TechSpot

Google redirect virus, Win32/Olmarik.TDL4 trojan

Solved
By Styl
Oct 28, 2012
  1. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    I see.
    It looks like we have fake infected partition.

    Download attached Fix.txt file to your Desktop (<----important!)

    • Double click ListParts.exe/ListParts64.exe to launch the program.
    • Press the Fix button.
    • ListParts will process the script in Fix.txt
    • When finished please press the Scan button.
    • A log Result.txt will open on your Desktop.
    • Please post me the contents of the log.
     

    Attached Files:

    • fix.txt
      File size:
      53 bytes
      Views:
      5
  2. Styl

    Styl TS Member Topic Starter Posts: 61

    Alright, ran that script. I have to get going to work. Will do any additional steps you have tomorrow. Thanks!

    Edit: Which log? PLfixlog?

    Script used: "Disk=0 Partition=1 active"
    Script used: "Disk=0 Partition=2 type=07"
     
  3. Broni

    Broni Malware Annihilator Posts: 47,078   +258

     
  4. Styl

    Styl TS Member Topic Starter Posts: 61

    Ah, sorry. In a hurry and didn't see that log open. Here you go:

    ListParts by Farbar Version: 30-10-2012
    Ran by Owner (administrator) on 01-11-2012 at 21:03:40
    Windows 7 (X64)
    Running From: C:\Users\Owner\Desktop
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 29%
    Total physical RAM: 8174.69 MB
    Available physical RAM: 5790.12 MB
    Total Pagefile: 16347.57 MB
    Available Pagefile: 13925.02 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (Local Disk) (Fixed) (Total:465.75 GB) (Free:265.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (Storage Drive) (Fixed) (Total:698.63 GB) (Free:2.19 GB) NTFS
    3 Drive e: (GSP1RMCULXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
    4 Drive f: () (Fixed) (Total:232.88 GB) (Free:8.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    6 Drive h: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1799.78 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 3072 KB
    Disk 1 Online 698 GB 0 B
    Disk 2 Online 232 GB 1024 KB
    Disk 3 Online 1862 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 1024 KB
    Partition 2 Primary 10 MB 465 GB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C Local Disk NTFS Partition 465 GB Healthy System (partition with boot components)

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: Yes

    There is no volume associated with this partition.

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 698 GB 1024 KB

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D Storage Dri NTFS Partition 698 GB Healthy

    ======================================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 232 GB 31 KB

    ======================================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F NTFS Partition 232 GB Healthy

    ======================================================================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1862 GB 1024 KB

    ======================================================================================================

    Disk: 3
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H My Passport NTFS Partition 1862 GB Healthy

    ======================================================================================================

    ****** End Of Log ******
     
  5. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    It didn't work.

    We'll have to do it from the outside.

    WARNING!
    Proceed with extreme caution!
    Deleting wrong partition will result with your computer being unusable.
    If you have any doubts, ask.


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Download GETxPUD.exe to the desktop of your clean computer

    • Double click on GETxPUD.exe
    • A new folder will appear on the desktop.
    • Open the GETxPUD folder and click on the get&burn.bat
    • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
    • Insert blank CD into your CD drive.
    • Click on Start and follow the prompts to burn the image to a CD.
    • Boot bad computer from the CD
    • Click Menu then Terminal Emulator
    • Type parted /dev/sda set 1 boot on
    • Press Enter
    • Type parted /dev/sda rm 2
    • Press Enter
    • Remove xPUD CD, reboot normally, run ListParts and post the log
     
  6. Styl

    Styl TS Member Topic Starter Posts: 61

    Sorry for the delay, I got called into work early yesterday afternoon and I also messed up my router somehow, but didn't get it fixed until I woke up this morning. I burned the image to a CD yesterday and when I tried to boot from it, I got to a language selection menu, and then a black screen with text output appeared, no Menu to or Terminal Emulator. I did however type in the two commands in your post on that screen, and here is the ListParts64 Log file, I think we may have gotten it if the partition we were after was the Type : 17 (Suspicious Type), which is now gone. The last time ESET detected the Win32/Olmarik.TDL4 trojan was on 11/2/2012 at 10:18:36 AM. And so far no more Google redirects.

    I also check some of the tools I've downloaded, and TDSSKiller and aswMBR work. I have not ran scans with these. Will wait for your instructions on how to proceed.

    ListParts by Farbar Version: 30-10-2012
    Ran by Owner (administrator) on 03-11-2012 at 07:27:44
    Windows 7 (X64)
    Running From: C:\Users\Owner\Desktop
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 23%
    Total physical RAM: 8174.69 MB
    Available physical RAM: 6293.09 MB
    Total Pagefile: 16347.57 MB
    Available Pagefile: 14235.24 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (Local Disk) (Fixed) (Total:465.75 GB) (Free:265.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (Storage Drive) (Fixed) (Total:698.63 GB) (Free:2.19 GB) NTFS
    3 Drive e: (xPUD) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS
    4 Drive f: () (Fixed) (Total:232.88 GB) (Free:8.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    6 Drive h: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1799.78 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 13 MB
    Disk 1 Online 698 GB 0 B
    Disk 2 Online 232 GB 1024 KB
    Disk 3 Online 1862 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 1024 KB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C Local Disk NTFS Partition 465 GB Healthy System (partition with boot components)

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 698 GB 1024 KB

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D Storage Dri NTFS Partition 698 GB Healthy

    ======================================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 232 GB 31 KB

    ======================================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F NTFS Partition 232 GB Healthy

    ======================================================================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1862 GB 1024 KB

    ======================================================================================================

    Disk: 3
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H My Passport NTFS Partition 1862 GB Healthy

    ======================================================================================================

    ****** End Of Log ******
     
  7. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Good job :)

    I'll need fresh log form RogueKIller.

    Also see if TDSSKIller and aswMBR will run now.
    If so post both logs.
     
  8. Styl

    Styl TS Member Topic Starter Posts: 61

    RogueKiller:

    RogueKiller V8.2.2 [11/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Owner [Admin rights]
    Mode : Scan -- Date : 11/03/2012 16:17:42

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND


    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤
    -> F:\windows\system32\config\SOFTWARE
    -> F:\Users\Caleb\NTUSER.DAT
    -> F:\Users\Default\NTUSER.DAT
    -> F:\Users\Default User\NTUSER.DAT
    -> F:\Documents and Settings\Administrator\NTUSER.DAT
    -> F:\Documents and Settings\Caleb\NTUSER.DAT
    -> F:\Documents and Settings\Default\NTUSER.DAT
    -> F:\Documents and Settings\Default User\NTUSER.DAT

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost #[IPv6]
    127.0.0.1 fr.a2dfp.net
    127.0.0.1 m.fr.a2dfp.net
    127.0.0.1 ad.a8.net
    127.0.0.1 asy.a8ww.net
    127.0.0.1 abcstats.com
    127.0.0.1 a.abv.bg
    127.0.0.1 adserver.abv.bg
    127.0.0.1 adv.abv.bg
    127.0.0.1 bimg.abv.bg
    127.0.0.1 ca.abv.bg
    127.0.0.1 www2.a-counter.kiev.ua
    127.0.0.1 track.acclaimnetwork.com
    127.0.0.1 accuserveadsystem.com
    127.0.0.1 www.accuserveadsystem.com
    127.0.0.1 achmedia.com
    127.0.0.1 aconti.net
    127.0.0.1 secure.aconti.net
    127.0.0.1 www.aconti.net #[Dialer.Aconti]
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST500DM005 HD502HJ +++++
    --- User ---
    [MBR] c01c91cdb3ad86747b426cd405717cec
    [BSP] e68203d3a3614b13622b7ec9328b0d52 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476924 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: WDC WD7501AALS-00E3A0 +++++
    --- User ---
    [MBR] 69fa694960e9734ff4886663b83128a8
    [BSP] c48550d3bff74d7a68118df8f980ea0c : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 715402 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive2: ST3250410AS +++++
    --- User ---
    [MBR] 873fcc338f69987ea337d075508ba766
    [BSP] 4a978089bc40dfe3754c1cbb4cd26f22 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive3: WD My Passport 0748 USB Device +++++
    --- User ---
    [MBR] 7a4ec4e08b9c0b7774c61db295f91382
    [BSP] 000cdb9b089b6a5f1cdf8ae3e35760b8 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907696 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1]_S_11032012_02d1617.txt >>
    RKreport[1]_S_11032012_02d1617.txt

    aswMBR:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-03 16:27:15
    -----------------------------
    16:27:15.510 OS Version: Windows x64 6.1.7601 Service Pack 1
    16:27:15.510 Number of processors: 4 586 0x2A07
    16:27:15.510 ComputerName: OWNER-PC UserName: Owner
    16:27:15.947 Initialize success
    16:28:04.485 AVAST engine defs: 12110301
    16:28:18.354 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    16:28:18.354 Disk 0 Vendor: ST500DM0 1AJ1 Size: 476940MB BusType: 3
    16:28:18.369 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
    16:28:18.369 Disk 1 Vendor: WDC_WD75 05.0 Size: 715404MB BusType: 3
    16:28:18.369 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
    16:28:18.369 Disk 2 Vendor: ST325041 4.AA Size: 238475MB BusType: 3
    16:28:18.385 Disk 0 MBR read successfully
    16:28:18.385 Disk 0 MBR scan
    16:28:18.385 Disk 0 Windows 7 default MBR code
    16:28:18.401 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476924 MB offset 2048
    16:28:18.416 Disk 0 scanning C:\Windows\system32\drivers
    16:28:33.642 Service scanning
    16:29:00.770 Modules scanning
    16:29:00.770 Disk 0 trace - called modules:
    16:29:00.786 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    16:29:00.786 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80096ca060]
    16:29:00.802 3 CLASSPNP.SYS[fffff88001a0443f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800841d050]
    16:29:01.270 AVAST engine scan C:\Windows
    16:29:04.889 AVAST engine scan C:\Windows\system32
    16:33:20.105 AVAST engine scan C:\Windows\system32\drivers
    16:33:34.535 AVAST engine scan C:\Users\Owner
    16:36:23.218 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
    16:36:23.234 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
     
  9. Styl

    Styl TS Member Topic Starter Posts: 61

    TDSSKiller:

    16:21:06.0471 4960 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

    16:21:06.0767 4960 ============================================================

    16:21:06.0767 4960 Current date / time: 2012/11/03 16:21:06.0767

    16:21:06.0767 4960 SystemInfo:

    16:21:06.0767 4960

    16:21:06.0767 4960 OS Version: 6.1.7601 ServicePack: 1.0

    16:21:06.0767 4960 Product type: Workstation

    16:21:06.0767 4960 ComputerName: OWNER-PC

    16:21:06.0767 4960 UserName: Owner

    16:21:06.0767 4960 Windows directory: C:\Windows

    16:21:06.0767 4960 System windows directory: C:\Windows

    16:21:06.0767 4960 Running under WOW64

    16:21:06.0767 4960 Processor architecture: Intel x64

    16:21:06.0767 4960 Number of processors: 4

    16:21:06.0767 4960 Page size: 0x1000

    16:21:06.0767 4960 Boot type: Normal boot

    16:21:06.0767 4960 ============================================================

    16:21:07.0110 4960 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    16:21:07.0110 4960 Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    16:21:07.0126 4960 Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    16:21:07.0126 4960 Drive \Device\Harddisk3\DR3 - Size: 0x1D1BF100000 (1862.99 Gb), SectorSize: 0x200, Cylinders: 0x3B5FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

    16:21:07.0126 4960 ============================================================

    16:21:07.0126 4960 \Device\Harddisk0\DR0:

    16:21:07.0126 4960 MBR partitions:

    16:21:07.0126 4960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A37E030

    16:21:07.0126 4960 \Device\Harddisk1\DR1:

    16:21:07.0126 4960 MBR partitions:

    16:21:07.0126 4960 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000

    16:21:07.0126 4960 \Device\Harddisk2\DR2:

    16:21:07.0126 4960 MBR partitions:

    16:21:07.0126 4960 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C44A2

    16:21:07.0126 4960 \Device\Harddisk3\DR3:

    16:21:07.0126 4960 MBR partitions:

