Help removing FBI Moneypak Virus

Solved
By Taycat
Oct 5, 2012
  1. Hello everyone. Yesterday I stupidly clicked a link from skype that gave me a keylogging virus. I was able to remove that one, but as I was playing a game fullscreen, I received another virus. So, I need your help.

    Here are specs if needed:
    Windows 7 Home Premium 64bit

    I ran multiple avast scans yesterday, so I don't know why it didn't pick up on this.

    Will post the MBAM as soon as I can.
  2. Taycat

    Taycat Newcomer, in training Topic Starter Posts: 52

    Found 2 things that had to do with Fake Skype. Got rid of them. Here's the log. Running Avast now for it's log.

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.05.01

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Taylor :: HOME [administrator]

    10/5/2012 1:10:53 AM
    mbam-log-2012-10-05 (07-15-57).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 753163
    Time elapsed: 2 hour(s), 7 minute(s), 43 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Amsgsg (Trojan.FakeSkype) -> Data: C:\Users\Taylor\AppData\Roaming\Amsgsg.exe -> No action taken.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Taylor\AppData\Roaming\Amsgsg.exe (Trojan.FakeSkype) -> No action taken.

    (end)
  3. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    Your MBAM log says "No action taken".
    Re-run it, fix all issues and post new log.
  4. Taycat

    Taycat Newcomer, in training Topic Starter Posts: 52

    I removed/fixed the issues. Avast also found 3 trojans in my appdata folder. I removed those as well. Re-running it right now! Posting log soon....

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.05.01

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Taylor :: HOME [administrator]

    10/5/2012 12:50:32 PM
    mbam-log-2012-10-05 (12-50-32).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 753530
    Time elapsed: 1 hour(s), 55 minute(s), 14 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  5. Taycat

    Taycat Newcomer, in training Topic Starter Posts: 52

    GMER found nothing on my computer, so there is no log. In the next couple of posts, the results of the DDS will be posted.

