,5e,
    b8,6f,db,2a,dd,f9,9a,8f,58,52,42,91,54,a1,00,1a,31,d2,a1,ea,3b,72,a4,cc,2a,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\schtasks.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    .
    **************************************************************************
    .
    Completion time: 2012-11-01 20:47:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-11-01 12:47
    .
    Pre-Run: 726,312,886,272 bytes free
    Post-Run: 725,525,704,704 bytes free
    .
    - - End Of File - - 7BEF6D8F1DE7D477417B61E375357BF9
  12. Broni

    Broni Malware Annihilator Posts: 45,158   +242

    Looks good.

    See if you can install MBAM now.
    If so, run it and post its log.
  13. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    Hello Broni, thank you for your very knowledgeable support so far.

    MBAM still will not install. There is an older version already on the system....somewhere. I need to "try" and remove and see how it goes from there.
     
  14. Broni

    Broni Malware Annihilator Posts: 45,158   +242

    1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
    2. Restart your computer (very important).
    3. Download and run this utility.
    4. It will ask to restart your computer (please allow it to).
    5. After the computer restarts, install the latest version from here.
  15. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    Small odd problem, the Malwarebytes that appeared in CCleaner (not now though) now is only appearing in Program Data not Program Files. So I could not use Add/Remove Programs to uninstall.

    Should I just go ahead and delete all remnants of the old Malwarebytes ?

    Mini update, I removed all old downloaded mbam installers. Downloaded a fresh one and voila it installled, performing scan now
  16. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.02.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Nunn :: NUNN-PC [administrator]

    2/11/2012 10:09:37 PM
    mbam-log-2012-11-02 (23-09-11).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 452858
    Time elapsed: 59 minute(s), 7 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Nunn\Downloads\7zip_installer_1650.exe (PUP.BundleOffers.IIQ) -> No action taken.

    (end)
  17. Broni

    Broni Malware Annihilator Posts: 45,158   +242

    Your log says "No action taken".
    Re-run MBAM, fix all issues and post new log.

    Any current problems?

    =============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  18. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.02.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Nunn :: NUNN-PC [administrator]

    3/11/2012 7:28:59 PM
    mbam-log-2012-11-03 (19-28-59).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 452839
    Time elapsed: 1 hour(s), 13 minute(s), 55 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Nunn\Downloads\7zip_installer_1650.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

    (end)
  19. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    OTL logfile created on: 3/11/2012 8:59:11 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nunn\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    4.00 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 56.17% Memory free
    7.99 Gb Paging File | 6.16 Gb Available in Paging File | 77.08% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.20 Gb Total Space | 676.32 Gb Free Space | 72.63% Space Free | Partition Type: NTFS

    Computer Name: NUNN-PC | User Name: Nunn | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/03 20:50:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nunn\Desktop\OTL.exe
    PRC - [2012/10/28 21:01:23 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/10/24 20:15:15 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2012/10/09 19:48:29 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
    PRC - [2012/09/28 20:27:36 | 002,200,096 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
    PRC - [2012/09/21 20:03:27 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012/08/04 22:13:34 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
    PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/02/03 16:50:18 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2009/08/04 17:29:54 | 000,219,360 | -H-- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    PRC - [2009/08/04 17:29:52 | 000,346,320 | -H-- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/10/28 21:01:14 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/10/24 20:15:14 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2012/10/24 20:15:11 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2012/10/24 20:15:09 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
    MOD - [2012/10/24 20:15:07 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
    MOD - [2012/10/24 20:15:04 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
    MOD - [2012/10/09 19:48:29 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    MOD - [2012/09/28 20:27:36 | 002,200,096 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
    MOD - [2012/09/28 20:27:04 | 002,105,376 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll
    MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2009/07/30 18:15:32 | 000,503,202 | -H-- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
    SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/14 09:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
    SRV - [2012/10/28 21:01:23 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/24 20:15:15 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/10/09 22:29:45 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
    SRV - [2012/10/09 19:48:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/28 20:27:36 | 002,200,096 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe -- (Browser Manager)
    SRV - [2012/09/21 20:03:27 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/05/15 18:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/02/09 20:05:56 | 000,137,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
    SRV - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/08/04 17:29:54 | 000,219,360 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
    SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/30 13:32:08 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
    DRV:64bit: - [2012/07/30 13:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV:64bit: - [2012/06/26 21:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/04/19 01:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/14 07:46:50 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
    DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
    DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
    DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
    DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
    DRV:64bit: - [2011/12/08 12:22:40 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm)
    DRV:64bit: - [2011/12/08 12:22:40 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus)
    DRV:64bit: - [2011/12/08 12:22:40 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl)
    DRV:64bit: - [2011/12/08 12:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
    DRV:64bit: - [2011/12/08 12:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
    DRV:64bit: - [2011/12/08 12:22:28 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
    DRV:64bit: - [2011/12/08 12:22:28 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
    DRV:64bit: - [2011/12/08 12:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
    DRV:64bit: - [2011/10/19 09:00:00 | 000,026,856 | ---- | M] (TuneClone Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tclondrv.sys -- (tclondrv)
    DRV:64bit: - [2011/09/21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
    DRV:64bit: - [2011/06/26 21:25:34 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
    DRV:64bit: - [2011/06/26 21:25:34 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
    DRV:64bit: - [2011/04/19 09:52:20 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
    DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/07/28 05:01:42 | 001,918,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
    DRV:64bit: - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
    DRV:64bit: - [2009/08/13 16:10:42 | 000,112,240 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
    DRV:64bit: - [2009/08/13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
    DRV:64bit: - [2009/07/30 19:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 08:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
    DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/03/27 01:23:54 | 000,019,432 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
    DRV:64bit: - [2007/01/19 18:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
    DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
    DRV - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
    DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1673626267-40826026-1453921036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-search.com/?affID=..._clro&mntrId=c03f7e4b00000000000000241dde791b
    IE - HKU\S-1-5-21-1673626267-40826026-1453921036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.claro-search.com/?affID=..._clro&mntrId=c03f7e4b00000000000000241dde791b
    IE - HKU\S-1-5-21-1673626267-40826026-1453921036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
    IE - HKU\S-1-5-21-1673626267-40826026-1453921036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 24 A0 FD 59 B2 CA 01 [binary data]
    IE - HKU\S-1-5-21-1673626267-40826026-1453921036-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
    IE - HKU\S-1-5-21-1673626267-40826026-1453921036-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-1673626267-40826026-1453921036-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-1673626267-40826026-1453921036-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1673626267-40826026-1453921036-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={sea..._clro&mntrId=c03f7e4b00000000000000241dde791b
    IE - HKU\S-1-5-21-1673626267-40826026-1453921036-1000\..\SearchScopes\{1944CB04-163A-4d81-9F9D-BF3C62263F26}: "URL" = http://www.google.com/cse?cx=partne...me?cx=partner-pub-3794288947762788:4067623346
    IE - HKU\S-1-5-21-1673626267-40826026-1453921036-1000\..\SearchScopes\{5431D359-5946-4f37-BBDB-85A687C9119F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
    IE - HKU\S-1-5-21-1673626267-40826026-1453921036-1000\..\SearchScopes\{E53D1580-1808-4b05-A320-EC7003F27CD3}: "URL" = http://au.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
    IE - HKU\S-1-5-21-1673626267-40826026-1453921036-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Claro Search"
    FF - prefs.js..browser.search.order.1: "Claro Search"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "about:home"
    FF - prefs.js..extensions.enabledAddons: UnsortedBookmarksMenu@alice:2.3.2
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
    FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6
    FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
    FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.6
    FF - prefs.js..keyword.URL: "www.google.com.au"