    16:21:07.0126 4960 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8DF8000

    16:21:07.0126 4960 ============================================================

    16:21:07.0157 4960 C: <-> \Device\Harddisk0\DR0\Partition1

    16:21:07.0173 4960 F: <-> \Device\Harddisk2\DR2\Partition1

    16:21:07.0219 4960 H: <-> \Device\Harddisk3\DR3\Partition1

    16:21:07.0282 4960 D: <-> \Device\Harddisk1\DR1\Partition1

    16:21:07.0282 4960 ============================================================

    16:21:07.0282 4960 Initialize success

    16:21:07.0282 4960 ============================================================

    16:21:52.0553 4600 ============================================================

    16:21:52.0553 4600 Scan started

    16:21:52.0553 4600 Mode: Manual;

    16:21:52.0553 4600 ============================================================

    16:21:53.0084 4600 ================ Scan system memory ========================

    16:21:53.0084 4600 System memory - ok

    16:21:53.0084 4600 ================ Scan services =============================

    16:21:53.0208 4600 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

    16:21:53.0208 4600 1394ohci - ok

    16:21:53.0255 4600 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

    16:21:53.0255 4600 ACPI - ok

    16:21:53.0286 4600 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

    16:21:53.0302 4600 AcpiPmi - ok

    16:21:53.0427 4600 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    16:21:53.0427 4600 AdobeARMservice - ok

    16:21:53.0489 4600 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

    16:21:53.0505 4600 adp94xx - ok

    16:21:53.0520 4600 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

    16:21:53.0520 4600 adpahci - ok

    16:21:53.0536 4600 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

    16:21:53.0536 4600 adpu320 - ok

    16:21:53.0567 4600 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

    16:21:53.0567 4600 AeLookupSvc - ok

    16:21:53.0614 4600 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

    16:21:53.0614 4600 AFD - ok

    16:21:53.0645 4600 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

    16:21:53.0645 4600 agp440 - ok

    16:21:53.0723 4600 [ DF8111AECC0184B7E69E4BFA654CDC2D ] AIDA64Driver C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64

    16:21:53.0739 4600 AIDA64Driver - ok

    16:21:53.0739 4600 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

    16:21:53.0739 4600 ALG - ok

    16:21:53.0770 4600 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

    16:21:53.0770 4600 aliide - ok

    16:21:53.0786 4600 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

    16:21:53.0801 4600 AMD External Events Utility - ok

    16:21:53.0801 4600 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

    16:21:53.0801 4600 amdide - ok

    16:21:53.0832 4600 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

    16:21:53.0848 4600 AmdK8 - ok

    16:21:54.0004 4600 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

    16:21:54.0129 4600 amdkmdag - ok

    16:21:54.0160 4600 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

    16:21:54.0160 4600 amdkmdap - ok

    16:21:54.0176 4600 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

    16:21:54.0176 4600 AmdPPM - ok

    16:21:54.0254 4600 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

    16:21:54.0254 4600 amdsata - ok

    16:21:54.0269 4600 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

    16:21:54.0285 4600 amdsbs - ok

    16:21:54.0285 4600 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

    16:21:54.0300 4600 amdxata - ok

    16:21:54.0363 4600 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

    16:21:54.0363 4600 AppID - ok

    16:21:54.0378 4600 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

    16:21:54.0394 4600 AppIDSvc - ok

    16:21:54.0425 4600 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

    16:21:54.0425 4600 Appinfo - ok

    16:21:54.0441 4600 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

    16:21:54.0456 4600 AppMgmt - ok

    16:21:54.0488 4600 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

    16:21:54.0488 4600 arc - ok

    16:21:54.0503 4600 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

    16:21:54.0503 4600 arcsas - ok

    16:21:54.0597 4600 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

    16:21:54.0597 4600 aspnet_state - ok

    16:21:54.0612 4600 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

    16:21:54.0628 4600 AsyncMac - ok

    16:21:54.0659 4600 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

    16:21:54.0659 4600 atapi - ok

    16:21:54.0690 4600 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

    16:21:54.0690 4600 AtiHDAudioService - ok

    16:21:54.0737 4600 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

    16:21:54.0753 4600 AudioEndpointBuilder - ok

    16:21:54.0753 4600 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

    16:21:54.0768 4600 AudioSrv - ok

    16:21:54.0784 4600 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

    16:21:54.0800 4600 AxInstSV - ok

    16:21:54.0846 4600 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

    16:21:54.0846 4600 b06bdrv - ok

    16:21:54.0878 4600 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

    16:21:54.0878 4600 b57nd60a - ok

    16:21:54.0924 4600 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

    16:21:54.0924 4600 BDESVC - ok

    16:21:54.0940 4600 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

    16:21:54.0940 4600 Beep - ok

    16:21:55.0002 4600 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

    16:21:55.0002 4600 BFE - ok

    16:21:55.0049 4600 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

    16:21:55.0065 4600 BITS - ok

    16:21:55.0080 4600 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

    16:21:55.0096 4600 blbdrive - ok

    16:21:55.0112 4600 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

    16:21:55.0112 4600 bowser - ok

    16:21:55.0127 4600 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

    16:21:55.0127 4600 BrFiltLo - ok

    16:21:55.0127 4600 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

    16:21:55.0127 4600 BrFiltUp - ok

    16:21:55.0158 4600 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

    16:21:55.0158 4600 BridgeMP - ok

    16:21:55.0205 4600 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

    16:21:55.0205 4600 Browser - ok

    16:21:55.0221 4600 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

    16:21:55.0236 4600 Brserid - ok

    16:21:55.0252 4600 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

    16:21:55.0252 4600 BrSerWdm - ok

    16:21:55.0252 4600 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

    16:21:55.0252 4600 BrUsbMdm - ok

    16:21:55.0252 4600 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

    16:21:55.0252 4600 BrUsbSer - ok

    16:21:55.0268 4600 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

    16:21:55.0268 4600 BTHMODEM - ok

    16:21:55.0299 4600 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

    16:21:55.0299 4600 bthserv - ok

    16:21:55.0330 4600 catchme - ok

    16:21:55.0361 4600 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

    16:21:55.0361 4600 cdfs - ok

    16:21:55.0424 4600 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

    16:21:55.0424 4600 cdrom - ok

    16:21:55.0455 4600 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

    16:21:55.0470 4600 CertPropSvc - ok

    16:21:55.0486 4600 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

    16:21:55.0486 4600 circlass - ok

    16:21:55.0533 4600 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

    16:21:55.0533 4600 CLFS - ok

    16:21:55.0611 4600 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    16:21:55.0611 4600 clr_optimization_v2.0.50727_32 - ok

    16:21:55.0673 4600 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

    16:21:55.0673 4600 clr_optimization_v2.0.50727_64 - ok

    16:21:55.0751 4600 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    16:21:55.0751 4600 clr_optimization_v4.0.30319_32 - ok

    16:21:55.0782 4600 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    16:21:55.0782 4600 clr_optimization_v4.0.30319_64 - ok

    16:21:55.0798 4600 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

    16:21:55.0798 4600 CmBatt - ok

    16:21:55.0860 4600 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

    16:21:55.0860 4600 cmdide - ok

    16:21:55.0907 4600 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

    16:21:55.0907 4600 CNG - ok

    16:21:55.0923 4600 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

    16:21:55.0923 4600 Compbatt - ok

    16:21:55.0954 4600 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

    16:21:55.0954 4600 CompositeBus - ok

    16:21:55.0970 4600 COMSysApp - ok

    16:21:56.0063 4600 cpuz135 - ok

    16:21:56.0079 4600 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

    16:21:56.0079 4600 crcdisk - ok

    16:21:56.0126 4600 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

    16:21:56.0141 4600 CryptSvc - ok

    16:21:56.0172 4600 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys

    16:21:56.0172 4600 CSC - ok

    16:21:56.0188 4600 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll

    16:21:56.0204 4600 CscService - ok

    16:21:56.0266 4600 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys

    16:21:56.0266 4600 dc3d - ok

    16:21:56.0313 4600 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

    16:21:56.0313 4600 DcomLaunch - ok

    16:21:56.0344 4600 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

    16:21:56.0344 4600 defragsvc - ok

    16:21:56.0375 4600 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

    16:21:56.0375 4600 DfsC - ok

    16:21:56.0406 4600 [ A64CC0B5D93F25BF5D052A1FEBE71E68 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys

    16:21:56.0406 4600 dg_ssudbus - ok

    16:21:56.0453 4600 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

    16:21:56.0453 4600 Dhcp - ok

    16:21:56.0469 4600 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

    16:21:56.0469 4600 discache - ok

    16:21:56.0500 4600 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

    16:21:56.0500 4600 Disk - ok

    16:21:56.0531 4600 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

    16:21:56.0531 4600 Dnscache - ok

    16:21:56.0578 4600 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

    16:21:56.0594 4600 dot3svc - ok

    16:21:56.0625 4600 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

    16:21:56.0625 4600 DPS - ok

    16:21:56.0640 4600 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

    16:21:56.0640 4600 drmkaud - ok

    16:21:56.0703 4600 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys

    16:21:56.0703 4600 dtsoftbus01 - ok

    16:21:56.0750 4600 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

    16:21:56.0765 4600 DXGKrnl - ok

    16:21:56.0796 4600 [ D00EAE9C735A7DEE8049E50D73D25434 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys

    16:21:56.0796 4600 eamonm - ok

    16:21:56.0812 4600 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

    16:21:56.0828 4600 EapHost - ok

    16:21:56.0906 4600 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

    16:21:56.0937 4600 ebdrv - ok

    16:21:56.0952 4600 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

    16:21:56.0952 4600 EFS - ok

    16:21:56.0968 4600 [ E5EDDE3C8158DD0CBC5812F201DCDED0 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys

    16:21:56.0968 4600 ehdrv - ok

    16:21:56.0999 4600 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

    16:21:57.0015 4600 ehRecvr - ok

    16:21:57.0046 4600 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

    16:21:57.0046 4600 ehSched - ok

    16:21:57.0186 4600 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

    16:21:57.0186 4600 ekrn - ok

    16:21:57.0233 4600 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

    16:21:57.0233 4600 elxstor - ok

    16:21:57.0296 4600 [ 587F0F4145A1536A6E37EFD769B7665F ] epfw C:\Windows\system32\DRIVERS\epfw.sys

    16:21:57.0296 4600 epfw - ok

    16:21:57.0327 4600 [ D2F812358EE8EE23CBB5C4DAFFB5B819 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys

    16:21:57.0327 4600 EpfwLWF - ok

    16:21:57.0358 4600 [ 34BF55D69AB74D14C7E7A17259CB7DF8 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys

    16:21:57.0358 4600 epfwwfp - ok

    16:21:57.0358 4600 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

    16:21:57.0358 4600 ErrDev - ok

    16:21:57.0389 4600 [ DF2F6C1E55F6E81CFC7F688380D85816 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys

    16:21:57.0389 4600 EtronHub3 - ok

    16:21:57.0436 4600 [ E093ABFB67A4B9D94F80611A7D0A8BB9 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys

    16:21:57.0436 4600 EtronXHCI - ok

    16:21:57.0452 4600 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

    16:21:57.0467 4600 EventSystem - ok

    16:21:57.0483 4600 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

    16:21:57.0483 4600 exfat - ok

    16:21:57.0483 4600 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

    16:21:57.0498 4600 fastfat - ok

    16:21:57.0545 4600 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

    16:21:57.0561 4600 Fax - ok

    16:21:57.0576 4600 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

    16:21:57.0576 4600 fdc - ok

    16:21:57.0592 4600 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

    16:21:57.0592 4600 fdPHost - ok

    16:21:57.0592 4600 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

    16:21:57.0592 4600 FDResPub - ok

    16:21:57.0608 4600 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

    16:21:57.0608 4600 FileInfo - ok

    16:21:57.0623 4600 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

    16:21:57.0623 4600 Filetrace - ok

    16:21:57.0623 4600 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

    16:21:57.0639 4600 flpydisk - ok

    16:21:57.0686 4600 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

    16:21:57.0701 4600 FltMgr - ok

    16:21:57.0732 4600 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

    16:21:57.0748 4600 FontCache - ok

    16:21:57.0810 4600 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

    16:21:57.0810 4600 FontCache3.0.0.0 - ok

    16:21:57.0826 4600 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

    16:21:57.0826 4600 FsDepends - ok

    16:21:57.0873 4600 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

    16:21:57.0873 4600 Fs_Rec - ok

    16:21:57.0966 4600 [ AE6F0A6562D3ECCD613DE1FD8612AC4E ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe