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
    Run by Taylor at 16:51:45 on 2012-10-05
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.6233 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\explorer.exe
    C:\Windows\system32\ctfmon.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local;<local>
    mWinlogon: Userinit=userinit.exe,
    uWinlogon: Shell=expstart.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [Google Update] "C:\Users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    uRun: [RGSC] C:\Users\Taylor\Desktop\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
    uRun: [PlayNC Launcher]
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [Akamai NetSession Interface] "C:\Users\Taylor\AppData\Local\Akamai\netsession_win.exe"
    uRun: [AdobeBridge]
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [puush] C:\Program Files (x86)\puush\puush.exe
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [kytqetorjans] C:\Users\Taylor\kytqetorjans.exe
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\Taylor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {493fb0d5-a2ea-4528-9fcf-4e2cfb61cbde} - C:\Program Files (x86)\Stefan vd\Turn Off the Lights IE Extension\lights.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {00BC5049-C7F3-4AC9-92AE-1991C76608B0} - hxxp://tr.nopp.co.kr/Data/ActiveX/TRLauncher.cab
    DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} - hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {F30E6BE6-F620-4DD7-B67C-47920AEC2F4E} - hxxp://tr.nopp.co.kr/Data/ActiveX/systeminfo.cab
    TCP: Interfaces\{2EC96254-66ED-4A20-AD6C-5B3CB8FADA58} : DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{FA922B1A-25C6-45F7-98EE-A229E7B3197F} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{FA922B1A-25C6-45F7-98EE-A229E7B3197F}\84F6D6564496C6C6 : DhcpNameServer = 10.0.0.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    BHO-X64: TSBHO Class - No File
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    IE-X64: {493fb0d5-a2ea-4528-9fcf-4e2cfb61cbde} - C:\Program Files (x86)\Stefan vd\Turn Off the Lights IE Extension\lights.html
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Search Shop
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files\COMODO\Unite\npEasyVpnLVN.dll
    FF - plugin: C:\Program Files\COMODO\Unite\NpRdpView.dll
    FF - plugin: C:\Program Files\COMODO\Unite\NpVncView.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\Taylor\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Taylor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\system32\npdeployJava1.dll
    FF - plugin: C:\Windows\system32\npmproxy.dll
    FF - plugin: C:\Windows\system32\npOGPPlugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - plugin: C:\Windows\SysWOW64\npOGPPlugin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\system32\DRIVERS\anodlwfx.sys --> C:\Windows\system32\DRIVERS\anodlwfx.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R3 ATP;Comodo Unite Miniport Driver;C:\Windows\system32\DRIVERS\cmdatp.sys --> C:\Windows\system32\DRIVERS\cmdatp.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
    R3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\Dnetr28ux.sys --> C:\Windows\system32\DRIVERS\Dnetr28ux.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-3 44808]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    S2 EzVpnSvc;COMODO Unite MultiLogin Service;C:\Program Files\COMODO\Unite\EzVpnSvc.exe [2011-8-22 534832]
    S2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-6-9 264008]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-26 136176]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]
    S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-8 8704]
    S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-9 85560]
    S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
    S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    S2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-9-13 1128952]
    S2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-24 1153368]
    S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
    S2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-4-6 2666880]
    S2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-13 2656280]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
    S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-26 136176]
    S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
    S3 LVUVC64;Logitech Webcam 120(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
    S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\system32\DRIVERS\mcvidrv_x64.sys --> C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [?]
    S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\system32\drivers\mcaudrv_x64.sys --> C:\Windows\system32\drivers\mcaudrv_x64.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-1 114144]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]
    S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 usj;usj;C:\AeriaGames\EdenEternal\avital\ussjcs64.sys [2012-9-17 89560]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-5-12 14544]
    S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-26 676936]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-10-05 04:15:03 15360 ----a-w- C:\Users\Taylor\AppData\Roaming\1107.exe
    2012-10-04 23:31:16 30720 ----a-w- C:\Users\Taylor\kytqetorjans.exe
    2012-10-04 23:31:04 30720 ----a-w- C:\Users\Taylor\AppData\Roaming\121A.exe
    2012-10-04 23:30:56 30720 ----a-w- C:\Users\Taylor\AppData\Roaming\F40E.exe
    2012-10-04 13:46:02 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-10-04 13:45:51 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5C5D2015-D2D3-4FA0-9823-CA540B75CC25}\mpengine.dll
    2012-10-04 09:12:42 73584 ----a-w- C:\Users\Taylor\AppData\Roaming\37A1.exe
    2012-10-04 09:00:53 69496 ----a-w- C:\Users\Taylor\AppData\Roaming\6331.exe
    2012-10-04 08:43:12 73584 ----a-w- C:\Users\Taylor\AppData\Roaming\358A.exe
    2012-10-04 07:48:40 69496 ----a-w- C:\Users\Taylor\AppData\Roaming\4927.exe
    2012-10-04 07:34:58 57232 ----a-w- C:\Users\Taylor\AppData\Roaming\BAAC.exe
    2012-10-04 07:20:37 44968 ----a-w- C:\Users\Taylor\AppData\Roaming\9A6F.exe
    2012-10-04 04:41:46 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-10-04 04:41:43 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-10-04 04:41:36 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-10-04 04:41:08 41224 ----a-w- C:\Windows\avastSS.scr
    2012-10-03 23:48:43 49664 ----a-w- C:\Windows\System32\CamCodec.dll
    2012-10-03 23:48:43 -------- d-----w- C:\Program Files (x86)\CamStudio 2.6b
    2012-09-30 01:32:05 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
    2012-09-26 05:25:33 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
    2012-09-18 01:43:53 -------- d-----w- C:\Users\Taylor\AppData\Local\Aeria Games
    2012-09-18 01:43:02 -------- d-----w- C:\ProgramData\Aeria Games
    2012-09-18 01:08:41 -------- d-----w- C:\Program Files (x86)\Aeria Games
    2012-09-18 00:11:55 -------- d-----w- C:\AeriaGames
    2012-09-18 00:02:56 1658880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM.dll
    2012-09-17 11:22:18 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
    2012-09-16 21:48:32 -------- d-----w- C:\Program Files\Disney Interactive
    2012-09-16 04:02:25 -------- d-----w- C:\Users\Taylor\Tor Browser
    2012-09-15 02:07:32 -------- d-----w- C:\ProgramData\PopCap Games
    2012-09-15 02:07:32 -------- d-----w- C:\Program Files (x86)\PopCap Games
    2012-09-13 15:37:25 -------- d-----w- C:\Users\Taylor\AppData\Local\{134C09C3-7A4C-4219-A447-8B1B1847AB91}
    2012-09-12 04:33:14 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-09-12 04:33:14 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-09-12 04:33:14 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
    2012-09-12 04:33:13 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2012-09-12 04:33:13 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-09-12 04:33:13 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-09-12 04:33:13 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    .
    ==================== Find3M ====================
    .
    2012-10-03 17:43:27 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-03 17:43:26 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-07 22:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-09 00:57:34 2135640 ----a-w- C:\Users\Taylor\tdsskiller.exe
    .
    ============= FINISH: 16:51:58.86 ===============
  6. Taycat

    Taycat Newcomer, in training Topic Starter Posts: 52

    Here is the attach.txt file.