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\Mammoth.com.au/BigPondMediaDownloader,version=1.0.0: C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll (Mammoth Media)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\mammothmedia.com.au/BigPondMediaDownloaderDetector: C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll (Mammoth Media)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/28 21:01:24 | 000,000,000 | -H-D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/19 19:12:40 | 000,000,000 | -H-D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012/10/11 23:06:45 | 000,000,000 | ---D | M]

    [2010/01/20 23:57:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nunn\AppData\Roaming\Mozilla\Extensions
    [2012/11/03 20:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nunn\AppData\Roaming\Mozilla\Firefox\Profiles\9r8lat5j.default\extensions
    [2012/11/03 20:54:02 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Nunn\AppData\Roaming\Mozilla\Firefox\Profiles\9r8lat5j.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2012/10/12 23:23:23 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Users\Nunn\AppData\Roaming\Mozilla\Firefox\Profiles\9r8lat5j.default\extensions\djziggy@gmail.com
    [2010/11/23 19:01:16 | 000,000,000 | ---D | M] (RedShift V3.6) -- C:\Users\Nunn\AppData\Roaming\Mozilla\Firefox\Profiles\9r8lat5j.default\extensions\redshift_V2@shift-themes.com
    [2012/09/18 20:46:21 | 000,745,618 | ---- | M] () (No name found) -- C:\Users\Nunn\AppData\Roaming\Mozilla\Firefox\Profiles\9r8lat5j.default\extensions\redshift_V4@shift-themes.com.xpi
    [2012/04/28 18:52:10 | 000,007,240 | ---- | M] () (No name found) -- C:\Users\Nunn\AppData\Roaming\Mozilla\Firefox\Profiles\9r8lat5j.default\extensions\UnsortedBookmarksMenu@alice.xpi
    [2012/11/03 20:29:36 | 000,530,388 | ---- | M] () (No name found) -- C:\Users\Nunn\AppData\Roaming\Mozilla\Firefox\Profiles\9r8lat5j.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2012/10/21 19:37:01 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/09/02 19:15:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012/10/21 19:37:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2012/10/28 21:01:23 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/09 12:49:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/10/14 20:08:51 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google ()
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/