    16:21:57.0982 4600 Futuremark SystemInfo Service - ok

    16:21:58.0029 4600 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

    16:21:58.0029 4600 fvevol - ok

    16:21:58.0044 4600 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

    16:21:58.0044 4600 gagp30kx - ok

    16:21:58.0107 4600 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

    16:21:58.0122 4600 gpsvc - ok

    16:21:58.0169 4600 [ ADB4348DA1345877B04E22203AFC8993 ] hcmon C:\Windows\system32\drivers\hcmon.sys

    16:21:58.0169 4600 hcmon - ok

    16:21:58.0185 4600 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

    16:21:58.0185 4600 hcw85cir - ok

    16:21:58.0232 4600 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

    16:21:58.0232 4600 HdAudAddService - ok

    16:21:58.0247 4600 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

    16:21:58.0247 4600 HDAudBus - ok

    16:21:58.0278 4600 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

    16:21:58.0278 4600 HidBatt - ok

    16:21:58.0278 4600 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

    16:21:58.0278 4600 HidBth - ok

    16:21:58.0325 4600 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

    16:21:58.0325 4600 HidIr - ok

    16:21:58.0356 4600 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

    16:21:58.0356 4600 hidserv - ok

    16:21:58.0403 4600 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

    16:21:58.0403 4600 HidUsb - ok

    16:21:58.0450 4600 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

    16:21:58.0450 4600 hkmsvc - ok

    16:21:58.0497 4600 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

    16:21:58.0497 4600 HomeGroupListener - ok

    16:21:58.0528 4600 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

    16:21:58.0528 4600 HomeGroupProvider - ok

    16:21:58.0575 4600 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

    16:21:58.0590 4600 HpSAMD - ok

    16:21:58.0622 4600 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

    16:21:58.0637 4600 HTTP - ok

    16:21:58.0668 4600 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

    16:21:58.0668 4600 hwpolicy - ok

    16:21:58.0684 4600 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

    16:21:58.0700 4600 i8042prt - ok

    16:21:58.0715 4600 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

    16:21:58.0731 4600 iaStor - ok

    16:21:58.0762 4600 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

    16:21:58.0762 4600 IAStorDataMgrSvc - ok

    16:21:58.0778 4600 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

    16:21:58.0778 4600 iaStorV - ok

    16:21:58.0824 4600 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

    16:21:58.0840 4600 idsvc - ok

    16:21:58.0871 4600 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

    16:21:58.0871 4600 iirsp - ok

    16:21:58.0902 4600 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

    16:21:58.0918 4600 IKEEXT - ok

    16:21:59.0027 4600 [ 5F6A3EA5BD7CA861863A3A06CECC115C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

    16:21:59.0043 4600 IntcAzAudAddService - ok

    16:21:59.0058 4600 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

    16:21:59.0058 4600 intelide - ok

    16:21:59.0090 4600 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

    16:21:59.0090 4600 intelppm - ok

    16:21:59.0105 4600 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

    16:21:59.0105 4600 IPBusEnum - ok

    16:21:59.0168 4600 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

    16:21:59.0168 4600 IpFilterDriver - ok

    16:21:59.0230 4600 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

    16:21:59.0230 4600 iphlpsvc - ok

    16:21:59.0261 4600 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

    16:21:59.0261 4600 IPMIDRV - ok

    16:21:59.0277 4600 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

    16:21:59.0292 4600 IPNAT - ok

    16:21:59.0308 4600 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

    16:21:59.0308 4600 IRENUM - ok

    16:21:59.0324 4600 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

    16:21:59.0324 4600 isapnp - ok

    16:21:59.0355 4600 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

    16:21:59.0370 4600 iScsiPrt - ok

    16:21:59.0402 4600 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

    16:21:59.0402 4600 kbdclass - ok

    16:21:59.0417 4600 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

    16:21:59.0417 4600 kbdhid - ok

    16:21:59.0433 4600 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

    16:21:59.0433 4600 KeyIso - ok

    16:21:59.0464 4600 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

    16:21:59.0464 4600 KSecDD - ok

    16:21:59.0495 4600 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

    16:21:59.0495 4600 KSecPkg - ok

    16:21:59.0526 4600 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

    16:21:59.0526 4600 ksthunk - ok

    16:21:59.0558 4600 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

    16:21:59.0573 4600 KtmRm - ok

    16:21:59.0604 4600 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

    16:21:59.0604 4600 LanmanServer - ok

    16:21:59.0667 4600 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

    16:21:59.0667 4600 LanmanWorkstation - ok

    16:21:59.0698 4600 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

    16:21:59.0698 4600 lltdio - ok

    16:21:59.0729 4600 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

    16:21:59.0729 4600 lltdsvc - ok

    16:21:59.0745 4600 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

    16:21:59.0745 4600 lmhosts - ok

    16:21:59.0807 4600 [ 98B16E756243BEA9410E32025B19C06F ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

    16:21:59.0807 4600 LMS - ok

    16:21:59.0838 4600 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

    16:21:59.0838 4600 LSI_FC - ok

    16:21:59.0870 4600 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

    16:21:59.0870 4600 LSI_SAS - ok

    16:21:59.0885 4600 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

    16:21:59.0885 4600 LSI_SAS2 - ok

    16:21:59.0916 4600 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

    16:21:59.0916 4600 LSI_SCSI - ok

    16:21:59.0932 4600 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

    16:21:59.0932 4600 luafv - ok

    16:21:59.0979 4600 [ 3D1516114F5B1548864D043177F992A6 ] lxeaCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe

    16:21:59.0979 4600 lxeaCATSCustConnectService - ok

    16:21:59.0979 4600 lxea_device - ok

    16:22:00.0010 4600 MBAMProtector - ok

    16:22:00.0072 4600 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

    16:22:00.0072 4600 MBAMScheduler - ok

    16:22:00.0104 4600 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    16:22:00.0104 4600 MBAMService - ok

    16:22:00.0135 4600 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

    16:22:00.0135 4600 Mcx2Svc - ok

    16:22:00.0150 4600 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

    16:22:00.0150 4600 megasas - ok

    16:22:00.0166 4600 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

    16:22:00.0182 4600 MegaSR - ok

    16:22:00.0197 4600 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

    16:22:00.0197 4600 MEIx64 - ok

    16:22:00.0244 4600 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

    16:22:00.0244 4600 MMCSS - ok

    16:22:00.0260 4600 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

    16:22:00.0260 4600 Modem - ok

    16:22:00.0275 4600 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

    16:22:00.0275 4600 monitor - ok

    16:22:00.0322 4600 [ C030F9E822A057C1A7A9BB4EA3E8877E ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys

    16:22:00.0322 4600 MotioninJoyXFilter - ok

    16:22:00.0353 4600 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

    16:22:00.0353 4600 mouclass - ok

    16:22:00.0384 4600 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

    16:22:00.0384 4600 mouhid - ok

    16:22:00.0400 4600 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

    16:22:00.0400 4600 mountmgr - ok

    16:22:00.0462 4600 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

    16:22:00.0478 4600 MozillaMaintenance - ok

    16:22:00.0509 4600 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

    16:22:00.0509 4600 mpio - ok

    16:22:00.0525 4600 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

    16:22:00.0525 4600 mpsdrv - ok

    16:22:00.0556 4600 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

    16:22:00.0572 4600 MpsSvc - ok

    16:22:00.0603 4600 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

    16:22:00.0603 4600 MRxDAV - ok

    16:22:00.0618 4600 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

    16:22:00.0634 4600 mrxsmb - ok

    16:22:00.0665 4600 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

    16:22:00.0681 4600 mrxsmb10 - ok

    16:22:00.0681 4600 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

    16:22:00.0681 4600 mrxsmb20 - ok

    16:22:00.0696 4600 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

    16:22:00.0696 4600 msahci - ok

    16:22:00.0712 4600 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

    16:22:00.0712 4600 msdsm - ok

    16:22:00.0728 4600 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

    16:22:00.0728 4600 MSDTC - ok

    16:22:00.0743 4600 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

    16:22:00.0743 4600 Msfs - ok

    16:22:00.0759 4600 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

    16:22:00.0759 4600 mshidkmdf - ok

    16:22:00.0774 4600 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

    16:22:00.0774 4600 msisadrv - ok

    16:22:00.0790 4600 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

    16:22:00.0790 4600 MSiSCSI - ok

    16:22:00.0790 4600 msiserver - ok

    16:22:00.0837 4600 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

    16:22:00.0837 4600 MSKSSRV - ok

    16:22:00.0837 4600 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

    16:22:00.0852 4600 MSPCLOCK - ok

    16:22:00.0852 4600 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

    16:22:00.0852 4600 MSPQM - ok

    16:22:00.0884 4600 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

    16:22:00.0899 4600 MsRPC - ok

    16:22:00.0915 4600 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

    16:22:00.0915 4600 mssmbios - ok

    16:22:00.0930 4600 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

    16:22:00.0930 4600 MSTEE - ok

    16:22:00.0946 4600 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

    16:22:00.0946 4600 MTConfig - ok

    16:22:00.0962 4600 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

    16:22:00.0962 4600 Mup - ok

    16:22:01.0024 4600 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

    16:22:01.0024 4600 napagent - ok

    16:22:01.0086 4600 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

    16:22:01.0102 4600 NativeWifiP - ok

    16:22:01.0164 4600 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

    16:22:01.0164 4600 NDIS - ok

    16:22:01.0196 4600 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

    16:22:01.0196 4600 NdisCap - ok

    16:22:01.0211 4600 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

    16:22:01.0211 4600 NdisTapi - ok

    16:22:01.0258 4600 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

    16:22:01.0258 4600 Ndisuio - ok

    16:22:01.0289 4600 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

    16:22:01.0289 4600 NdisWan - ok

    16:22:01.0336 4600 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

    16:22:01.0336 4600 NDProxy - ok

    16:22:01.0352 4600 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

    16:22:01.0367 4600 NetBIOS - ok

    16:22:01.0398 4600 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

    16:22:01.0398 4600 NetBT - ok

    16:22:01.0414 4600 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

    16:22:01.0414 4600 Netlogon - ok

    16:22:01.0430 4600 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

    16:22:01.0445 4600 Netman - ok

    16:22:01.0492 4600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    16:22:01.0492 4600 NetMsmqActivator - ok

    16:22:01.0492 4600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    16:22:01.0492 4600 NetPipeActivator - ok

    16:22:01.0508 4600 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

    16:22:01.0523 4600 netprofm - ok

    16:22:01.0523 4600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    16:22:01.0523 4600 NetTcpActivator - ok

    16:22:01.0539 4600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    16:22:01.0539 4600 NetTcpPortSharing - ok

    16:22:01.0554 4600 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

    16:22:01.0570 4600 nfrd960 - ok
     
  10. Styl

    Styl TS Member Topic Starter Posts: 61

    16:22:01.0601 4600 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

    16:22:01.0601 4600 NlaSvc - ok

    16:22:01.0617 4600 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

    16:22:01.0617 4600 Npfs - ok

    16:22:01.0632 4600 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

    16:22:01.0632 4600 nsi - ok

    16:22:01.0648 4600 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

    16:22:01.0648 4600 nsiproxy - ok

    16:22:01.0710 4600 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

    16:22:01.0742 4600 Ntfs - ok

    16:22:01.0773 4600 [ 77EB11DA191D12D12E28D7BD8905C42C ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys

    16:22:01.0773 4600 NuidFltr - ok

    16:22:01.0804 4600 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

    16:22:01.0804 4600 Null - ok

    16:22:01.0851 4600 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

    16:22:01.0851 4600 nvraid - ok

    16:22:01.0866 4600 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

    16:22:01.0866 4600 nvstor - ok

    16:22:01.0944 4600 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

    16:22:01.0944 4600 nv_agp - ok

    16:22:02.0007 4600 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

    16:22:02.0007 4600 ohci1394 - ok

    16:22:02.0069 4600 [ 8C02B0CC65BEE71124A565062BA77B39 ] OpenVPNAccessClient C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe

    16:22:02.0069 4600 OpenVPNAccessClient - ok

    16:22:02.0116 4600 [ EC322186D8FCE3D632F3F597D67747DD ] OpenVPNService C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe