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/26/2011 9:00:18 AM
    System Uptime: 10/5/2012 7:20:40 AM (9 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | 2AC2
    Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz | CPU 1 | 3292/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 1385 GiB total, 1038.169 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 1.443 GiB free.
    E: is CDROM (CDFS)
    F: is Removable
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: avast! Network Shield Support
    Device ID: ROOT\LEGACY_ASWTDI\0000
    Manufacturer:
    Name: avast! Network Shield Support
    PNP Device ID: ROOT\LEGACY_ASWTDI\0000
    Service: aswTdi
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    ==== System Restore Points ===================
    .
    RP226: 10/3/2012 11:40:43 PM - avast! Free Antivirus Setup
    .
    ==== Installed Programs ======================
    .
    Å×ÀÏÁî·±³Ê
    Adobe AIR
    Adobe Flash Player 11 Plugin
    Adobe Photoshop CS6
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.6
    Aeria Ignite
    Agatha Christie - Peril at End House
    Aion
    Akamai NetSession Interface
    Apple Application Support
    Apple Software Update
    Audacity 1.3.13 (Unicode)
    Auto Clicker v1.1
    avast! Free Antivirus
    Avidemux 2.5
    Bandisoft MPEG-1 Decoder
    Bejeweled 3
    Big Fish Games: Game Manager
    Bing Bar
    BitTorrent
    Blackhawk Striker 2
    Blasterball 3
    Blio
    Bounce Symphony
    Burger Bustle
    Burger Bustle: Ellie's Organics
    Busy Bea's Halftime Hustle
    Cake Mania
    Cake Mania 3
    Cake Mania Main Street
    Cake Mania: Lights, Camera, Action!
    Cake Mania: To the Max
    CamStudio OSS Desktop Recorder
    CDBurnerXP
    Celestia Luna Online Alpha 1.1
    Character Builder
    Chronicles of Albian
    Chuzzle Deluxe
    Club Control 2
    Coffee Rush
    Cooking Dash
    Cooking Dash 3: Thrills and Spills Collector's Edition
    Cooking Dash: DinerTown Studios
    Cradle of Rome 2
    D3DX10
    DAEMON Tools Lite
    Daycare Nightmare: Mini-Monsters
    DC Universe Online
    Defender's Quest
    DFOLauncher
    Diner Dash 3 - Flo On The Go
    Diner Dash 5: Boom Collector's Edition
    Diner Dash: Flo Through Time
    Diner Dash: Hometown Hero
    DivX Setup
    DQ Tycoon
    DragonNest
    Dress Up Rush
    Dual-Core Optimizer
    Dungeon Fighter Online
    Eden Eternal
    Farm Frenzy
    Fashion Boutique
    FATE
    Façade
    Feeding Frenzy 2 Deluxe 1.0
    ffdshow [rev 3154] [2009-12-09]
    Fitness Dash
    Fraps (remove only)
    Game Booster 3
    GameFly
    Garden Dash
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Governor of Poker 2 Premium Edition
    Grand Theft Auto IV
    Hell's Kitchen
    Hewlett-Packard ACLM.NET v1.1.1.0
    Hi-Rez Studios Authenticate and Update Service
    Hot Dish 2 - Cross Country Cook-Off
    HP Customer Experience Enhancements
    HP Games
    HP LinkUp
    HP MovieStore
    HP Odometer
    HP Setup
    HP Setup Manager
    HP SimplePass PE 2011
    HP Support Assistant
    HP Support Information
    HP Update
    Intel(R) Control Center
    Intel(R) Identity Protection Technology 1.1.2.0
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Java Auto Updater
    Java(TM) 6 Update 32
    Jewel Quest: The Sleepless Star - Collector's Edition
    Junk Mail filter update
    Katawa Shoujo
    Kitchen Brigade
    Kobo
    LabelPrint
    LAME v3.98.3 for Audacity
    League of Legends
    Left 4 Dead
    Left 4 Dead 2
    LogMeIn Hamachi
    Lovely Kitchen
    Mabinogi
    Macro Recorder
    Mah Jong Medley
    Malwarebytes Anti-Malware version 1.65.0.1400
    ManyCam 3.0.62 (remove only)
    MapleStory
    Megaplex Madness: Now Playing ™
    Megaplex Madness: Summer Blockbuster
    Megastore Madness
    Mesh Runtime
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Mathematics
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    Microsoft XNA Framework Redistributable 4.0
    Microsoft_VC80_CRT_x86
    Microsoft_VC90_CRT_x86
    Moonbase Alpha
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mumble 1.2.3
    Mystery of Mortlake Mansion
    Namco All-Stars: PAC-MAN
    Nanny Mania
    Nanny Mania 2: Goes to Hollywood
    NCsoft Launcher
    Nexon Game Manager
    Norton Online Backup
    NVIDIA PhysX
    OGPlanet Game Launcher
    OpenAL
    OpenOffice.org 3.3
    Origin
    Pando Media Booster
    Pazera Free MP4 to AVI Converter 1.6
    PCSX2 - Playstation 2 Emulator
    PDF Complete Special Edition
    PDF Settings CS6
    Penguins!
    PESTERCHUM
    Pets Fun House
    Plants vs. Zombies - Game of the Year
    PlayPets - 101 Kitty Pets
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PressReader
    Prince of Persia The Sands of Time
    PunkBuster Services
    puush
    QuickTime
    Rainmeter
    Realm of the Mad God
    Realtek High Definition Audio Driver
    Recovery Manager
    Remote Graphics Receiver
    Rockstar Games Social Club
    RoxioNow Player
    Saints Row 2
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Shop-n-Spree
    Shop-N-Spree: Family Fortune
    Shop It Up!
    SimTheme Park
    Skype™ 5.10
    Slingo Supreme
    Sniper Elite V2 Demo
    Source SDK Base 2006
    Spiral Knights
    Spybot - Search & Destroy
    Steam
    Supermarket Management
    Supermarket Mania
    System Requirements Lab CYRI
    Team Fortress 2
    Team Fortress 2 Beta
    TeamViewer 7
    Terraria
    The Binding of Isaac
    The Sims Complete Collection
    The Sims™ 3
    The Sims™ 3 Ambitions
    The Sims™ 3 Generations
    The Sims™ 3 Late Night
    The Sims™ 3 Pets
    The Sims™ 3 Showtime
    The Sims™ 3 World Adventures
    Trine 2
    TS3 Install Helper Monkey
    Turn Off the Lights IE Extension version 1.0.1
    Unity Web Player
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update Installer for WildTangent Games App
    Vacation Quest - The Hawaiian Islands
    VC80CRTRedist - 8.0.50727.6195
    VIP Access SDK (1.0.1.4)
    Virtual Villagers 5 - New Believers
    Visual Studio 2008 x64 Redistributables
    Vizzed Retro Game Room
    VLC media player 2.0.1
    Wendy's Wellness
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Movie Maker 2.6
    Yawcam 0.3.7
    Zinio Reader 4
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/5/2012 7:21:23 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    10/5/2012 7:21:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/5/2012 7:21:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/5/2012 7:21:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/5/2012 7:21:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/5/2012 7:21:04 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr Wanarpv6
    10/5/2012 7:21:03 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    10/5/2012 7:18:49 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.
    10/5/2012 7:18:40 AM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024846.
    10/5/2012 7:18:40 AM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80070032.
    10/5/2012 4:23:50 PM, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
    10/5/2012 4:21:56 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    10/5/2012 2:49:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    10/5/2012 1:05:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    10/3/2012 10:50:51 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    .
    ==== End Of File ===========================
  7. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    What does happen when you try to start normally?
  8. Taycat