    O1 HOSTS File: ([2012/11/01 20:42:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
    O3 - HKU\S-1-5-21-1673626267-40826026-1453921036-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
    O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKU\S-1-5-21-1673626267-40826026-1453921036-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1673626267-40826026-1453921036-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1673626267-40826026-1453921036-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{881529C7-8E85-40DB-857A-94BC3D57BE55}: DhcpNameServer = 10.0.0.138
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E0A8F1E-79F9-4CC8-9E15-680A84ADBAA0}: DhcpNameServer = 10.0.0.138
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E86EEC0D-8926-45EA-91D7-B2BD16F4A136}: DhcpNameServer = 10.0.0.138
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\gopher - No CLSID value found
    O20 - AppInit_DLLs: (c:\progra~3\browse~1\23759~1.138\{61d8b~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
    O20 - AppInit_DLLs: (c:\progra~3\browse~1\23759~1.138\{61d8b~1\browsermngr.dll) - c:\ProgramData\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/03 20:49:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nunn\Desktop\OTL.exe
    [2012/11/02 22:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/11/02 22:08:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/11/01 20:47:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/11/01 20:42:52 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/11/01 20:32:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/01 20:32:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/01 20:32:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/01 20:31:58 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/01 20:31:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/31 21:08:04 | 000,000,000 | ---D | C] -- C:\Users\Nunn\Desktop\RK_Quarantine
    [2012/10/30 08:12:35 | 004,991,994 | R--- | C] (Swearware) -- C:\Users\Nunn\Desktop\ComboFix.exe
    [2012/10/30 08:07:12 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Nunn\Desktop\aswMBR.exe
    [2012/10/30 08:03:29 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\Nunn\Desktop\dds.com
    [2012/10/21 19:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/10/15 22:03:40 | 000,000,000 | ---D | C] -- C:\Users\Nunn\Desktop\loandocs
    [2012/10/15 13:12:24 | 000,000,000 | ---D | C] -- C:\Users\Nunn\Documents\Notes
    [2012/10/12 17:27:22 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nunn\Desktop\TDSSKiller.exe
    [2012/10/11 23:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
    [2012/10/11 23:06:42 | 000,000,000 | ---D | C] -- C:\Users\Nunn\Documents\Euro Truck Simulator
    [2012/10/07 21:49:01 | 000,000,000 | ---D | C] -- C:\Users\Nunn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
    [2012/10/07 21:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
    [2012/10/07 21:48:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/11/03 20:59:56 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/03 20:59:56 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/03 20:59:17 | 004,253,204 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/11/03 20:59:17 | 001,901,076 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/11/03 20:59:17 | 000,006,222 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/11/03 20:52:45 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/03 20:52:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/03 20:52:22 | 3217,678,336 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/03 20:50:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nunn\Desktop\OTL.exe
    [2012/11/03 20:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/11/03 20:19:19 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/02 22:08:34 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/01 23:33:43 | 000,016,210 | ---- | M] () -- C:\Users\Nunn\Documents\cc_20121101_233337.reg
    [2012/11/01 20:42:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/11/01 20:27:36 | 004,991,994 | R--- | M] (Swearware) -- C:\Users\Nunn\Desktop\ComboFix.exe
    [2012/10/31 23:41:32 | 000,000,512 | ---- | M] () -- C:\Users\Nunn\Desktop\MBR.dat
    [2012/10/31 20:00:33 | 001,584,640 | ---- | M] () -- C:\Users\Nunn\Desktop\RogueKiller.exe
    [2012/10/31 19:59:05 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nunn\Desktop\TDSSKiller.exe
    [2012/10/30 08:10:55 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Nunn\Desktop\boot_cleaner.exe
    [2012/10/30 08:07:35 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Nunn\Desktop\aswMBR.exe
    [2012/10/30 08:03:38 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\Nunn\Desktop\dds.com
    [2012/10/30 08:02:08 | 000,302,592 | ---- | M] () -- C:\Users\Nunn\Desktop\gmer.exe
    [2012/10/28 21:01:25 | 000,002,044 | ---- | M] () -- C:\Users\Nunn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/10/15 15:58:12 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
    [2012/10/15 15:51:28 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/10/15 15:49:56 | 000,001,806 | ---- | M] () -- C:\Users\Nunn\Desktop\HP PSC 750 - Shortcut.lnk
    [2012/10/14 21:23:16 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2012/10/14 21:23:16 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/10/14 21:22:56 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
    [2012/10/11 23:07:12 | 000,000,098 | ---- | M] () -- C:\user.js
    [2012/10/07 21:49:01 | 000,001,007 | ---- | M] () -- C:\Users\Nunn\Desktop\SpeedFan.lnk
    [2012/10/07 21:48:59 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/11/02 22:08:34 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/01 23:33:38 | 000,016,210 | ---- | C] () -- C:\Users\Nunn\Documents\cc_20121101_233337.reg
    [2012/11/01 20:32:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/01 20:32:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/01 20:32:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/01 20:32:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/01 20:32:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/31 23:41:32 | 000,000,512 | ---- | C] () -- C:\Users\Nunn\Desktop\MBR.dat
    [2012/10/31 20:00:31 | 001,584,640 | ---- | C] () -- C:\Users\Nunn\Desktop\RogueKiller.exe
    [2012/10/15 15:49:56 | 000,001,806 | ---- | C] () -- C:\Users\Nunn\Desktop\HP PSC 750 - Shortcut.lnk
    [2012/10/11 23:07:12 | 000,000,098 | ---- | C] () -- C:\user.js
    [2012/10/07 21:49:01 | 000,001,007 | ---- | C] () -- C:\Users\Nunn\Desktop\SpeedFan.lnk
    [2012/10/07 21:48:58 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
    [2012/09/21 19:04:10 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
    [2012/09/16 23:00:29 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/09/16 23:00:27 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012/06/23 21:51:35 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
    [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2012/03/17 15:11:33 | 001,056,173 | ---- | C] () -- C:\Users\Nunn\Twisty1.wings
    [2012/02/22 07:53:30 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\IS_ContextMenu.dll
    [2011/11/29 16:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2011/11/29 16:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
    [2011/11/29 16:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2011/11/29 16:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2011/11/29 16:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
    [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/02/01 21:30:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/01/29 12:34:40 | 000,006,428 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/07/07 19:55:53 | 000,000,857 | ---- | C] () -- C:\Users\Nunn\.recently-used.xbel
    [2010/06/19 17:39:06 | 000,005,120 | ---- | C] () -- C:\Users\Nunn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/01/27 19:11:38 | 000,007,598 | ---- | C] () -- C:\Users\Nunn\AppData\Local\Resmon.ResmonCfg