    16:22:02.0116 4600 OpenVPNService - ok

    16:22:02.0163 4600 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

    16:22:02.0163 4600 p2pimsvc - ok

    16:22:02.0194 4600 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

    16:22:02.0210 4600 p2psvc - ok

    16:22:02.0241 4600 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

    16:22:02.0241 4600 Parport - ok

    16:22:02.0272 4600 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

    16:22:02.0272 4600 partmgr - ok

    16:22:02.0303 4600 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

    16:22:02.0303 4600 PcaSvc - ok

    16:22:02.0334 4600 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

    16:22:02.0334 4600 pci - ok

    16:22:02.0350 4600 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

    16:22:02.0350 4600 pciide - ok

    16:22:02.0397 4600 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

    16:22:02.0397 4600 pcmcia - ok

    16:22:02.0428 4600 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

    16:22:02.0428 4600 pcw - ok

    16:22:02.0459 4600 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

    16:22:02.0459 4600 PEAUTH - ok

    16:22:02.0490 4600 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

    16:22:02.0506 4600 PeerDistSvc - ok

    16:22:02.0584 4600 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

    16:22:02.0584 4600 PerfHost - ok

    16:22:02.0662 4600 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

    16:22:02.0678 4600 pla - ok

    16:22:02.0709 4600 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

    16:22:02.0709 4600 PlugPlay - ok

    16:22:02.0740 4600 PnkBstrA - ok

    16:22:02.0771 4600 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

    16:22:02.0771 4600 PNRPAutoReg - ok

    16:22:02.0787 4600 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

    16:22:02.0787 4600 PNRPsvc - ok

    16:22:02.0834 4600 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys

    16:22:02.0834 4600 Point64 - ok

    16:22:02.0865 4600 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

    16:22:02.0880 4600 PolicyAgent - ok

    16:22:02.0896 4600 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

    16:22:02.0912 4600 Power - ok

    16:22:02.0927 4600 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

    16:22:02.0927 4600 PptpMiniport - ok

    16:22:02.0958 4600 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

    16:22:02.0958 4600 Processor - ok

    16:22:03.0005 4600 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

    16:22:03.0005 4600 ProfSvc - ok

    16:22:03.0005 4600 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

    16:22:03.0021 4600 ProtectedStorage - ok

    16:22:03.0052 4600 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

    16:22:03.0052 4600 Psched - ok

    16:22:03.0099 4600 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

    16:22:03.0114 4600 ql2300 - ok

    16:22:03.0130 4600 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

    16:22:03.0146 4600 ql40xx - ok

    16:22:03.0161 4600 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

    16:22:03.0177 4600 QWAVE - ok

    16:22:03.0177 4600 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

    16:22:03.0177 4600 QWAVEdrv - ok

    16:22:03.0192 4600 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

    16:22:03.0192 4600 RasAcd - ok

    16:22:03.0224 4600 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

    16:22:03.0224 4600 RasAgileVpn - ok

    16:22:03.0239 4600 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

    16:22:03.0255 4600 RasAuto - ok

    16:22:03.0270 4600 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

    16:22:03.0270 4600 Rasl2tp - ok

    16:22:03.0333 4600 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

    16:22:03.0333 4600 RasMan - ok

    16:22:03.0348 4600 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

    16:22:03.0348 4600 RasPppoe - ok

    16:22:03.0348 4600 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

    16:22:03.0348 4600 RasSstp - ok

    16:22:03.0395 4600 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

    16:22:03.0395 4600 rdbss - ok

    16:22:03.0411 4600 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

    16:22:03.0411 4600 rdpbus - ok

    16:22:03.0426 4600 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

    16:22:03.0426 4600 RDPCDD - ok

    16:22:03.0473 4600 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

    16:22:03.0473 4600 RDPDR - ok

    16:22:03.0473 4600 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

    16:22:03.0473 4600 RDPENCDD - ok

    16:22:03.0489 4600 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

    16:22:03.0489 4600 RDPREFMP - ok

    16:22:03.0536 4600 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

    16:22:03.0536 4600 RdpVideoMiniport - ok

    16:22:03.0567 4600 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

    16:22:03.0567 4600 RDPWD - ok

    16:22:03.0598 4600 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

    16:22:03.0598 4600 rdyboost - ok

    16:22:03.0614 4600 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

    16:22:03.0614 4600 RemoteAccess - ok

    16:22:03.0629 4600 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

    16:22:03.0645 4600 RemoteRegistry - ok

    16:22:03.0676 4600 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys

    16:22:03.0676 4600 Revoflt - ok

    16:22:03.0723 4600 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys

    16:22:03.0723 4600 RimUsb - ok

    16:22:03.0738 4600 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

    16:22:03.0738 4600 RimVSerPort - ok

    16:22:03.0754 4600 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys

    16:22:03.0754 4600 ROOTMODEM - ok

    16:22:03.0770 4600 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

    16:22:03.0770 4600 RpcEptMapper - ok

    16:22:03.0801 4600 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

    16:22:03.0801 4600 RpcLocator - ok

    16:22:03.0832 4600 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

    16:22:03.0832 4600 RpcSs - ok

    16:22:03.0879 4600 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

    16:22:03.0879 4600 rspndr - ok

    16:22:03.0926 4600 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

    16:22:03.0941 4600 RTL8167 - ok

    16:22:03.0988 4600 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

    16:22:03.0988 4600 s3cap - ok

    16:22:04.0004 4600 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

    16:22:04.0004 4600 SamSs - ok

    16:22:04.0019 4600 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

    16:22:04.0019 4600 sbp2port - ok

    16:22:04.0050 4600 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

    16:22:04.0050 4600 SCardSvr - ok

    16:22:04.0082 4600 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

    16:22:04.0082 4600 scfilter - ok

    16:22:04.0144 4600 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

    16:22:04.0160 4600 Schedule - ok

    16:22:04.0191 4600 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

    16:22:04.0191 4600 SCPolicySvc - ok

    16:22:04.0222 4600 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

    16:22:04.0222 4600 SDRSVC - ok

    16:22:04.0269 4600 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

    16:22:04.0269 4600 secdrv - ok

    16:22:04.0300 4600 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

    16:22:04.0300 4600 seclogon - ok

    16:22:04.0316 4600 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

    16:22:04.0316 4600 SENS - ok

    16:22:04.0347 4600 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

    16:22:04.0347 4600 SensrSvc - ok

    16:22:04.0394 4600 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

    16:22:04.0394 4600 Serenum - ok

    16:22:04.0409 4600 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

    16:22:04.0409 4600 Serial - ok

    16:22:04.0440 4600 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

    16:22:04.0440 4600 sermouse - ok

    16:22:04.0472 4600 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

    16:22:04.0472 4600 SessionEnv - ok

    16:22:04.0487 4600 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

    16:22:04.0487 4600 sffdisk - ok

    16:22:04.0503 4600 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

    16:22:04.0503 4600 sffp_mmc - ok

    16:22:04.0503 4600 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

    16:22:04.0503 4600 sffp_sd - ok

    16:22:04.0518 4600 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

    16:22:04.0518 4600 sfloppy - ok

    16:22:04.0550 4600 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

    16:22:04.0550 4600 SharedAccess - ok

    16:22:04.0612 4600 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

    16:22:04.0612 4600 ShellHWDetection - ok

    16:22:04.0628 4600 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

    16:22:04.0628 4600 SiSRaid2 - ok

    16:22:04.0643 4600 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

    16:22:04.0643 4600 SiSRaid4 - ok

    16:22:04.0674 4600 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

    16:22:04.0674 4600 Smb - ok

    16:22:04.0721 4600 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

    16:22:04.0721 4600 SNMPTRAP - ok

    16:22:04.0721 4600 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

    16:22:04.0737 4600 spldr - ok

    16:22:04.0768 4600 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

    16:22:04.0768 4600 Spooler - ok

    16:22:04.0846 4600 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

    16:22:04.0877 4600 sppsvc - ok

    16:22:04.0893 4600 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

    16:22:04.0893 4600 sppuinotify - ok

    16:22:04.0940 4600 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

    16:22:04.0940 4600 srv - ok

    16:22:04.0955 4600 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

    16:22:04.0955 4600 srv2 - ok

    16:22:04.0971 4600 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

    16:22:04.0971 4600 srvnet - ok

    16:22:05.0002 4600 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

    16:22:05.0002 4600 SSDPSRV - ok

    16:22:05.0002 4600 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

    16:22:05.0018 4600 SstpSvc - ok

    16:22:05.0064 4600 [ A3DB02B3FE0884E9167E457D167C8A73 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys

    16:22:05.0064 4600 ssudmdm - ok

    16:22:05.0111 4600 Steam Client Service - ok

    16:22:05.0142 4600 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

    16:22:05.0142 4600 stexstor - ok

    16:22:05.0220 4600 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

    16:22:05.0220 4600 stisvc - ok

    16:22:05.0252 4600 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

    16:22:05.0252 4600 storflt - ok

    16:22:05.0283 4600 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

    16:22:05.0283 4600 storvsc - ok

    16:22:05.0330 4600 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

    16:22:05.0330 4600 swenum - ok

    16:22:05.0439 4600 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    16:22:05.0439 4600 SwitchBoard - ok

    16:22:05.0454 4600 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

    16:22:05.0470 4600 swprv - ok

    16:22:05.0470 4600 Synth3dVsc - ok

    16:22:05.0532 4600 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

    16:22:05.0564 4600 SysMain - ok

    16:22:05.0595 4600 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

    16:22:05.0595 4600 TabletInputService - ok

    16:22:05.0642 4600 [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys

    16:22:05.0673 4600 tap0901 - ok

    16:22:05.0688 4600 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

    16:22:05.0688 4600 TapiSrv - ok

    16:22:05.0704 4600 [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas C:\Windows\system32\DRIVERS\tapoas.sys

    16:22:05.0720 4600 tapoas - ok

    16:22:05.0751 4600 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

    16:22:05.0751 4600 TBS - ok

    16:22:05.0813 4600 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys

    16:22:05.0829 4600 Tcpip - ok

    16:22:05.0860 4600 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

    16:22:05.0876 4600 TCPIP6 - ok

    16:22:05.0907 4600 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

    16:22:05.0907 4600 tcpipreg - ok

    16:22:05.0938 4600 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

    16:22:05.0938 4600 TDPIPE - ok

    16:22:05.0954 4600 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

    16:22:05.0969 4600 TDTCP - ok

    16:22:06.0016 4600 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

    16:22:06.0016 4600 tdx - ok

    16:22:06.0047 4600 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

    16:22:06.0047 4600 TermDD - ok

    16:22:06.0110 4600 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

    16:22:06.0110 4600 TermService - ok

    16:22:06.0156 4600 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

    16:22:06.0156 4600 Themes - ok

    16:22:06.0188 4600 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

    16:22:06.0188 4600 THREADORDER - ok

    16:22:06.0188 4600 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

    16:22:06.0203 4600 TrkWks - ok

    16:22:06.0250 4600 [ 370A6907DDF79532A39319492B1FA38A ] truecrypt C:\Windows\system32\drivers\truecrypt.sys

    16:22:06.0250 4600 truecrypt - ok

    16:22:06.0297 4600 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

    16:22:06.0297 4600 TrustedInstaller - ok

    16:22:06.0328 4600 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

    16:22:06.0328 4600 tssecsrv - ok

    16:22:06.0344 4600 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

    16:22:06.0359 4600 TsUsbFlt - ok

    16:22:06.0359 4600 tsusbhub - ok

    16:22:06.0390 4600 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

    16:22:06.0406 4600 tunnel - ok

    16:22:06.0406 4600 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

    16:22:06.0406 4600 uagp35 - ok

    16:22:06.0437 4600 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

    16:22:06.0453 4600 udfs - ok

    16:22:06.0484 4600 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

    16:22:06.0484 4600 UI0Detect - ok

    16:22:06.0515 4600 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

    16:22:06.0515 4600 uliagpkx - ok

    16:22:06.0546 4600 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

    16:22:06.0546 4600 umbus - ok

    16:22:06.0562 4600 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

    16:22:06.0562 4600 UmPass - ok

    16:22:06.0624 4600 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

    16:22:06.0624 4600 UmRdpService - ok

    16:22:06.0718 4600 [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    16:22:06.0749 4600 UNS - ok