    Taycat Newcomer, in training Topic Starter Posts: 52

    I've started normally around...an hour ago now?
    Seems like everything is fine.

    I'll continue to scan and keep an eye out. For now, things seem fine.

    Is there anything else I need to do?
  9. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    We're definitely not done but I needed to know how computer is doing.

    Update MBAM, re-run it and post new log.

    Next...

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ===================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  10. Taycat

    Taycat Newcomer, in training Topic Starter Posts: 52

    Here's the recent MBAM scan.
    Will post the other logs asap.

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.05.11

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Taylor :: HOME [administrator]

    10/5/2012 6:17:14 PM
    mbam-log-2012-10-05 (18-17-14).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 758852
    Time elapsed: 2 hour(s), 35 minute(s), 3 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  11. Taycat

    Taycat Newcomer, in training Topic Starter Posts: 52

    Here is the TDSSKiller results.

    21:23:40.0603 3716 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    21:23:40.0999 3716 ============================================================
    21:23:40.0999 3716 Current date / time: 2012/10/05 21:23:40.0999
    21:23:40.0999 3716 SystemInfo:
    21:23:40.0999 3716
    21:23:40.0999 3716 OS Version: 6.1.7601 ServicePack: 1.0
    21:23:40.0999 3716 Product type: Workstation
    21:23:40.0999 3716 ComputerName: HOME
    21:23:40.0999 3716 UserName: Taylor
    21:23:40.0999 3716 Windows directory: C:\Windows
    21:23:40.0999 3716 System windows directory: C:\Windows
    21:23:40.0999 3716 Running under WOW64
    21:23:40.0999 3716 Processor architecture: Intel x64
    21:23:40.0999 3716 Number of processors: 4
    21:23:40.0999 3716 Page size: 0x1000
    21:23:40.0999 3716 Boot type: Normal boot
    21:23:40.0999 3716 ============================================================
    21:23:41.0483 3716 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    21:23:41.0491 3716 ============================================================
    21:23:41.0491 3716 \Device\Harddisk0\DR0:
    21:23:41.0491 3716 MBR partitions:
    21:23:41.0491 3716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    21:23:41.0491 3716 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAD2C4000
    21:23:41.0491 3716 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAD2F6800, BlocksNum 0x1790800
    21:23:41.0491 3716 ============================================================
    21:23:41.0554 3716 C: <-> \Device\Harddisk0\DR0\Partition2
    21:23:41.0661 3716 D: <-> \Device\Harddisk0\DR0\Partition3
    21:23:41.0661 3716 ============================================================
    21:23:41.0661 3716 Initialize success
    21:23:41.0661 3716 ============================================================
    21:23:47.0319 6160 ============================================================
    21:23:47.0319 6160 Scan started
    21:23:47.0319 6160 Mode: Manual;
    21:23:47.0319 6160 ============================================================
    21:23:48.0551 6160 ================ Scan system memory ========================
    21:23:48.0551 6160 System memory - ok
    21:23:48.0551 6160 ================ Scan services =============================
    21:23:48.0679 6160 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    21:23:48.0682 6160 1394ohci - ok
    21:23:48.0699 6160 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    21:23:48.0702 6160 ACPI - ok
    21:23:48.0718 6160 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    21:23:48.0719 6160 AcpiPmi - ok
    21:23:48.0821 6160 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    21:23:48.0822 6160 AdobeARMservice - ok
    21:23:48.0846 6160 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    21:23:48.0851 6160 adp94xx - ok
    21:23:48.0860 6160 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    21:23:48.0863 6160 adpahci - ok
    21:23:48.0867 6160 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    21:23:48.0869 6160 adpu320 - ok
    21:23:48.0884 6160 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    21:23:48.0885 6160 AeLookupSvc - ok
    21:23:48.0902 6160 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    21:23:48.0905 6160 AFD - ok
    21:23:48.0918 6160 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    21:23:48.0919 6160 agp440 - ok
    21:23:48.0935 6160 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    21:23:48.0936 6160 ALG - ok
    21:23:48.0947 6160 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    21:23:48.0948 6160 aliide - ok
    21:23:48.0976 6160 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    21:23:48.0977 6160 amdide - ok
    21:23:48.0987 6160 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    21:23:48.0988 6160 AmdK8 - ok
    21:23:48.0994 6160 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    21:23:48.0995 6160 AmdPPM - ok
    21:23:49.0006 6160 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    21:23:49.0008 6160 amdsata - ok
    21:23:49.0034 6160 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    21:23:49.0037 6160 amdsbs - ok