    ========== ZeroAccess Check ==========

    [2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 13:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/09/16 22:03:30 | 000,000,000 | ---D | M] -- C:\Users\Nunn\AppData\Roaming\Audacity
    [2012/08/26 00:14:05 | 000,000,000 | ---D | M] -- C:\Users\Nunn\AppData\Roaming\Awesomium
    [2012/03/13 18:17:48 | 000,000,000 | ---D | M] -- C:\Users\Nunn\AppData\Roaming\Blender Foundation
    [2012/06/04 14:24:50 | 000,000,000 | ---D | M] -- C:\Users\Nunn\AppData\Roaming\Canon
    [2012/01/22 20:34:45 | 000,000,000 | ---D | M] -- C:\Users\Nunn\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2012/03/06 08:00:39 | 000,000,000 | ---D | M] -- C:\Users\Nunn\AppData\Roaming\EndNote
    [2011/04/14 19:59:49 | 000,000,000 | ---D | M] -- C:\Users\Nunn\AppData\Roaming\FreeAudioPack
    [2012/02/22 22:44:00 | 000,000,000 | ---D | M] -- C:\Users\Nunn\AppData\Roaming\GetRightToGo
    [2010/07/07 19:55:53 | 000,000,000 | ---D | M] -- C:\Users\Nunn\AppData\Roaming\gtk-2.0
    [2012/02/22 07:54:20 | 000,000,000 | ---D | M] -- C:\Users\Nunn\AppData\Roaming\iSkysoft Video Converter Ultimate
    [2010/05/03 23:12:53 | 000,000,000 | ---D | M] -- C:\Users\Nunn\AppData\Roaming\Nokia
    [2010/05/03 23:12:54 | 000,000,000 | ---D | M] -- C:\Users\Nunn\AppData\Roaming\Nokia Ovi Suite
    [2010/07/09 17:30:33 | 000,000,000 | ---D | M] -- C:\Users\Nunn\AppData\Roaming\OpenOffice.org
    [2012/09/16 21:27:21 | 000,000,000 | ---D | M] -- C:\Users\Nunn\AppData\Roaming\Origin
    [2010/05/02 15:48:54 | 000,000,000 | ---D | M] -- C:\Users\Nunn\AppData\Roaming\PC Suite
    [2012/01/02 00:30:16 | 000,000,000 | ---D | M] -- C:\Users\Nunn\AppData\Roaming\Samsung
    [2010/04/21 21:38:25 | 000,000,000 | ---D | M] -- C:\Users\Nunn\AppData\Roaming\SecondLife
    [2010/01/30 10:55:52 | 000,000,000 | ---D | M] -- C:\Users\Nunn\AppData\Roaming\Subversion
    [2012/07/13 19:41:23 | 000,000,000 | ---D | M] -- C:\Users\Nunn\AppData\Roaming\SYSTEMAX Software Development
    [2011/02/02 00:24:52 | 000,000,000 | ---D | M] -- C:\Users\Nunn\AppData\Roaming\Windows Live Writer
    [2012/03/14 22:11:33 | 000,000,000 | ---D | M] -- C:\Users\Nunn\AppData\Roaming\Wings3D
    [2009/06/02 20:26:50 | 000,000,000 | ---D | M] -- C:\Users\ONES4PC\AppData\Roaming\Nokia
    [2009/05/26 18:48:40 | 000,000,000 | ---D | M] -- C:\Users\ONES4PC\AppData\Roaming\OpenOffice.org
    [2009/06/02 20:26:58 | 000,000,000 | ---D | M] -- C:\Users\ONES4PC\AppData\Roaming\PC Suite
    [2009/11/25 21:02:21 | 000,000,000 | ---D | M] -- C:\Users\ONES4PC\AppData\Roaming\Publish Providers
    [2009/04/06 23:26:31 | 000,000,000 | ---D | M] -- C:\Users\ONES4PC\AppData\Roaming\ScanSoft
    [2009/09/11 22:04:41 | 000,000,000 | ---D | M] -- C:\Users\ONES4PC\AppData\Roaming\SecondLife
    [2009/07/15 22:16:34 | 000,000,000 | ---D | M] -- C:\Users\ONES4PC\AppData\Roaming\SmartDraw
    [2009/11/25 21:04:21 | 000,000,000 | ---D | M] -- C:\Users\ONES4PC\AppData\Roaming\Sony
    [2009/12/31 11:51:33 | 000,000,000 | ---D | M] -- C:\Users\ONES4PC\AppData\Roaming\Subversion
    [2009/08/22 19:55:29 | 000,000,000 | ---D | M] -- C:\Users\ONES4PC\AppData\Roaming\Xilisoft Corporation

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2012/06/07 22:00:27 | 000,000,074 | ---- | M] ()(C:\Users\Nunn\Desktop\! ??Hearts and Poetry?? ! - Art, Photography, T-Shirts, Calendars, Greeting Cards RedBubble.URL) -- C:\Users\Nunn\Desktop\! ♥♥Hearts and Poetry♥♥ ! - Art, Photography, T-Shirts, Calendars, Greeting Cards RedBubble.URL
    [2012/06/07 22:00:27 | 000,000,074 | ---- | C] ()(C:\Users\Nunn\Desktop\! ??Hearts and Poetry?? ! - Art, Photography, T-Shirts, Calendars, Greeting Cards RedBubble.URL) -- C:\Users\Nunn\Desktop\! ♥♥Hearts and Poetry♥♥ ! - Art, Photography, T-Shirts, Calendars, Greeting Cards RedBubble.URL

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0B174FAE
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:69E87FA2
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:493B3641
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:12B8C802

    < End of report >
  20. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    OTL Extras logfile created on: 3/11/2012 8:59:11 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nunn\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    4.00 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 56.17% Memory free
    7.99 Gb Paging File | 6.16 Gb Available in Paging File | 77.08% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.20 Gb Total Space | 676.32 Gb Free Space | 72.63% Space Free | Partition Type: NTFS