    16:22:06.0765 4600 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

    16:22:06.0780 4600 upnphost - ok

    16:22:06.0843 4600 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

    16:22:06.0843 4600 usbccgp - ok

    16:22:06.0874 4600 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

    16:22:06.0874 4600 usbcir - ok

    16:22:06.0890 4600 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

    16:22:06.0890 4600 usbehci - ok

    16:22:06.0921 4600 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

    16:22:06.0921 4600 usbhub - ok

    16:22:06.0936 4600 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

    16:22:06.0936 4600 usbohci - ok

    16:22:06.0968 4600 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

    16:22:06.0968 4600 usbprint - ok

    16:22:06.0999 4600 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

    16:22:06.0999 4600 usbscan - ok

    16:22:07.0030 4600 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

    16:22:07.0030 4600 USBSTOR - ok

    16:22:07.0061 4600 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

    16:22:07.0061 4600 usbuhci - ok

    16:22:07.0077 4600 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

    16:22:07.0092 4600 UxSms - ok

    16:22:07.0108 4600 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

    16:22:07.0108 4600 VaultSvc - ok

    16:22:07.0124 4600 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

    16:22:07.0124 4600 vdrvroot - ok

    16:22:07.0155 4600 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

    16:22:07.0170 4600 vds - ok

    16:22:07.0186 4600 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

    16:22:07.0186 4600 vga - ok

    16:22:07.0202 4600 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

    16:22:07.0202 4600 VgaSave - ok

    16:22:07.0202 4600 VGPU - ok

    16:22:07.0248 4600 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

    16:22:07.0248 4600 vhdmp - ok

    16:22:07.0311 4600 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

    16:22:07.0311 4600 viaide - ok

    16:22:07.0358 4600 [ 94CF2D157C8FD9089AFA5DA78AA64C65 ] VMAuthdService C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

    16:22:07.0358 4600 VMAuthdService - ok

    16:22:07.0373 4600 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys

    16:22:07.0373 4600 vmbus - ok

    16:22:07.0389 4600 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

    16:22:07.0389 4600 VMBusHID - ok

    16:22:07.0451 4600 [ 87FC1DD880E8CAC4FAEBB84AF61A87C4 ] vmci C:\Windows\system32\DRIVERS\vmci.sys

    16:22:07.0451 4600 vmci - ok

    16:22:07.0482 4600 [ B259C31378BC855AFD1B53F59311C251 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys

    16:22:07.0482 4600 VMnetAdapter - ok

    16:22:07.0529 4600 [ DEC4CE720FFEDA939CF1BA315CFBD993 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys

    16:22:07.0529 4600 VMnetBridge - ok

    16:22:07.0529 4600 VMnetDHCP - ok

    16:22:07.0545 4600 [ A17EE27ACB84B230AC65936A3484495F ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys

    16:22:07.0560 4600 VMnetuserif - ok

    16:22:07.0576 4600 [ DF97B0E4CD49F311C14FB04EC9907196 ] VMparport C:\Windows\system32\drivers\VMparport.sys

    16:22:07.0607 4600 VMparport - ok

    16:22:07.0670 4600 [ 18903CA7936912C337C9D28858880CF2 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

    16:22:07.0670 4600 VMUSBArbService - ok

    16:22:07.0685 4600 VMware NAT Service - ok

    16:22:07.0857 4600 [ 8C01AE115E9E6806A25A9B5136FD6FC0 ] VMwareHostd C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe

    16:22:07.0982 4600 VMwareHostd - ok

    16:22:08.0013 4600 [ 9843A0D68EA81817F9B713FC37372CBB ] vmx86 C:\Windows\system32\drivers\vmx86.sys

    16:22:08.0013 4600 vmx86 - ok

    16:22:08.0044 4600 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

    16:22:08.0060 4600 volmgr - ok

    16:22:08.0106 4600 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

    16:22:08.0106 4600 volmgrx - ok

    16:22:08.0122 4600 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

    16:22:08.0122 4600 volsnap - ok

    16:22:08.0153 4600 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

    16:22:08.0153 4600 vsmraid - ok

    16:22:08.0231 4600 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

    16:22:08.0247 4600 VSS - ok

    16:22:08.0340 4600 [ 6107E33A30C0B923F31C872E1980D2D1 ] vstor2-mntapi10-shared C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys

    16:22:08.0340 4600 vstor2-mntapi10-shared - ok

    16:22:08.0340 4600 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

    16:22:08.0340 4600 vwifibus - ok

    16:22:08.0372 4600 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

    16:22:08.0372 4600 W32Time - ok

    16:22:08.0387 4600 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

    16:22:08.0387 4600 WacomPen - ok

    16:22:08.0418 4600 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

    16:22:08.0418 4600 WANARP - ok

    16:22:08.0434 4600 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

    16:22:08.0434 4600 Wanarpv6 - ok

    16:22:08.0481 4600 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

    16:22:08.0496 4600 wbengine - ok

    16:22:08.0512 4600 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

    16:22:08.0528 4600 WbioSrvc - ok

    16:22:08.0559 4600 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

    16:22:08.0559 4600 wcncsvc - ok

    16:22:08.0574 4600 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

    16:22:08.0574 4600 WcsPlugInService - ok

    16:22:08.0590 4600 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

    16:22:08.0590 4600 Wd - ok

    16:22:08.0652 4600 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys

    16:22:08.0652 4600 WDC_SAM - ok

    16:22:08.0668 4600 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

    16:22:08.0668 4600 Wdf01000 - ok

    16:22:08.0684 4600 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

    16:22:08.0684 4600 WdiServiceHost - ok

    16:22:08.0684 4600 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

    16:22:08.0684 4600 WdiSystemHost - ok

    16:22:08.0699 4600 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

    16:22:08.0715 4600 WebClient - ok

    16:22:08.0730 4600 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

    16:22:08.0730 4600 Wecsvc - ok

    16:22:08.0746 4600 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

    16:22:08.0746 4600 wercplsupport - ok

    16:22:08.0777 4600 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

    16:22:08.0777 4600 WerSvc - ok

    16:22:08.0777 4600 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

    16:22:08.0793 4600 WfpLwf - ok

    16:22:08.0793 4600 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

    16:22:08.0793 4600 WIMMount - ok

    16:22:08.0824 4600 WinDefend - ok

    16:22:08.0824 4600 WinHttpAutoProxySvc - ok

    16:22:08.0886 4600 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

    16:22:08.0886 4600 Winmgmt - ok

    16:22:08.0949 4600 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

    16:22:08.0964 4600 WinRM - ok

    16:22:09.0011 4600 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys

    16:22:09.0011 4600 WinUSB - ok

    16:22:09.0042 4600 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

    16:22:09.0058 4600 Wlansvc - ok

    16:22:09.0089 4600 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

    16:22:09.0089 4600 WmiAcpi - ok

    16:22:09.0105 4600 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

    16:22:09.0105 4600 wmiApSrv - ok

    16:22:09.0136 4600 WMPNetworkSvc - ok

    16:22:09.0167 4600 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

    16:22:09.0167 4600 WPCSvc - ok

    16:22:09.0198 4600 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

    16:22:09.0198 4600 WPDBusEnum - ok

    16:22:09.0214 4600 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

    16:22:09.0230 4600 ws2ifsl - ok

    16:22:09.0230 4600 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

    16:22:09.0230 4600 wscsvc - ok

    16:22:09.0245 4600 WSearch - ok

    16:22:09.0308 4600 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

    16:22:09.0339 4600 wuauserv - ok

    16:22:09.0370 4600 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

    16:22:09.0370 4600 WudfPf - ok

    16:22:09.0417 4600 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

    16:22:09.0417 4600 WUDFRd - ok

    16:22:09.0432 4600 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

    16:22:09.0448 4600 wudfsvc - ok

    16:22:09.0479 4600 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

    16:22:09.0479 4600 WwanSvc - ok

    16:22:09.0510 4600 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys

    16:22:09.0510 4600 xusb21 - ok

    16:22:09.0573 4600 ================ Scan global ===============================

    16:22:09.0604 4600 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

    16:22:09.0635 4600 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

    16:22:09.0651 4600 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

    16:22:09.0666 4600 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

    16:22:09.0698 4600 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

    16:22:09.0698 4600 [Global] - ok

    16:22:09.0698 4600 ================ Scan MBR ==================================

    16:22:09.0713 4600 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

    16:22:09.0822 4600 \Device\Harddisk0\DR0 - ok

    16:22:09.0838 4600 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1

    16:22:09.0838 4600 \Device\Harddisk1\DR1 - ok

    16:22:09.0869 4600 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2

    16:22:10.0166 4600 \Device\Harddisk2\DR2 - ok

    16:22:10.0166 4600 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3

    16:22:10.0181 4600 \Device\Harddisk3\DR3 - ok

    16:22:10.0181 4600 ================ Scan VBR ==================================

    16:22:10.0181 4600 [ 4407D9295BCB7EB401C2266666746B1D ] \Device\Harddisk0\DR0\Partition1

    16:22:10.0181 4600 \Device\Harddisk0\DR0\Partition1 - ok

    16:22:10.0181 4600 [ 173418771679E2D89BFAFF8290A3FDAD ] \Device\Harddisk1\DR1\Partition1

    16:22:10.0181 4600 \Device\Harddisk1\DR1\Partition1 - ok

    16:22:10.0181 4600 [ 6EFDC94B480B67563AAE987804A186DC ] \Device\Harddisk2\DR2\Partition1

    16:22:10.0181 4600 \Device\Harddisk2\DR2\Partition1 - ok

    16:22:10.0181 4600 [ 5DB2964D79F1D8BF196A1BFF5708EE05 ] \Device\Harddisk3\DR3\Partition1

    16:22:10.0181 4600 \Device\Harddisk3\DR3\Partition1 - ok

    16:22:10.0181 4600 ============================================================

    16:22:10.0181 4600 Scan finished

    16:22:10.0181 4600 ============================================================

    16:22:10.0197 4432 Detected object count: 0

    16:22:10.0197 4432 Actual detected object count: 0
     
  11. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Very good :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
     
  12. Styl

    Styl TS Member Topic Starter Posts: 61

    Combofix:

    ComboFix 12-11-03.02 - Owner 11/03/2012 17:17:57.4.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.6127 [GMT -5:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-03 to 2012-11-03 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-03 22:24 . 2012-11-03 22:24 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-11-03 22:24 . 2012-11-03 22:24 -------- d-----w- c:\users\Caleb\AppData\Local\temp
    2012-11-02 18:34 . 2012-11-02 18:34 -------- d-----w- c:\users\Owner\AppData\Local\Diagnostics
    2012-11-02 09:14 . 2012-11-03 08:00 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8D7FB25-8C32-4FB1-B2A6-95D0253155EB}\offreg.dll
    2012-11-01 00:29 . 2012-11-01 00:29 119808 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
    2012-11-01 00:29 . 2012-11-01 00:29 -------- d-----w- c:\users\Owner\AppData\Local\Apps
    2012-10-27 21:32 . 2012-10-29 00:00 -------- d-----w- c:\users\Owner\AppData\Roaming\FileZilla
    2012-10-27 21:31 . 2012-10-27 21:31 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
    2012-10-27 18:05 . 2012-10-27 18:05 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
    2012-10-27 18:05 . 2012-10-27 18:05 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-27 18:05 . 2012-10-27 18:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-21 13:26 . 2012-10-21 13:26 -------- d-----w- c:\users\Owner\AppData\Roaming\Sid Meier's Civilization 5
    2012-10-19 21:47 . 2012-10-17 07:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8D7FB25-8C32-4FB1-B2A6-95D0253155EB}\mpengine.dll
    2012-10-19 21:45 . 2012-08-20 18:48 362496 ----a-w- c:\windows\system32\wow64win.dll
    2012-10-19 21:37 . 2012-10-19 21:37 -------- d-----w- c:\program files\ESET
    2012-10-17 16:47 . 2012-10-17 16:52 -------- d-----w- c:\program files (x86)\PdaNet for Android
    2012-10-14 12:54 . 2012-10-19 21:54 -------- d-----w- c:\users\Administrator
    2012-10-14 11:58 . 2012-10-14 13:46 -------- d-----w- c:\users\Owner\AppData\Local\VS Revo Group
    2012-10-14 11:58 . 2009-12-30 16:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2012-10-14 11:58 . 2012-10-14 13:46 -------- d-----w- c:\program files\VS Revo Group
    2012-10-14 07:25 . 2012-10-14 07:25 -------- d-----w- c:\programdata\ATI
    2012-10-14 07:25 . 2012-10-14 07:25 -------- d-----w- c:\program files (x86)\AMD APP
    2012-10-11 14:37 . 2012-10-11 14:37 -------- d-----w- c:\program files (x86)\Bethesda
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-28 05:18 . 2012-04-01 02:49 65309168 ----a-w- c:\windows\system32\MRT.exe
    2012-09-12 15:27 . 2012-03-30 19:53 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-12 15:27 . 2012-03-30 19:53 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-20 17:38 . 2012-10-19 21:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-08-15 16:55 . 2012-04-08 23:03 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
    R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-02-18 82112]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-08-15 121416]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-02-18 202560]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
    R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
    R4 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [2010-04-14 45736]
    R4 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2011-12-27 24064]
    R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
    R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
    R4 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-05-01 11839488]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
    S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-09 283200]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
    S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-04-14 1052328]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
    S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
    S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [2011-05-05 27808]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
    S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
    S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
    S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-17 14464]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 10390485
    *NewlyCreated* - 90076898
    *NewlyCreated* - ASWMBR
    *Deregistered* - 10390485
    *Deregistered* - 90076898
    *Deregistered* - aswMBR
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-07-22 464744]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    LSP: %SystemRoot%\system32\vsocklib.dll
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gp8cn7pb.default\
    FF - ExtSQL: 2012-09-08 13:38; {888d99e7-e8b5-46a3-851e-1ec45da1e644}; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gp8cn7pb.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    AddRemove-{1AA94747-3BF6-4237-9E1A-7B3067738FE1} - c:\program files (x86)\InstallShield Installation Information\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AIDA64Driver]
    "ImagePath"="\??\c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1233452023-2105975733-1555120478-1000\Software\SecuROM\License information*]
    "datasecu"=hex:bc,ce,7b,3f,6d,7a,6b,a4,70,b3,e1,08,02,9d,3b,7b,ce,a1,63,48,e1,
    f4,14,73,3d,0b,03,c6,a0,65,70,07,cf,a6,fe,de,84,ee,9a,6a,93,ed,be,3d,9c,3f,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_USERS\S-1-5-21-1233452023-2105975733-1555120478-1000_Classes\Wow6432Node\CLSID\{0c934317-3ae2-43d0-9f4c-a28192c6f507}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:000000e4
    "Therad"=dword:00000015
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_USERS\S-1-5-21-1233452023-2105975733-1555120478-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):b8,91,1e,ae,d7,b8,a8,eb,54,25,f4,ff,8f,26,ed,bf,33,6b,54,12,f6,
    25,6b,ab,14,7f,33,91,3a,1a,a9,ae,fd,e6,42,5d,35,7e,20,ef,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-11-03 17:29:48
    ComboFix-quarantined-files.txt 2012-11-03 22:29
    ComboFix2.txt 2012-11-01 19:10
    ComboFix3.txt 2012-10-28 15:43
    .
    Pre-Run: 283,576,639,488 bytes free
    Post-Run: 283,680,161,792 bytes free
    .
    - - End Of File - - B68E721AF09234383A603855D1D62C60
     