    21:23:49.0050 6160 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    21:23:49.0051 6160 amdxata - ok
    21:23:49.0073 6160 [ 4CCF421E6C4B2A4CBCE000715911F7CC ] anodlwf C:\Windows\system32\DRIVERS\anodlwfx.sys
    21:23:49.0075 6160 anodlwf - ok
    21:23:49.0093 6160 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    21:23:49.0094 6160 AppID - ok
    21:23:49.0112 6160 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    21:23:49.0113 6160 AppIDSvc - ok
    21:23:49.0120 6160 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    21:23:49.0121 6160 Appinfo - ok
    21:23:49.0168 6160 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    21:23:49.0170 6160 Apple Mobile Device - ok
    21:23:49.0180 6160 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    21:23:49.0181 6160 arc - ok
    21:23:49.0196 6160 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    21:23:49.0197 6160 arcsas - ok
    21:23:49.0289 6160 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    21:23:49.0290 6160 aspnet_state - ok
    21:23:49.0310 6160 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
    21:23:49.0311 6160 aswFsBlk - ok
    21:23:49.0361 6160 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    21:23:49.0363 6160 aswMonFlt - ok
    21:23:49.0391 6160 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
    21:23:49.0392 6160 aswRdr - ok
    21:23:49.0451 6160 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    21:23:49.0459 6160 aswSnx - ok
    21:23:49.0495 6160 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
    21:23:49.0499 6160 aswSP - ok
    21:23:49.0516 6160 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
    21:23:49.0518 6160 aswTdi - ok
    21:23:49.0544 6160 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    21:23:49.0545 6160 AsyncMac - ok
    21:23:49.0559 6160 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    21:23:49.0560 6160 atapi - ok
    21:23:49.0595 6160 [ 19931E243AB033803A82EF67DEFBA26B ] ATP C:\Windows\system32\DRIVERS\cmdatp.sys
    21:23:49.0596 6160 ATP - ok
    21:23:49.0632 6160 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    21:23:49.0638 6160 AudioEndpointBuilder - ok
    21:23:49.0647 6160 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    21:23:49.0650 6160 AudioSrv - ok
    21:23:49.0741 6160 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    21:23:49.0741 6160 avast! Antivirus - ok
    21:23:49.0752 6160 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    21:23:49.0753 6160 AxInstSV - ok
    21:23:49.0780 6160 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    21:23:49.0785 6160 b06bdrv - ok
    21:23:49.0813 6160 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    21:23:49.0816 6160 b57nd60a - ok
    21:23:49.0844 6160 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    21:23:49.0846 6160 BBSvc - ok
    21:23:49.0878 6160 [ E49110A58A32E9450356686A95DD7763 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
    21:23:49.0886 6160 BCMH43XX - ok
    21:23:49.0898 6160 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    21:23:49.0899 6160 BDESVC - ok
    21:23:49.0905 6160 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    21:23:49.0906 6160 Beep - ok
    21:23:49.0930 6160 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    21:23:49.0937 6160 BFE - ok
    21:23:49.0980 6160 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    21:23:49.0989 6160 BITS - ok
    21:23:50.0011 6160 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    21:23:50.0012 6160 blbdrive - ok
    21:23:50.0049 6160 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    21:23:50.0053 6160 Bonjour Service - ok
    21:23:50.0082 6160 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    21:23:50.0084 6160 bowser - ok
    21:23:50.0102 6160 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    21:23:50.0103 6160 BrFiltLo - ok
    21:23:50.0118 6160 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    21:23:50.0119 6160 BrFiltUp - ok
    21:23:50.0145 6160 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    21:23:50.0148 6160 Browser - ok
    21:23:50.0162 6160 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    21:23:50.0165 6160 Brserid - ok
    21:23:50.0186 6160 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    21:23:50.0187 6160 BrSerWdm - ok
    21:23:50.0206 6160 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    21:23:50.0207 6160 BrUsbMdm - ok
    21:23:50.0223 6160 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    21:23:50.0224 6160 BrUsbSer - ok
    21:23:50.0235 6160 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    21:23:50.0237 6160 BTHMODEM - ok
    21:23:50.0251 6160 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    21:23:50.0252 6160 bthserv - ok
    21:23:50.0268 6160 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    21:23:50.0270 6160 cdfs - ok
    21:23:50.0310 6160 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    21:23:50.0313 6160 cdrom - ok
    21:23:50.0325 6160 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    21:23:50.0326 6160 CertPropSvc - ok
    21:23:50.0370 6160 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
    21:23:50.0372 6160 circlass - ok
    21:23:50.0392 6160 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    21:23:50.0396 6160 CLFS - ok