    Computer Name: NUNN-PC | User Name: Nunn | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1673626267-40826026-1453921036-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0FAFFB35-0309-43FC-B3ED-01EE444EAAFA}" = lport=137 | protocol=17 | dir=in | app=system |
    "{18CA8C95-09E5-4DFA-B42D-83C88680251F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1FF75BE8-DDBF-4763-9066-AE515CF5E53C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{24990912-4BB5-4B36-93C8-252BEFCC3DBD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{2E3F9D17-A5F3-4739-9693-D80DDD212409}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3E58C4F1-7A1B-4F2D-9A5A-1ED911095E79}" = rport=138 | protocol=17 | dir=out | app=system |
    "{434B33E3-42E1-4A17-B77C-AFC0C5144806}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{4787B13C-BD52-4FC6-98A3-B65E81336E60}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{4D3C0655-00BD-4249-9D83-23079037F34C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{4D6481C1-2528-4B5A-8A02-C171C419649D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{4F2B55AF-57A4-458C-8492-DD8F08224BE2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5245ABBD-C306-4CA7-99E7-8DA3CB00F4C3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{53B10D54-F253-49E1-B936-6B31F1E42FB4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{584209C5-AE78-4715-B37C-265C42362E5B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{5C01B2EC-4307-4182-968E-01B3A1CD025D}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{5EEA33DD-8362-4548-BAED-3B31311C3543}" = rport=445 | protocol=6 | dir=out | app=system |
    "{6933B538-C183-4687-BD2C-889B52768E2F}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{6D3081F0-C69B-41B6-882E-795D330C0B48}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{794E1972-FF89-4EE8-A74F-644A12D9E341}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{7A9FB18A-253A-4CD2-AB3D-04E327A9988B}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{7B6D4E0F-9723-4463-8CDB-6152B4A57792}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{83764E14-308D-4FEA-8451-1BBC7102A938}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{87E60F61-B10E-41FE-95E0-EEE03152852F}" = lport=445 | protocol=6 | dir=in | app=system |
    "{8CDD0AC7-4917-46CF-A0EE-BCF4B923FAD1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{93E9808D-3413-4BC4-A995-BB55B1B90CEF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{94793E88-A235-4DEC-AA76-8E8210D2E964}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9A1C119E-B6DA-4FD9-A146-3C7E8A38E277}" = lport=139 | protocol=6 | dir=in | app=system |
    "{9D36D465-85C6-487A-BFC9-4BEDFD9BE5CE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{B17EB067-B358-495A-B75D-47D0B5B8E5A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BEAC984B-F8B0-4096-A07A-CB1F8E9FC89B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{C3CCE02B-DF3E-4F89-91EC-6A44992EC298}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CAF1860B-104C-4CC1-AEA8-37473AAF92A6}" = rport=137 | protocol=17 | dir=out | app=system |
    "{CEC5793A-4E3A-480E-AF0A-DED4AB9F6A4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D2E152E7-9131-4B8E-B02C-6F5C016EC676}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E09E32F1-3145-446C-83D5-ABBCEDA6340E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{ED23C7DB-54B1-45DC-97D8-539230F73690}" = rport=139 | protocol=6 | dir=out | app=system |
    "{ED3C15A8-D4F1-46DB-BECE-C9D6929EB00A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{F97F390A-8129-455A-B27B-29777B5B85FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{F9BF84B7-988C-4F1D-A0CB-AE8E64185F5D}" = lport=138 | protocol=17 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00E690C3-15CD-454E-B91E-F187CDA24C81}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{06F79656-60C6-4C20-8BE1-9A07285301A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{0B5A15A9-76E5-461D-9512-1263CF3B4EBE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0C029B3D-0D7B-4247-9E58-A57A4CCC0EB1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{0E36565C-5D5D-442D-B5C9-326A21431FDE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
    "{1003AA85-CF00-45DA-BB51-3B4B18CC16FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe |
    "{108E1936-12B4-4AA6-AC6B-8EAD57594CA3}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{1200DFE5-E40C-4C4E-B3ED-B1DE10E6D650}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{123F3A68-6891-4DE5-82A9-FF33ED811A6D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{180285DE-C90D-4907-BBD3-D76A785405E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
    "{1CF45A2F-5D21-471E-BB1C-A8D8164586BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe |
    "{219DDFCB-DFFD-47E3-986A-ABA3A891A037}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
    "{22AE04C0-9F6E-4E53-85F3-A24E60A48D57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dungeondefenders.exe |
    "{23F3CB2A-077F-43C5-9908-835D023DB01D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{25325E95-E857-4EA4-B0C9-9E7DD51314E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe |
    "{2ADCF554-F408-4978-B487-6C31850CE6D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage.exe |
    "{2ADD3441-A22B-4231-9587-FFD4A0F4E565}" = dir=in | app=c:\program files (x86)\wb games\batman arkham city goty\binaries\win32\batmanac.exe |
    "{2C23B074-E98E-4D98-A7BD-A3DF7EF663E0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
    "{329305BA-F0C9-4A2D-88A1-63B6908F22F9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{34329AE6-0DF2-4E78-97B5-B72AC76C7D1A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{373EAD8D-C2C3-4250-BCCB-080515C9F70D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3800A446-7AB2-4859-9F55-1AC03BC3637C}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
    "{3D048BD1-FB17-42C8-91D0-2495920553B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe |
    "{3EC79281-441B-4A4B-A40D-DE10CE684034}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city demo\binaries\win32\batmanac.exe |
    "{40FC1C83-B485-4D51-96B2-441307B9CA55}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum conundrum demo\binaries\win32\trygame-win32-shipping.exe |
    "{4284B1EF-CD38-4E03-ACA3-428EA6C835FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe |
    "{430052AF-F6B3-436E-8673-47E695DD83AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{433524D9-D1C3-4D64-A391-BCD1B7CB2670}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dungeondefenders.exe |
    "{43479900-51D5-460E-AEEF-827DA2D2A32C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{44E2C570-BBDC-45C2-B221-A3BDC4D3119C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{4826FFFA-0985-4D4E-B015-3D11CE13C8BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe |
    "{485AC4B1-6614-4D9B-8F4C-A0025A0CA575}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city demo\runlauncher.bat |
    "{4A574F6B-0A7A-4A6F-B3AB-0B68D6FE0EB5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
    "{4C16ECF2-B2B3-46FD-AA48-6BB653C0E34A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4CE7FB3C-5CF2-458F-941B-394ED605A584}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{4EFAD720-A20E-42D2-9901-EA8087ADE8F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe |
    "{51640847-9369-4EF3-AE04-CF60E89527BD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{546983A5-764E-4856-9CFE-4B4E4CAD7D25}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5C409769-9C70-4364-ACC1-509F765B6F60}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{5E63842B-A574-4E63-80A6-8B11A343041D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{6201B8D7-BCA5-4FDB-AED6-57AFAA63792A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\raceroom racing experience\rrrlauncher.exe |
    "{64959D57-D859-4F67-A0E0-75DEB8A5E002}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline_demo\binaries\win32\specopstheline.exe |
    "{652908AD-6342-44A8-AFAB-775C365F823F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
    "{6BD76714-2DCC-4E51-BCBD-12A19AF99B28}" = protocol=6 | dir=out | app=system |
    "{6CF603A4-4855-41FF-A3E0-BE4EBDC6FAEB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\civ_v_xp_demo\launcher.exe |
    "{732A6BB7-3CE6-4E29-BF8B-596CC1D36CE4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{7536F221-2417-414C-95A5-DFE922B7B12B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
    "{77B27012-5676-4EBD-AD2D-59C46B1C90FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
    "{816297C4-E67A-44F3-A21F-8C75292D5935}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{8225612C-700E-490B-98C7-CA77C84F39A0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{83547357-3784-4203-BB45-70D6EA893435}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe |
    "{871BBDA8-AF85-47B6-9356-CBCD878F28B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{8D47DA5E-C788-4E9A-999C-BC8F27F6AF0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{903C8320-0B92-4939-B2C2-122D8B610666}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{9323E0BF-562A-4572-9002-55F029CEF28D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{9463BEF2-057D-4BCE-8DB7-114EB36592F4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
    "{95BB0B7E-E193-4CF7-A159-090C603AABA7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{962F2BB9-3DDE-436C-B529-BE9101372D87}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
    "{99230FF8-59A2-4BED-A6EB-1ADF44C0235F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe |
    "{9A433746-9ECD-48F1-B103-F086B1C49A72}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city demo\binaries\win32\batmanac.exe |
    "{9EE5D5FD-3670-4E22-8BF2-B97307998A27}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\raceroom racing experience\rrrlauncher.exe |
    "{A1BD504E-D207-471F-80CF-F2D6B1A40A46}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
    "{A1BE679D-0CCF-49EC-8597-A7D35038C9C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