  13. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Looks good :)

    Any current issues?

    =============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  14. Styl

    Styl TS Member Topic Starter Posts: 61

    No issues at present.

    OTL Log:

    OTL logfile created on: 11/3/2012 5:58:05 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.98 Gb Total Physical Memory | 5.87 Gb Available Physical Memory | 73.59% Memory free
    15.96 Gb Paging File | 13.82 Gb Available in Paging File | 86.58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.75 Gb Total Space | 264.29 Gb Free Space | 56.75% Space Free | Partition Type: NTFS
    Drive D: | 698.63 Gb Total Space | 2.19 Gb Free Space | 0.31% Space Free | Partition Type: NTFS
    Drive E: | 63.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 232.88 Gb Total Space | 8.93 Gb Free Space | 3.84% Space Free | Partition Type: NTFS
    Drive H: | 1862.98 Gb Total Space | 1799.78 Gb Free Space | 96.61% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/03 17:56:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/04/30 20:42:26 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
    PRC - [2012/04/30 20:42:14 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
    PRC - [2012/04/15 10:37:49 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    PRC - [2011/05/04 22:22:22 | 003,174,536 | ---- | M] (FinalWire Ltd.) -- C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
    PRC - [2010/05/05 08:18:43 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
    PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/05/04 22:22:22 | 000,274,552 | ---- | M] () -- C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida_icons7.dll
    MOD - [2010/05/05 08:18:43 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
    MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadrs.dll
    MOD - [2010/04/01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
    MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
    MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
    MOD - [2009/02/20 03:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXEAsmr.dll
    MOD - [2009/02/20 03:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEAsm.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/07/27 21:09:44 | 000,239,616 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2010/04/14 15:45:36 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeacoms.exe -- (lxea_device)
    SRV:64bit: - [2010/04/14 15:45:30 | 000,045,736 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/10/26 22:37:40 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/04/30 20:42:26 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2012/04/30 20:42:14 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
    SRV - [2012/04/30 19:53:30 | 011,839,488 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
    SRV - [2012/04/30 17:54:52 | 000,079,872 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
    SRV - [2012/04/26 15:03:36 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
    SRV - [2012/04/15 10:37:49 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/12/27 16:55:10 | 000,024,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient)
    SRV - [2011/12/15 12:29:42 | 000,014,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
    SRV - [2011/08/29 23:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
    SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/02/01 13:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2011/02/01 13:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2010/04/14 15:45:30 | 000,045,736 | ---- | M] () [Disabled | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
    SRV - [2010/04/14 15:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeacoms.exe -- (lxea_device)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/15 11:55:20 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
    DRV:64bit: - [2012/07/27 23:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/07/27 20:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/07/11 11:41:27 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
    DRV:64bit: - [2012/05/14 01:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2012/04/30 20:42:46 | 000,031,344 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
    DRV:64bit: - [2012/04/30 20:42:44 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
    DRV:64bit: - [2012/04/30 20:40:52 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
    DRV:64bit: - [2012/04/30 17:22:42 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
    DRV:64bit: - [2012/04/30 17:22:42 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
    DRV:64bit: - [2012/04/08 19:18:44 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012/03/14 08:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
    DRV:64bit: - [2012/03/14 08:40:04 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
    DRV:64bit: - [2012/03/14 08:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
    DRV:64bit: - [2012/03/14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
    DRV:64bit: - [2012/03/14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/12/15 12:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2011/08/29 23:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
    DRV:64bit: - [2011/08/19 00:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
    DRV:64bit: - [2011/08/08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
    DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2011/07/20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2011/04/08 23:00:20 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/17 23:47:42 | 000,202,560 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
    DRV:64bit: - [2011/02/17 23:47:42 | 000,082,112 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV:64bit: - [2011/02/16 19:52:59 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2011/02/08 00:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
    DRV:64bit: - [2011/02/08 00:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2010/06/23 04:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2011/05/04 22:22:22 | 000,027,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 -- (AIDA64Driver)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1233452023-2105975733-1555120478-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1233452023-2105975733-1555120478-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-1233452023-2105975733-1555120478-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
    FF - prefs.js..extensions.enabledAddons: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
    FF - prefs.js..extensions.enabledAddons: {b442f4c0-c292-4998-aabe-48608a73ba75}:1.1
    FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
    FF - prefs.js..extensions.enabledAddons: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:13.0.0
    FF - prefs.js..extensions.enabledAddons: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.15
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@plugin.couponnetwork.com/Coupon Print Activator;version=4.5: C:\Users\Owner\AppData\Roaming\E-centives\NPcolPM470.dll (Invenda)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/10/19 16:47:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 22:37:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/10/19 16:47:55 | 000,000,000 | ---D | M]

    [2012/03/30 14:17:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
    [2012/10/23 16:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gp8cn7pb.default\extensions
    [2012/03/30 14:42:41 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gp8cn7pb.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
    [2012/09/08 13:38:48 | 000,030,312 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gp8cn7pb.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
    [2012/10/23 04:37:32 | 000,377,191 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gp8cn7pb.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
    [2012/03/30 14:40:06 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gp8cn7pb.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
    [2012/07/12 20:09:28 | 000,032,829 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gp8cn7pb.default\extensions\{b442f4c0-c292-4998-aabe-48608a73ba75}.xpi
    [2012/07/24 21:29:15 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gp8cn7pb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012/03/30 14:42:41 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gp8cn7pb.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
    [2012/10/13 16:29:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/10/26 22:37:40 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/01 08:43:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/10/13 16:29:43 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/10/28 09:13:21 | 000,599,925 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost #[IPv6]
    O1 - Hosts: 127.0.0.1 fr.a2dfp.net
    O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
    O1 - Hosts: 127.0.0.1 ad.a8.net
    O1 - Hosts: 127.0.0.1 asy.a8ww.net
    O1 - Hosts: 127.0.0.1 abcstats.com
    O1 - Hosts: 127.0.0.1 a.abv.bg
    O1 - Hosts: 127.0.0.1 adserver.abv.bg
    O1 - Hosts: 127.0.0.1 adv.abv.bg
    O1 - Hosts: 127.0.0.1 bimg.abv.bg
    O1 - Hosts: 127.0.0.1 ca.abv.bg
    O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
    O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
    O1 - Hosts: 127.0.0.1 accuserveadsystem.com
    O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
    O1 - Hosts: 127.0.0.1 achmedia.com
    O1 - Hosts: 127.0.0.1 aconti.net
    O1 - Hosts: 127.0.0.1 secure.aconti.net
    O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
    O1 - Hosts: 127.0.0.1 csh.actiondesk.com
    O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
    O1 - Hosts: 127.0.0.1 ads.activepower.net
    O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
    O1 - Hosts: 127.0.0.1 cms.ad2click.nl
    O1 - Hosts: 16132 more lines...
    O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
    O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1233452023-2105975733-1555120478-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-1233452023-2105975733-1555120478-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1233452023-2105975733-1555120478-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-1233452023-2105975733-1555120478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1233452023-2105975733-1555120478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2644389-CF5F-43D4-944A-5A5C38F75943}: DhcpNameServer = 192.168.1.1
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll (Stardock)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/03 17:56:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2012/11/03 17:29:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/11/02 13:34:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Diagnostics
    [2012/11/01 21:03:21 | 000,815,681 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\ListParts64.exe
    [2012/11/01 13:06:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/01 13:06:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/01 13:04:13 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/01 13:01:00 | 004,996,578 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2012/10/31 19:29:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
    [2012/10/31 19:29:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apps
    [2012/10/28 22:39:58 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
    [2012/10/28 09:04:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine
    [2012/10/27 16:32:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\FileZilla
    [2012/10/27 16:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
    [2012/10/27 16:31:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
    [2012/10/27 13:29:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/27 13:25:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/27 13:05:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
    [2012/10/27 13:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/27 13:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/27 13:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/10/21 08:26:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Sid Meier's Civilization 5
    [2012/10/19 16:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
    [2012/10/19 16:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
    [2012/10/19 16:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/10/17 11:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PdaNet for Android
    [2012/10/14 07:27:47 | 000,638,976 | ---- | C] (ESET) -- C:\Users\Owner\Desktop\ESETUninstaller.exe
    [2012/10/14 06:58:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\VS Revo Group
    [2012/10/14 06:58:30 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
    [2012/10/14 06:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
    [2012/10/14 06:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2012/10/14 02:25:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2012/10/14 02:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
    [2012/10/13 16:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/10/11 09:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda

    ========== Files - Modified Within 30 Days ==========

    [2012/11/03 17:56:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2012/11/03 17:19:05 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/03 17:19:05 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/03 17:14:50 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
    [2012/11/03 17:02:44 | 004,996,578 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2012/11/03 08:40:42 | 000,783,194 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/11/03 08:40:42 | 000,662,790 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/11/03 08:40:42 | 000,122,244 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/11/03 01:56:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/03 01:56:15 | 2133,868,543 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/01 21:03:21 | 000,815,681 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\ListParts64.exe
    [2012/10/31 21:49:22 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\TDSSKiller.exe
    [2012/10/31 19:29:09 | 000,002,534 | ---- | M] () -- C:\Users\Owner\Desktop\Windows 7 USB DVD Download Tool.lnk
    [2012/10/30 19:02:43 | 000,000,000 | ---- | M] () -- C:\Users\Owner\Desktop\RogueKiller.exe
    [2012/10/28 22:40:12 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
    [2012/10/28 09:13:21 | 000,599,925 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/10/27 13:05:46 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/26 23:13:26 | 004,866,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/10/23 19:32:00 | 000,061,177 | ---- | M] () -- C:\Users\Owner\Desktop\306038_257923007633291_737419385_n.jpg
    [2012/10/21 08:26:11 | 000,000,907 | ---- | M] () -- C:\Users\Owner\Desktop\Sid Meier's Civilization 5.lnk
    [2012/10/14 07:27:30 | 000,638,976 | ---- | M] (ESET) -- C:\Users\Owner\Desktop\ESETUninstaller.exe
    [2012/10/14 06:58:30 | 000,001,111 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
    [2012/10/14 06:58:30 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