    21:23:50.0447 6160 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:23:50.0448 6160 clr_optimization_v2.0.50727_32 - ok
    21:23:50.0486 6160 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    21:23:50.0487 6160 clr_optimization_v2.0.50727_64 - ok
    21:23:50.0535 6160 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    21:23:50.0537 6160 clr_optimization_v4.0.30319_32 - ok
    21:23:50.0563 6160 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    21:23:50.0565 6160 clr_optimization_v4.0.30319_64 - ok
    21:23:50.0578 6160 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    21:23:50.0579 6160 CmBatt - ok
    21:23:50.0600 6160 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    21:23:50.0601 6160 cmdide - ok
    21:23:50.0626 6160 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    21:23:50.0630 6160 CNG - ok
    21:23:50.0639 6160 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    21:23:50.0640 6160 Compbatt - ok
    21:23:50.0649 6160 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    21:23:50.0651 6160 CompositeBus - ok
    21:23:50.0653 6160 COMSysApp - ok
    21:23:50.0671 6160 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    21:23:50.0673 6160 crcdisk - ok
    21:23:50.0720 6160 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    21:23:50.0723 6160 CryptSvc - ok
    21:23:50.0818 6160 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    21:23:50.0825 6160 cvhsvc - ok
    21:23:50.0870 6160 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    21:23:50.0877 6160 DcomLaunch - ok
    21:23:50.0900 6160 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    21:23:50.0904 6160 defragsvc - ok
    21:23:50.0927 6160 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    21:23:50.0929 6160 DfsC - ok
    21:23:50.0961 6160 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    21:23:50.0964 6160 Dhcp - ok
    21:23:50.0977 6160 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    21:23:50.0978 6160 discache - ok
    21:23:50.0995 6160 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    21:23:50.0996 6160 Disk - ok
    21:23:51.0026 6160 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    21:23:51.0029 6160 Dnscache - ok
    21:23:51.0038 6160 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    21:23:51.0042 6160 dot3svc - ok
    21:23:51.0059 6160 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    21:23:51.0062 6160 DPS - ok
    21:23:51.0070 6160 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    21:23:51.0071 6160 drmkaud - ok
    21:23:51.0109 6160 [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    21:23:51.0112 6160 dtsoftbus01 - ok
    21:23:51.0172 6160 dump_wmimmc - ok
    21:23:51.0198 6160 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    21:23:51.0207 6160 DXGKrnl - ok
    21:23:51.0218 6160 EagleX64 - ok
    21:23:51.0238 6160 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    21:23:51.0240 6160 EapHost - ok
    21:23:51.0297 6160 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    21:23:51.0352 6160 ebdrv - ok
    21:23:51.0368 6160 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    21:23:51.0370 6160 EFS - ok
    21:23:51.0423 6160 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    21:23:51.0430 6160 ehRecvr - ok
    21:23:51.0451 6160 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    21:23:51.0453 6160 ehSched - ok
    21:23:51.0479 6160 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    21:23:51.0490 6160 elxstor - ok
    21:23:51.0509 6160 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    21:23:51.0510 6160 ErrDev - ok
    21:23:51.0546 6160 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    21:23:51.0551 6160 EventSystem - ok
    21:23:51.0559 6160 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    21:23:51.0561 6160 exfat - ok
    21:23:51.0613 6160 [ 1701BA23B02A0EF1BD68539F0A74FDD7 ] EzVpnSvc C:\Program Files\COMODO\Unite\EzVpnSvc.exe
    21:23:51.0618 6160 EzVpnSvc - ok
    21:23:51.0645 6160 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    21:23:51.0647 6160 fastfat - ok
    21:23:51.0665 6160 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    21:23:51.0672 6160 Fax - ok
    21:23:51.0693 6160 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    21:23:51.0694 6160 fdc - ok
    21:23:51.0703 6160 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    21:23:51.0705 6160 fdPHost - ok
    21:23:51.0711 6160 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    21:23:51.0712 6160 FDResPub - ok
    21:23:51.0724 6160 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    21:23:51.0726 6160 FileInfo - ok
    21:23:51.0739 6160 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    21:23:51.0741 6160 Filetrace - ok
    21:23:51.0749 6160 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    21:23:51.0750 6160 flpydisk - ok
    21:23:51.0775 6160 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    21:23:51.0778 6160 FltMgr - ok
    21:23:51.0825 6160 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    21:23:51.0835 6160 FontCache - ok
    21:23:51.0875 6160 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    21:23:51.0877 6160 FontCache3.0.0.0 - ok
    21:23:51.0905 6160 [ 71CDC1D7F58D5EC49EBC2E2332AD3FAE ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    21:23:51.0908 6160 FPLService - ok