    "{A1E6F7CC-4DD5-468A-8975-33E56ECAC35A}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
    "{A3C7592A-4A95-4C7C-8ED0-B26D9F8E3565}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A4642141-69FD-4251-A1C7-8395AB227836}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 free\arma2free.exe |
    "{A46848F8-DEE1-4ADA-854A-57DECDA6FA93}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{A694F62B-FCA4-407B-A9BB-5913C89C2281}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
    "{A824C097-7B8D-4D16-B1F9-BFA807AF9408}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 free\arma2free.exe |
    "{A99A33DC-EB3A-4A4B-B146-13626AEC38F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe |
    "{ABFECE7D-1547-456B-8D67-247F690E4ED4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{AFAE9F24-4BDD-43A4-AA29-57FC2EAE3CE8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage.exe |
    "{B04B383B-F5F3-4759-B80D-7CBB29EABA58}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{B3193FF6-7DF5-43C8-90B6-025AF9C7E211}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum conundrum demo\binaries\win32\trygame-win32-shipping.exe |
    "{B395D762-DC9A-41B4-95F7-9A7F4A1964E2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{B42E5CCB-8831-4A51-A0B1-5E2AC995A50B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{B4826F21-41DB-453F-B255-97A428E9367F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
    "{B5231D20-6C83-4B96-BA78-F7F6C6771B17}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
    "{B571731A-F3AA-4CC2-8E9F-E7A1DF74F65E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
    "{BAB06CC0-2BCA-4C2B-8853-8C9335386B84}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
    "{BE46F73F-1E11-499C-BF8E-9FD7AA58FFB2}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
    "{C469D919-D0AE-4376-A2F9-ADB6157C8FCF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe |
    "{C6883B19-5644-4051-95A1-19CEC1EB040C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{C7CD22CF-75AE-4B4D-AEF0-2E00389914B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city demo\runlauncher.bat |
    "{CC14BE0F-6FEF-418F-9AB9-913A0567C83F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
    "{D03603CB-0AF0-4798-974F-C67600EBD9DE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{D0E07B7C-31EF-484E-8B4B-E346A611FE9D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{D289CFBD-C3E7-418E-80E8-8EAAB7F757F1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D695D2EC-C8A2-4A4A-A0AD-9F4E34B39A7D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
    "{DD083981-2408-4A55-A29B-561F0E7C2827}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
    "{DDDE2A71-0047-4D6C-A282-B45737A52755}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
    "{DF36BD80-E5E5-4F8B-82B4-F5C35D93964B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8011D76-C7C7-4760-BA33-6A98B3F85F2A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{EAA457B0-D143-40B4-B07A-4EE5C9F9A3C3}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
    "{ED472619-A560-49E5-99B6-F3598B29F06F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
    "{EDA38D7C-13AB-4776-988F-211224409712}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
    "{EE39CC72-79E6-4420-884B-E3CB4BAE1BAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe |
    "{F1569C7E-C717-4954-8742-D8A4B52EBFC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\civ_v_xp_demo\launcher.exe |
    "{F1D4A039-900C-4AD9-818F-81CCAE895D6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline_demo\binaries\win32\specopstheline.exe |
    "{FF9DDE33-EB22-44CD-A215-7485F4DAED5F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "TCP Query User{0D41A89F-A181-40B1-8C09-4064B0415B86}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
    "TCP Query User{1423A19F-B0E4-4C75-BE13-92193678BAD5}C:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
    "TCP Query User{17A421BC-B875-4FD3-A6BB-8EF2F8B4F631}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
    "TCP Query User{1FEA2AA3-4127-44AC-BDAD-F8199CF2BB7E}C:\program files (x86)\realflightg5\realflight.exe" = protocol=6 | dir=in | app=c:\program files (x86)\realflightg5\realflight.exe |
    "TCP Query User{3653E23E-9F77-4D25-97AA-7C732970B8EB}C:\program files (x86)\steam\steamapps\common\arma 2 free\arma2free.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 free\arma2free.exe |
    "TCP Query User{8C8617D2-32E1-4A9C-85A3-207E4117EA6E}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
    "TCP Query User{9B0B371B-F94A-4E01-8D96-1415C30609AD}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
    "TCP Query User{9F2BEDF4-3B27-4662-A290-CF9F9511BBA3}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
    "TCP Query User{A1E9FACF-17A3-4133-A5CA-6E5C73616E9C}C:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
    "TCP Query User{B17B5CD3-EBBE-48B1-A9AC-8AFA871E418A}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "TCP Query User{B45BB427-36B8-483B-9504-EA44CF19C3CC}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "TCP Query User{C7519198-680F-443E-B52A-35D8DFD1F2CE}C:\program files (x86)\realflightg5\realflight.exe" = protocol=6 | dir=in | app=c:\program files (x86)\realflightg5\realflight.exe |
    "TCP Query User{CBA9A3A3-4A62-4048-9018-9DA6EDA5DB65}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
    "TCP Query User{CCA8F862-AEB0-4998-B2A4-47BC92F64ED0}C:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe |
    "TCP Query User{D3BE759F-3081-4394-B756-695C2CFDF1D1}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
    "TCP Query User{E66355DA-8CAC-4DF5-878C-D27FE7176811}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "UDP Query User{0CB9805B-844A-465F-A37B-560466EAE87C}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
    "UDP Query User{1C9471B9-011F-4B95-B444-4D1AE74D8F84}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
    "UDP Query User{24CF4C7A-B8AB-4848-955F-C0EB6EDEE72D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "UDP Query User{25EA4498-1D14-4E35-BDA3-E8183626C5D0}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
    "UDP Query User{592E0B58-8140-4A6E-860C-E9356A55A58C}C:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
    "UDP Query User{5B56A605-07D6-4CDA-B5DD-D15A39314757}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
    "UDP Query User{5FDC4580-8435-4E23-BAE1-B7ACC4511332}C:\program files (x86)\realflightg5\realflight.exe" = protocol=17 | dir=in | app=c:\program files (x86)\realflightg5\realflight.exe |
    "UDP Query User{65847CFF-3205-4BD2-9A07-915E76D34293}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
    "UDP Query User{777567B4-1AFE-4A59-B2A7-9AA7FD51AC9E}C:\program files (x86)\steam\steamapps\common\arma 2 free\arma2free.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 free\arma2free.exe |
    "UDP Query User{7C0A1612-1A03-41D7-A6A9-FD8962556587}C:\program files (x86)\realflightg5\realflight.exe" = protocol=17 | dir=in | app=c:\program files (x86)\realflightg5\realflight.exe |
    "UDP Query User{8D936C58-2A7D-4396-BB54-4C69EAE8D10E}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "UDP Query User{8FDC70DE-9BC2-4C45-BA32-C9B64EDC8B06}C:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
    "UDP Query User{A4984268-5C9C-4DDA-B7F5-6B70460AD8F7}C:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe |
    "UDP Query User{AF6A6B09-A137-4BA6-8CE6-D3531B4E420D}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
    "UDP Query User{D7D83160-7971-49F0-B1EE-82E36A0D34C2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "UDP Query User{D9DE3A49-5301-44D0-A5D9-B187CC293054}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
  21. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
    "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
    "{3752FE75-AD83-1E54-9FD3-D3082BC3CAC0}" = Application Verifier x64 External Package
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
    "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
    "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
    "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
    "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
    "{6413F6CE-E598-81D9-76B7-59DE02B75B67}" = Windows Software Development Kit DirectX x64 Remote
    "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
    "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
    "{6DDF14AE-7577-FED9-BCCD-235E552BB557}" = Windows App Certification Kit
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
    "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
    "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95DE5EFF-251C-3029-6727-40C128DB02FE}" = Windows Software Development Kit for Metro style Apps DirectX x64 Remote
    "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
    "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
    "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
    "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
    "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
    "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
    "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
    "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
    "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D83EC797-AC5E-DAD2-7B4B-DDC219CBC232}" = WPTx64
    "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "2CA3B8348CD526E9B8928840AC68738C5B5A4F8F" = Windows Driver Package - Thomson (USB_RNDIS) Net (02/15/2007 2.0.0.0)
    "5AF8BE22A56B38B1816F36BAC6A71F1277E45440" = Windows Driver Package - NETGEAR Inc. (RTL8187) Net (12/01/2006 6.1258.1201.2006)
    "B090418E214D6BD6EE18A512A8EE609225AC9279" = Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net (09/25/2008 3.1.0.101)
    "Blender" = Blender
    "CCleaner" = CCleaner
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.60
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
    "Microsoft Security Client" = Microsoft Security Essentials
    "WinRAR archiver" = WinRAR archiver
    "Zune" = Zune