    ========== Files Created - No Company Name ==========

    [2012/11/03 16:36:23 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
    [2012/11/01 13:06:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/01 13:06:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/01 13:06:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/01 13:06:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/01 13:06:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/31 19:29:09 | 000,002,534 | ---- | C] () -- C:\Users\Owner\Desktop\Windows 7 USB DVD Download Tool.lnk
    [2012/10/28 22:37:22 | 000,000,000 | ---- | C] () -- C:\Users\Owner\Desktop\RogueKiller.exe
    [2012/10/27 13:05:46 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/23 19:31:59 | 000,061,177 | ---- | C] () -- C:\Users\Owner\Desktop\306038_257923007633291_737419385_n.jpg
    [2012/10/21 08:26:11 | 000,000,907 | ---- | C] () -- C:\Users\Owner\Desktop\Sid Meier's Civilization 5.lnk
    [2012/10/14 06:58:30 | 000,001,111 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
    [2012/10/14 06:58:30 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
    [2012/10/14 03:15:41 | 000,000,738 | ---- | C] () -- C:\Users\Owner\Documents\eset.reg
    [2012/10/13 06:52:44 | 000,216,713 | ---- | C] () -- C:\Users\Owner\Desktop\IMG_20121013_064857.jpg
    [2012/06/11 15:18:12 | 000,021,260 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
    [2012/06/09 09:45:20 | 000,095,233 | ---- | C] () -- C:\ProgramData\password-export-2012-06-09.xml
    [2012/06/07 20:13:59 | 000,003,584 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/05/31 10:54:31 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
    [2012/05/31 10:54:31 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
    [2012/05/31 10:54:31 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
    [2012/05/31 10:54:31 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll
    [2012/05/31 10:54:30 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
    [2012/05/31 10:54:30 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
    [2012/05/31 10:54:30 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
    [2012/05/31 10:54:30 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
    [2012/05/31 10:54:30 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaih.exe
    [2012/05/31 10:54:30 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
    [2012/05/31 10:54:30 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
    [2012/05/31 10:54:30 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
    [2012/05/31 10:54:30 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
    [2012/05/31 10:54:30 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
    [2012/05/31 10:54:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
    [2012/05/31 10:54:30 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
    [2012/05/31 10:54:29 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
    [2012/05/31 10:54:29 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
    [2012/05/31 10:54:29 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacoms.exe
    [2012/05/31 10:54:29 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacfg.exe
    [2012/05/31 10:54:29 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll
    [2012/05/31 10:53:34 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll
    [2012/05/31 10:53:34 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll
    [2012/04/15 10:37:50 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/04/15 10:37:49 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012/04/07 18:34:25 | 000,000,017 | ---- | C] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg
    [2012/03/31 11:53:48 | 000,795,928 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/03/31 11:20:40 | 000,004,096 | ---- | C] () -- C:\ProgramData\tbythlfa.ktx
    [2012/03/31 10:40:21 | 004,078,592 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
    [2012/03/31 10:40:21 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2012/03/31 10:40:21 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2012/03/31 10:40:21 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
    [2012/03/31 10:40:17 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2012/03/31 10:40:16 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2012/03/30 14:22:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012/03/08 23:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/03/08 23:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/03/02 07:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
    [2011/03/02 07:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2011/03/02 07:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2011/03/02 07:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/10/14 07:55:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Stardock
    [2012/06/09 09:48:05 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\1UPIndustries
    [2012/06/09 09:47:35 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\ESET
    [2012/07/25 21:05:30 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\S300-S400 Series
    [2012/06/09 09:47:43 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\Stardock
    [2012/08/18 16:32:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\1UPIndustries
    [2012/04/15 12:51:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canneverbe Limited
    [2012/10/28 19:00:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
    [2012/10/28 18:56:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DMCache
    [2012/06/01 09:11:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\E-centives
    [2012/03/31 01:00:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ESET
    [2012/10/28 19:00:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FileZilla
    [2012/05/29 05:53:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GrabIt
    [2012/03/31 01:20:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GrabPro
    [2012/07/01 08:45:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HandBrake
    [2012/10/28 19:00:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IDM
    [2012/04/01 02:38:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\KoshyJohn.com
    [2012/05/29 05:34:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mimo
    [2012/06/11 12:12:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mkvtoolnix
    [2012/04/08 18:03:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MotioninJoy
    [2012/03/31 11:28:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MOVAVI
    [2012/06/03 04:53:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\New Technology Studio
    [2012/04/20 23:53:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
    [2012/07/08 11:29:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Orbit
    [2012/05/29 06:47:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Origin
    [2012/03/31 01:20:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ProgSense
    [2012/04/15 10:37:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PunkBuster
    [2012/05/15 19:40:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Research In Motion
    [2012/06/11 16:48:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\S300-S400 Series
    [2012/05/15 21:25:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Samsung
    [2012/10/21 08:26:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Sid Meier's Civilization 5
    [2012/10/27 23:00:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spotify
    [2012/10/01 10:17:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2012/06/03 20:47:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Stardock
    [2012/04/01 12:29:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\The Creative Assembly
    [2012/04/01 00:20:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Thumbnail me
    [2012/07/12 21:30:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TrueCrypt
    [2012/04/08 19:34:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ubisoft

    ========== Purity Check ==========



    < End of report >
     
  15. Styl

    Styl TS Member Topic Starter Posts: 61

    Extras Log:

    OTL Extras logfile created on: 11/3/2012 5:58:05 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.98 Gb Total Physical Memory | 5.87 Gb Available Physical Memory | 73.59% Memory free
    15.96 Gb Paging File | 13.82 Gb Available in Paging File | 86.58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.75 Gb Total Space | 264.29 Gb Free Space | 56.75% Space Free | Partition Type: NTFS
    Drive D: | 698.63 Gb Total Space | 2.19 Gb Free Space | 0.31% Space Free | Partition Type: NTFS
    Drive E: | 63.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 232.88 Gb Total Space | 8.93 Gb Free Space | 3.84% Space Free | Partition Type: NTFS
    Drive H: | 1862.98 Gb Total Space | 1799.78 Gb Free Space | 96.61% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1233452023-2105975733-1555120478-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Play_with_TriDef_Media_Player] -- "C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" "%1" (DDD Group Plc.)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Play_with_TriDef_Media_Player] -- "C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" "%1" (DDD Group Plc.)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
    "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
    "C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" = C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player -- (DDD Group Plc.)
    "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
    "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
    "C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" = C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player -- (DDD Group Plc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{014A9A11-9840-4CE9-9024-D711995FA56B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{15FCDF78-1882-4767-A9D8-5C02D2363C25}" = rport=139 | protocol=6 | dir=out | app=system |
    "{166530D3-0034-4231-85D3-DD79DF9C3873}" = lport=137 | protocol=17 | dir=in | app=system |
    "{1BD93A3C-E1CE-438A-8A4D-DB58C1993B8F}" = lport=138 | protocol=17 | dir=in | app=system |
    "{1CB662E2-7216-4E22-A5E4-5C6BE75021F5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{2652569C-4964-42D0-BA7C-D4D5CF33E1C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{297E47FF-22B2-449E-BFE6-55DF930972DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2BEF3FCD-0277-44E8-8FE4-46B1D0B484B6}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
    "{322D6CA7-15EF-4C40-9F39-A3F871336A8F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{34E1B152-7B81-4EC5-BDAC-9D956157EAFD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{3C98DF12-B1D9-4FF7-9D06-F83C1144BE0E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{447CD4E6-BDC1-4548-A1E6-C0180F420A5D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{4991BE17-51DB-4B18-BD76-537EE377ACBC}" = rport=445 | protocol=6 | dir=out | app=system |
    "{672DFD38-A6C5-4D1C-81B1-BE64FEC6ECDD}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
    "{7F0F4887-F71B-442F-980D-5716C6059E4F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8494211D-3E94-495A-8A9B-2140B4B4F214}" = lport=445 | protocol=6 | dir=in | app=system |
    "{8924A2DF-F8FC-44AD-8A48-AF017CB99EA4}" = rport=137 | protocol=17 | dir=out | app=system |
    "{980142B3-4D3B-42AE-8D70-0C4DA856E4D1}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
    "{9B1EFED3-8817-4A84-AAFC-B1BC21515DA4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B3F99182-0893-4229-B73D-C50BF7A3C5A2}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
    "{C27EA6F7-0AF8-485A-9E3E-165DEBF4ADC3}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{CBC0DFD1-AF13-4C7B-9681-3A98E1A39F20}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D07C766B-809D-464A-BEFB-CB6AF304ACB6}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{D6B5A3A6-7180-46AE-8008-DB13A094030E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D7E90494-3912-478B-9A27-E40B4D2E8DF8}" = lport=139 | protocol=6 | dir=in | app=system |
    "{EE25A412-452A-43D4-91AF-AB8A696B41A5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{F314C987-7559-4A2D-8DB8-204628F92C99}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0183546D-526F-49EE-A77E-69A69A740FF4}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
    "{02812CCE-07F5-4A05-AF1B-2DBACB46500C}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
    "{06A81777-8036-4E71-BE66-9FC5945F016E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{09575E9F-7B8E-4AA1-A08F-F3CB90C74C22}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
    "{0BCBAF08-9FD7-4925-8F1A-EC6106F7A0E7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
    "{0DF1CCA4-AA9C-4C69-A2AA-7EF9D3F9597C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{0F5DA135-AAA1-4894-BFBA-A659DA88228D}" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda\dishonored\binaries\win32\dishonored.exe |
    "{14A0FF1E-72D7-4BBC-866C-F06A02F215C6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
    "{1F02E7B4-3A4F-41DB-987B-7A54CCAA673C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{228E7259-ADE1-4B35-A851-EAF4B2E2BCB6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{23335E72-A007-4355-B1AA-68FB3AAB850A}" = protocol=17 | dir=in | app=c:2\games\program files (x86)\wb games\batman arkham city\binaries\win32\batmanac.exe |
    "{236B937D-27AB-48DF-8527-0B2A4F705332}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{2490C2A1-94B4-43E7-A651-94BA0398CB71}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
    "{2587E0C1-0E40-4C00-88BC-B83C92BEF70B}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
    "{27F0769A-A83F-4818-8897-4463469BB71F}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark s300-s400 series\lxeafax.exe |
    "{2A096DEF-8640-4F71-9FE5-F70C23FFD69A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{2A26556C-163D-4CAB-9BBF-2CBA8E86268A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
    "{3269F646-6381-4717-B38B-72F79CF9BA89}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
    "{3456929E-3FC2-4EBC-A6FF-7F57623D5B9C}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
    "{38DE8C74-31F6-4FF7-B358-79B2CA15E12E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{3D3FF4EB-65CE-4CC0-B836-35EC281F9E74}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
    "{40576589-99EF-4812-BACF-C60903C20441}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
    "{42E4F9AE-C333-49BF-B43A-35AB841FC7F1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
    "{43876F58-5566-4C9F-8D27-A0054FAD01A4}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
    "{47B651E8-E7AD-4179-AA99-F1F348EF8078}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{482DE38A-6F42-4560-8A34-604EA948FA79}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
    "{4AAA5DED-2B65-47C8-B65D-B8E76D816002}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
    "{4D7BF510-897E-419E-8723-D9A770B7E01B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{504ACBA5-CC4C-414F-8D26-84F5928719A6}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
    "{53BFE460-028D-4EB3-9309-EE76EF012D1B}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
    "{5534C917-6B1E-4026-82C9-A4F043E848E6}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
    "{560D0E0C-B82B-43CA-BD7A-27B951A29C25}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
    "{6121C983-7707-451C-8F08-E946CB13F25D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
    "{6928DE2E-D8DC-43D4-A316-87A8CC22F23E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{6C2FCE2E-0947-4A0E-BE8D-E6CCDC33BC84}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{6DC30FF2-D451-4D36-B98C-CA5515C5B571}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{75015214-6128-445F-B665-BC48403169A1}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark s300-s400 series\lxeafax.exe |
    "{75E3BB66-D2FD-4F09-AC4F-351F4E6379AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{77F49947-7D15-428C-AE9A-2B423A951B97}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe |
    "{7860BD6A-1ADB-4292-84F1-815AEFDC9322}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{81E124CA-1382-44EE-8C05-A67AB0B1FF5C}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark s300-s400 series\lxeafax.exe |
    "{881A1334-3075-4C9A-8358-D358A7A54E31}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
    "{8944F417-80EA-4FE5-84C6-0C1930CC1499}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{8C749E02-E78F-4E9F-ADE6-CEDE4CA6B56C}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
    "{93F9C52C-730C-42AC-B560-719CBDC4670A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{97058F6F-5699-4D28-8895-E3EB24C09A24}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{9A027999-9AA2-46EA-954F-FDF7D91EA6BE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{9AB73954-DB8F-4E13-B772-A962E77F4E1E}" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda\dishonored\binaries\win32\dishonored.exe |
    "{9BD636F7-5DC1-472A-A8D8-47D62FCF57E8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{9D834EE9-F15F-443D-A4F4-131DC38C4B09}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
    "{9DFE8D6E-8191-446D-80AE-2BAE2A34C3D8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
    "{A267842B-3A36-4772-B5DE-2941F6C7FF21}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe |
    "{A294DD6F-E76C-48D2-9A0F-94DF07FC1E35}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
    "{A6F2AA64-EED1-4B6D-920E-53C1C0F562AE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
    "{AC60AFAD-CC6F-48D9-9CEB-AEAD931EAE1A}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
    "{AEE9BC91-6F80-45FC-B056-80D99122056E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
    "{AF3CB159-CD39-4DB2-8C77-11134CFB1F44}" = protocol=6 | dir=out | app=system |
    "{BD1134CF-B545-48AF-9551-E8A595BCBB3A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{BDFADE88-7FC0-4E47-B764-6BF548EAB643}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{BF8747A5-43F8-4D1A-9EF9-04B2F01DE603}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
    "{C21CE1A8-322C-4553-AE14-A441EAD5223E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{C9A372F4-3A74-43D3-8954-1E3074B2CDC5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{CA86A151-A489-4CAF-AAA2-B35F1CB21ACC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
    "{CE610B68-2CC4-47DD-BA0B-F58099DE2CAD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
    "{CF7794D8-0B3B-42C1-839B-6DDF82ACEADA}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
    "{D2204A56-121B-4B44-BA32-EAF3ABC5E630}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
    "{D3195D85-EA6A-4E1A-A4F6-24F751EA01F9}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
    "{E243D2F5-CBEB-47FD-AD5D-2CCE4C294C2C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E5E5A8FF-4EB3-4E90-A579-148DE01447FC}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark s300-s400 series\lxeafax.exe |
    "{E9D7EC68-DC29-4E98-B580-C089D2E5E936}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{EDCDE684-0B2E-4F17-A620-C6ACF9A8A938}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
    "{EE545FDA-BC98-48FF-87C2-C7FDE3F99957}" = protocol=6 | dir=in | app=c:2\games\program files (x86)\wb games\batman arkham city\binaries\win32\batmanac.exe |
    "{F0F9BDA7-664F-4897-8732-91E95564B164}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
    "{F3C64488-4E73-4C4D-93B8-623FFD4EF4F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
    "{F42BB574-9048-40D7-A605-C690E2CF4A69}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FEDA3090-FE3D-4054-BE45-6B6075DBB5E6}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
    "TCP Query User{C912E501-57DC-4A1B-8DF3-7EBFD5121CD9}C:\program files (x86)\bethesda\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda\dishonored\binaries\win32\dishonored.exe |
    "TCP Query User{F1478AC7-D546-4EE4-A85B-7529E043CAA8}C:\users\owner\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
    "UDP Query User{794DBA2B-BBAC-4780-A3F7-EF5A27FE7A18}C:\users\owner\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
    "UDP Query User{A022FA6F-F475-4C86-B47A-FDA6EAC83AAB}C:\program files (x86)\bethesda\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda\dishonored\binaries\win32\dishonored.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{06DB2C4C-DC29-DA42-3B00-5581CBF545BB}" = AMD Drag and Drop Transcoding
    "{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences Pro
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{2BE3C45C-B0E3-4061-A3C5-C6ED9639C813}" = VmciSockets
    "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0005
    "{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9
    "{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
    "{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
    "{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F7274D82-C857-4C20-AB1A-D701D64BFD90}" = ESET Smart Security
    "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
    "Lexmark S300-S400 Series" = Lexmark S300-S400 Series
    "MediaInfo" = MediaInfo 0.7.58
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
    "TNod" = TNod User & Password Finder