    21:23:51.0922 6160 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    21:23:51.0923 6160 FsDepends - ok
    21:23:51.0953 6160 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    21:23:51.0954 6160 Fs_Rec - ok
    21:23:51.0971 6160 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    21:23:51.0972 6160 fvevol - ok
    21:23:51.0995 6160 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    21:23:51.0996 6160 gagp30kx - ok
    21:23:52.0027 6160 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    21:23:52.0030 6160 GamesAppService - ok
    21:23:52.0055 6160 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:23:52.0057 6160 GEARAspiWDM - ok
    21:23:52.0086 6160 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    21:23:52.0094 6160 gpsvc - ok
    21:23:52.0156 6160 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    21:23:52.0158 6160 gupdate - ok
    21:23:52.0174 6160 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    21:23:52.0175 6160 gupdatem - ok
    21:23:52.0195 6160 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    21:23:52.0197 6160 gusvc - ok
    21:23:52.0215 6160 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
    21:23:52.0216 6160 hamachi - ok
    21:23:52.0320 6160 [ F10C3F2E002100BF8B797DCF283FEA7D ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    21:23:52.0366 6160 Hamachi2Svc - ok
    21:23:52.0381 6160 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    21:23:52.0383 6160 hcw85cir - ok
    21:23:52.0396 6160 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    21:23:52.0400 6160 HdAudAddService - ok
    21:23:52.0410 6160 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    21:23:52.0411 6160 HDAudBus - ok
    21:23:52.0429 6160 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    21:23:52.0430 6160 HidBatt - ok
    21:23:52.0441 6160 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    21:23:52.0442 6160 HidBth - ok
    21:23:52.0455 6160 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    21:23:52.0457 6160 HidIr - ok
    21:23:52.0466 6160 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    21:23:52.0468 6160 hidserv - ok
    21:23:52.0470 6160 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    21:23:52.0471 6160 HidUsb - ok
    21:23:52.0515 6160 [ 00C71C3FB915BA353740999ADF447927 ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    21:23:52.0516 6160 HiPatchService - ok
    21:23:52.0538 6160 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    21:23:52.0541 6160 hkmsvc - ok
    21:23:52.0558 6160 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    21:23:52.0562 6160 HomeGroupListener - ok
    21:23:52.0582 6160 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    21:23:52.0586 6160 HomeGroupProvider - ok
    21:23:52.0655 6160 [ 531D1843C7A411F4E41EC6786F291E5F ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    21:23:52.0656 6160 HP Support Assistant Service - ok
    21:23:52.0702 6160 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    21:23:52.0705 6160 HPClientSvc - ok
    21:23:52.0723 6160 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    21:23:52.0725 6160 HPDrvMntSvc.exe - ok
    21:23:52.0747 6160 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    21:23:52.0754 6160 hpqwmiex - ok
    21:23:52.0781 6160 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    21:23:52.0783 6160 HpSAMD - ok
    21:23:52.0816 6160 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    21:23:52.0823 6160 HTTP - ok
    21:23:52.0849 6160 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    21:23:52.0850 6160 hwpolicy - ok
    21:23:52.0863 6160 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    21:23:52.0865 6160 i8042prt - ok
    21:23:52.0890 6160 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\drivers\iaStor.sys
    21:23:52.0893 6160 iaStor - ok
    21:23:52.0899 6160 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    21:23:52.0903 6160 iaStorV - ok
    21:23:52.0947 6160 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    21:23:52.0955 6160 idsvc - ok
    21:23:53.0150 6160 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    21:23:53.0347 6160 igfx - ok
    21:23:53.0396 6160 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    21:23:53.0397 6160 iirsp - ok
    21:23:53.0433 6160 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    21:23:53.0441 6160 IKEEXT - ok
    21:23:53.0471 6160 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
    21:23:53.0473 6160 Impcd - ok
    21:23:53.0549 6160 [ 392D5C87F282E8E36DF5154418A7BB20 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    21:23:53.0590 6160 IntcAzAudAddService - ok
    21:23:53.0611 6160 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    21:23:53.0613 6160 intelide - ok
    21:23:53.0616 6160 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
    21:23:53.0617 6160 intelppm - ok
    21:23:53.0637 6160 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    21:23:53.0639 6160 IPBusEnum - ok
    21:23:53.0650 6160 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:23:53.0652 6160 IpFilterDriver - ok
    21:23:53.0670 6160 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    21:23:53.0676 6160 iphlpsvc - ok
    21:23:53.0702 6160 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    21:23:53.0704 6160 IPMIDRV - ok