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00A0FBC3-356A-D0BE-60EE-9C3DE2DA8AA3}" = SDK Debuggers
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1D2F87F3-452E-BEA7-289A-D497CA405D46}" = Windows Software Development Kit for Metro style Apps DirectX x86 Remote
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
    "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
    "{2A36014E-DF1D-4840-A209-3185B17BFC71}" = BigPond Broadband ADSL
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
    "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
    "{3F835874-1C6A-CD11-D369-7D6D1BB15CBC}" = Windows Software Development Kit
    "{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
    "{46869DE6-AF4A-0D11-F1D5-5692D1B66289}" = Windows Software Development Kit Redistributables
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
    "{5454083B-1308-4485-BF17-1110000B8302}" = Grand Theft Auto IV
    "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
    "{57520FA0-DF38-46A1-8046-3B1000008500}" = Batman: Arkham City™ GOTY
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9a2c2c20-17e6-43c4-be07-a3e0c5cea9f7}" = Windows Software Development Kit
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
    "{A1F8DAB8-C993-E9FB-708E-6C702D4E19DB}" = Kits Configuration Installer
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
    "{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{DC50D000-D49D-5729-82CB-C429A7EC5AEF}" = Windows Software Development Kit DirectX x86 Remote
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3B82F29-A209-7006-5652-3B91D08BC6FE}" = Windows Software Development Kit for Metro style Apps
    "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}" = inSSIDer
    "{FC6DAF3E-52C2-43AD-9C50-810F8943C79E}" = BigPond Media Downloader
    "{FD3D78CE-EDE9-23F3-E957-BB66BBF42710}" = WPT Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Audacity_is1" = Audacity 2.0
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "Endless City" = NVIDIA Endless City demo
    "ESN Sonar-0.70.4" = ESN Sonar
    "Game Booster_is1" = Game Booster 3
    "GFWL_{57520FA0-DF38-46A1-8046-3B1000008500}" = Batman: Arkham City™ GOTY
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "LAME_is1" = LAME v3.99.3 (for Windows)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OpenAL" = OpenAL
    "OpenTTD" = OpenTTD 1.2.1
    "Origin" = Origin
    "PunkBusterSvc" = PunkBuster Services
    "RealFlightG5Pro" = RealFlight G5 R/C Simulator
    "ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
    "SpeedFan" = SpeedFan (remove only)
    "Steam App 107400" = ARMA 2: Free
    "Steam App 108710" = Alan Wake
    "Steam App 12210" = Grand Theft Auto IV
    "Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
    "Steam App 17080" = Tribes: Ascend
    "Steam App 200240" = Batman: Arkham City Demo
    "Steam App 201680" = Dungeon Defenders Demo
    "Steam App 204980" = Spec Ops: The Line Demo
    "Steam App 205700" = Quantum Conundrum Demo
    "Steam App 209870" = Blacklight: Retribution
    "Steam App 211500" = RaceRoom Racing Experience
    "Steam App 213910" = Sid Meier's Civilization V: Gods & Kings Demo
    "Steam App 240" = Counter-Strike: Source
    "Steam App 29180" = Osmos
    "Steam App 35140" = Batman: Arkham Asylum GOTY Edition
    "Steam App 4000" = Garry's Mod
    "Steam App 4010" = Garry's Mod 13 Beta
    "Steam App 42700" = Call of Duty: Black Ops
    "Steam App 42710" = Call of Duty: Black Ops - Multiplayer
    "Steam App 55230" = Saints Row: The Third
    "Steam App 9200" = RAGE
    "Wings 3D 1.4.1" = Wings 3D 1.4.1
    "WinLiveSuite" = Windows Live Essentials