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
    "{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
    "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
    "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
    "{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
    "{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
    "{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.02
    "{3B6EE2A0-386C-4EF3-8C0D-9A75833E103D}" = OpenVPN Connect
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
    "{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
    "{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
    "{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
    "{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
    "{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
    "{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = Catalyst Control Center
    "{57520FA0-A73E-4165-BCA2-D71000038301}" = Batman: Arkham City™
    "{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
    "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
    "{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
    "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
    "{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
    "{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{75D84EF7-0D8C-4e70-MAXP3-7B42A5D4E0EB}_is1" = Max Payne 3 version 1.02
    "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
    "{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
    "{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
    "{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
    "{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
    "{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
    "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
    "{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
    "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
    "{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
    "{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
    "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
    "{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F343FA04-CFC0-487C-A617-A5E8CF4D7B10}" = Image Grabber II.NET
    "{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
    "{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
    "{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
    "{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
    "{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
    "7-Zip" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.70
    "Amazon Kindle" = Amazon Kindle
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
    "Borderlands 2_is1" = Borderlands 2
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Cheat Engine 6.2_is1" = Cheat Engine 6.2
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "DivX Tech Preview - MKV on Windows 7" = DivX Tech Preview: MKV on Windows 7
    "essentials-bundle" = TriDef 3D 5.2
    "Fences Pro" = Fences Pro
    "FileZilla Client" = FileZilla Client 3.5.3
    "Fraps" = Fraps
    "GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
    "GrabIt_is1" = GrabIt 1.7.2 Beta 6 (build 1008)
    "HandBrake" = HandBrake 0.9.6
    "Hitman Sniper Challenge_is1" = Hitman Sniper Challenge
    "InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.6.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Mimo" = Mimo
    "MKVToolNix" = MKVToolNix 5.6.0
    "Movavi Video Suite 10 SE" = Movavi Video Suite 10 SE
    "Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NewsLeecher_is1" = NewsLeecher v5.0 Beta 14
    "OpenVPN" = OpenVPN 2.2.2
    "Orbit_is1" = Orbit Downloader
    "Origin" = Origin
    "PunkBusterSvc" = PunkBuster Services
    "RADVideo" = RAD Video Tools
    "Rockstar Games Social Club" = Rockstar Games Social Club
    "Sid Meier's Civilization 5_R.G. Mechanics_is1" = Sid Meier's Civilization 5
    "Steam App 202170" = Sleeping Dogs™
    "The Elder Scrolls V Skyrim - High Resolution Texture Pack_is1" = The Elder Scrolls V Skyrim - High Resolution Texture Pack
    "TrueCrypt" = TrueCrypt
    "VLC media player" = VLC media player 2.0.1
    "VMware_Workstation" = VMware Workstation

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1233452023-2105975733-1555120478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Spotify" = Spotify
    "Thumbnail me 3.0" = Thumbnail me 3.0

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/29/2012 2:30:24 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\Users\Owner\downloads\Programs\esetsmartinstaller_enu.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 10/31/2012 1:30:40 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 10/31/2012 1:31:05 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "d:\Games\program files (x86)\the
    elder scrolls v skyrim\BSAopt x32.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error - 10/31/2012 8:31:54 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
    Description = The program Windows7-USB-DVD-Download-Tool.exe version 1.0.30.0 stopped
    interacting with Windows and was closed. To see if more information about the problem
    is available, check the problem history in the Action Center control panel. Process
    ID: d98 Start Time: 01cdb7c7f0bbc001 Termination Time: 19707 Application Path: C:\Users\Owner\AppData\Local\Apps\Windows
    7 USB DVD Download Tool\Windows7-USB-DVD-Download-Tool.exe Report Id: 793010bf-23bb-11e2-9389-005056c00008


    Error - 11/1/2012 10:04:56 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 11/1/2012 10:05:19 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "d:\Games\program files (x86)\the
    elder scrolls v skyrim\BSAopt x32.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error - 11/2/2012 1:30:07 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 11/2/2012 1:30:10 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "d:\Games\program files (x86)\the
    elder scrolls v skyrim\BSAopt x32.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error - 11/3/2012 1:30:35 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 11/3/2012 1:30:57 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "d:\Games\program files (x86)\the
    elder scrolls v skyrim\BSAopt x32.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    [ System Events ]
    Error - 11/2/2012 2:04:19 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
    Description = The MBAMService service depends on the MBAMProtector service which
    failed to start because of the following error: %%2

    Error - 11/2/2012 2:18:09 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
    Description = The MBAMProtector service failed to start due to the following error:
    %%2

    Error - 11/2/2012 2:18:11 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
    Description = The MBAMService service depends on the MBAMProtector service which
    failed to start because of the following error: %%2

    Error - 11/3/2012 2:56:25 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
    Description = The MBAMProtector service failed to start due to the following error:
    %%2

    Error - 11/3/2012 2:56:26 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
    Description = The MBAMService service depends on the MBAMProtector service which
    failed to start because of the following error: %%2

    Error - 11/3/2012 11:53:53 AM | Computer Name = Owner-PC | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the interface
    with IP address 192.168.1.143. The computer with the IP address 192.168.1.118 did
    not allow the name to be claimed by this computer.

    Error - 11/3/2012 4:25:21 PM | Computer Name = Owner-PC | Source = BROWSER | ID = 8020
    Description =

    Error - 11/3/2012 6:00:54 PM | Computer Name = Owner-PC | Source = BROWSER | ID = 8019
    Description =

    Error - 11/3/2012 6:21:12 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 11/3/2012 6:24:28 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >
     
  16. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    OTL logs are clean :)

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please, run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Checkmark I have read and accepted the license terms.
    • Click on Run Check button.
    • Quick scan (recommended) option will come pre-checked. Don't change it.
    • Click on Start button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
     
  17. Styl

    Styl TS Member Topic Starter Posts: 61

    Security Check Log:

    Results of screen317's Security Check version 0.99.54
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    ESET Smart Security 5.2
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    MVPS Hosts File
    Malwarebytes Anti-Malware version 1.65.1.1000
    Java(TM) 6 Update 31
    Java version out of Date!
    Adobe Flash Player 11.4.402.265
    Adobe Reader X 10.1.3 Adobe Reader out of Date!
    Mozilla Firefox (16.0.2)
    ````````Process Check: objlist.exe by Laurent````````
    ESET NOD32 Antivirus ekrn.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

    Farbar Service Scanner Log:

    Farbar Service Scanner Version: 03-11-2012
    Ran by Owner (administrator) on 03-11-2012 at 23:01:35
    Running from "C:\Users\Owner\Downloads"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    AdwCleaner Log:

    # AdwCleaner v2.006 - Logfile created 11/03/2012 at 23:05:32
    # Updated 30/10/2012 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
    # User : Owner - OWNER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Owner\Desktop\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Found : HKCU\Software\AppDataLow\Software

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7601.17514

    [OK] Registry is clean.

    -\\ Mozilla Firefox v16.0.2 (en-US)

    Profile name : default
    File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gp8cn7pb.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\ohx1dmkj.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\4x1dyntk.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[R5].txt - [1025 octets] - [03/11/2012 23:05:32]

    ########## EOF - C:\AdwCleaner[R5].txt - [1085 octets] ##########

    F-Secure Online Scanner Log:

    Scanning Report

    Saturday, November 3, 2012 23:19:52 - 23:22:51

    Computer name: OWNER-PC
    Scanning type: Quick scan
    Target: System
    No malware found

    Statistics

    Scanned:
    • Files: 5964
    • System: 5964
    • Not scanned: 0
    Actions:
    • Disinfected: 0
    • Renamed: 0
    • Deleted: 0
    • Not cleaned: 0
    • Submitted: 0
    Options

    Scanning engines:
     
  18. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ===========================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ============================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
     
  19. Styl

    Styl TS Member Topic Starter Posts: 61

    Hey, Broni. I ran the OTL fix and then cleanup, but I can't find the log from OTL. Do you want me to run it again?
     
  20. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    That's fine.

     
  21. Styl

    Styl TS Member Topic Starter Posts: 61

    Computer is running great. Faster boot, and faster loading of programs when logging in. An issue I had with my internet "pausing" (which I thought was an ISP issue) is also resolved. Thanks!
     
  22. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Yes!! [​IMG]
    Good luck and stay safe :)
     
    Styl likes this.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.