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 3/01/2012 6:49:51 AM | Computer Name = Nunn-PC | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 3/01/2012 6:50:52 AM | Computer Name = Nunn-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia
    PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 4/01/2012 6:51:19 PM | Computer Name = Nunn-PC | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 4/01/2012 6:52:21 PM | Computer Name = Nunn-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia
    PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 5/01/2012 12:55:55 PM | Computer Name = Nunn-PC | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 5/01/2012 12:56:55 PM | Computer Name = Nunn-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia
    PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/01/2012 12:37:50 AM | Computer Name = Nunn-PC | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 8/01/2012 12:38:59 AM | Computer Name = Nunn-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia
    PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 10/01/2012 2:42:24 AM | Computer Name = Nunn-PC | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 10/01/2012 2:43:19 AM | Computer Name = Nunn-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia
    PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    [ System Events ]
    Error - 1/11/2012 8:54:15 AM | Computer Name = Nunn-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 1/11/2012 8:01:51 PM | Computer Name = Nunn-PC | Source = Service Control Manager | ID = 7024
    Description = The Windows Search service terminated with service-specific error
    %%-1073473535.

    Error - 1/11/2012 8:01:51 PM | Computer Name = Nunn-PC | Source = Service Control Manager | ID = 7031
    Description = The Windows Search service terminated unexpectedly. It has done this
    1 time(s). The following corrective action will be taken in 30000 milliseconds:
    Restart the service.

    Error - 1/11/2012 8:02:21 PM | Computer Name = Nunn-PC | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the Windows Search service, but
    this action failed with the following error: %%1056

    Error - 1/11/2012 8:03:42 PM | Computer Name = Nunn-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 1/11/2012 8:03:42 PM | Computer Name = Nunn-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 3/11/2012 7:28:50 AM | Computer Name = Nunn-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 3/11/2012 7:28:50 AM | Computer Name = Nunn-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 3/11/2012 8:54:51 AM | Computer Name = Nunn-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 3/11/2012 8:54:51 AM | Computer Name = Nunn-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069


    < End of report >
  22. Broni

    Broni Malware Annihilator Posts: 45,158   +242

    You didn't say:
    ===============================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
      O3 - HKU\S-1-5-21-1673626267-40826026-1453921036-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0B174FAE
      @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:69E87FA2
      @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:493B3641
      @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:12B8C802
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =======================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  23. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    Hello Broni, thank you again for your time, assistance and patience. The only issue I'm having is my browser search button not working (FF 16.0.2).

    All processes killed
    ========== OTL ==========
    Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1673626267-40826026-1453921036-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    ADS C:\ProgramData\TEMP:0B174FAE deleted successfully.
    ADS C:\ProgramData\TEMP:69E87FA2 deleted successfully.
    ADS C:\ProgramData\TEMP:493B3641 deleted successfully.
    ADS C:\ProgramData\TEMP:12B8C802 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Nunn
    ->Temp folder emptied: 457582 bytes
    ->Temporary Internet Files folder emptied: 1900946 bytes
    ->Java cache emptied: 1024423 bytes
    ->FireFox cache emptied: 428383273 bytes
    ->Google Chrome cache emptied: 43525753 bytes
    ->Apple Safari cache emptied: 5036032 bytes
    ->Flash cache emptied: 59007 bytes

    User: ONES4PC
    ->Temp folder emptied: 0 bytes
    ->Java cache emptied: 29008924 bytes
    ->FireFox cache emptied: 84052832 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 49760 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 401408 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 29488 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
    RecycleBin emptied: 47848984 bytes

    Total Files Cleaned = 612.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Nunn
    ->Java cache emptied: 0 bytes

    User: ONES4PC
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Nunn
    ->Flash cache emptied: 0 bytes

    User: ONES4PC
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11042012_121839

    Files\Folders moved on Reboot...
    C:\Users\Nunn\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
    Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.

    --------------------------------------------------------------------------------------------------------------------------------------------------------------
    Results of screen317's Security Check version 0.99.54
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    Java(TM) 6 Update 18
    Java(TM) 6 Update 37
    Java version out of Date!
    Adobe Flash Player 11.4.402.287
    Adobe Reader X (10.1.4)
    Mozilla Firefox (16.0.2)
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
    --------------------------------------------------------------------------------------------------------------------------------------------------------------------
    Farbar Service Scanner Version: 03-11-2012
    Ran by Nunn (administrator) on 04-11-2012 at 12:38:03
    Running from "C:\Users\Nunn\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  24. Broni

    Broni Malware Annihilator Posts: 45,158   +242

  25. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    # AdwCleaner v2.006 - Logfile created 11/04/2012 at 12:42:32
    # Updated 30/10/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Nunn - NUNN-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Nunn\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : Browser Manager

    ***** [Files / Folders] *****

    Deleted on reboot : C:\ProgramData\Browser Manager
    File Deleted : C:\user.js
    Folder Deleted : C:\ProgramData\~0
    Folder Deleted : C:\ProgramData\Trymedia

    ***** [Registry] *****

    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23759~1.138\{61d8b~1\browse~1.dll
    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23759~1.138\{61d8b~1\browsermngr.dll
    Key Deleted : HKCU\Software\AppDataLow\Software
    Key Deleted : HKCU\Software\Default Tab
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\Default Tab
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\Software\Software
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
    Key Deleted : HKU\S-1-5-21-1673626267-40826026-1453921036-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7601.17514

    [OK] Registry is clean.

    -\\ Mozilla Firefox v16.0.2 (en-US)

    Profile name : default
    File : C:\Users\Nunn\AppData\Roaming\Mozilla\Firefox\Profiles\9r8lat5j.default\prefs.js

    C:\Users\Nunn\AppData\Roaming\Mozilla\Firefox\Profiles\9r8lat5j.default\user.js ... Deleted !

    Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
    Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");
    Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Nunn\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [3021 octets] - [04/11/2012 12:42:32]

    ########## EOF - C:\AdwCleaner[S1].txt - [3081 octets] ##########

    ---------------------------------------------------------------------------------------------------------------------------------------------------------------------
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.