    21:23:53.0713 6160 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    21:23:53.0715 6160 IPNAT - ok
    21:23:53.0755 6160 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    21:23:53.0763 6160 iPod Service - ok
    21:23:53.0799 6160 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    21:23:53.0801 6160 IRENUM - ok
    21:23:53.0822 6160 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    21:23:53.0823 6160 isapnp - ok
    21:23:53.0835 6160 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    21:23:53.0838 6160 iScsiPrt - ok
    21:23:53.0891 6160 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    21:23:53.0894 6160 jhi_service - ok
    21:23:53.0904 6160 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    21:23:53.0906 6160 kbdclass - ok
    21:23:53.0920 6160 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    21:23:53.0922 6160 kbdhid - ok
    21:23:53.0936 6160 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    21:23:53.0938 6160 KeyIso - ok
    21:23:53.0953 6160 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    21:23:53.0954 6160 KSecDD - ok
    21:23:53.0964 6160 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    21:23:53.0966 6160 KSecPkg - ok
    21:23:53.0974 6160 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    21:23:53.0975 6160 ksthunk - ok
    21:23:53.0993 6160 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    21:23:53.0998 6160 KtmRm - ok
    21:23:54.0045 6160 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    21:23:54.0048 6160 LanmanServer - ok
    21:23:54.0057 6160 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    21:23:54.0060 6160 LanmanWorkstation - ok
    21:23:54.0067 6160 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    21:23:54.0068 6160 lltdio - ok
    21:23:54.0083 6160 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    21:23:54.0088 6160 lltdsvc - ok
    21:23:54.0097 6160 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    21:23:54.0099 6160 lmhosts - ok
    21:23:54.0127 6160 [ D75C4B4A8FE6D7FD74A7EECDBAEC729F ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    21:23:54.0130 6160 LMS - ok
    21:23:54.0157 6160 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    21:23:54.0158 6160 LSI_FC - ok
    21:23:54.0165 6160 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    21:23:54.0167 6160 LSI_SAS - ok
    21:23:54.0182 6160 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    21:23:54.0183 6160 LSI_SAS2 - ok
    21:23:54.0197 6160 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    21:23:54.0198 6160 LSI_SCSI - ok
    21:23:54.0214 6160 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    21:23:54.0216 6160 luafv - ok
    21:23:54.0331 6160 [ AC22F92C6078640FE8A70D662A2F3AD5 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
    21:23:54.0399 6160 LVUVC64 - ok
    21:23:54.0478 6160 [ 922CBAC7B992B9614CAB7122F4BF9406 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
    21:23:54.0479 6160 ManyCam - ok
    21:23:54.0525 6160 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    21:23:54.0527 6160 MBAMProtector - ok
    21:23:54.0569 6160 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    21:23:54.0573 6160 MBAMScheduler - ok
    21:23:54.0625 6160 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    21:23:54.0631 6160 MBAMService - ok
    21:23:54.0668 6160 [ 34A42DD7CF525D0D2C5232916496E4B8 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys
    21:23:54.0669 6160 mcaudrv_simple - ok
    21:23:54.0682 6160 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    21:23:54.0684 6160 Mcx2Svc - ok
    21:23:54.0703 6160 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
    21:23:54.0704 6160 megasas - ok
    21:23:54.0718 6160 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    21:23:54.0721 6160 MegaSR - ok
    21:23:54.0733 6160 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
    21:23:54.0734 6160 MEIx64 - ok
    21:23:54.0742 6160 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    21:23:54.0744 6160 MMCSS - ok
    21:23:54.0758 6160 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    21:23:54.0759 6160 Modem - ok
    21:23:54.0777 6160 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    21:23:54.0778 6160 monitor - ok
    21:23:54.0791 6160 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    21:23:54.0792 6160 mouclass - ok
    21:23:54.0807 6160 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    21:23:54.0808 6160 mouhid - ok
    21:23:54.0820 6160 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    21:23:54.0822 6160 mountmgr - ok
    21:23:54.0867 6160 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    21:23:54.0869 6160 MozillaMaintenance - ok
    21:23:54.0888 6160 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    21:23:54.0890 6160 mpio - ok
    21:23:54.0901 6160 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    21:23:54.0902 6160 mpsdrv - ok
    21:23:54.0933 6160 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    21:23:54.0937 6160 MpsSvc - ok
    21:23:54.0952 6160 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    21:23:54.0953 6160 MRxDAV - ok
    21:23:54.0962 6160 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:23:54.0963 6160 mrxsmb - ok
    21:23:54.0997 6160 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:23:54.0998 6160 mrxsmb10 - ok
    21:23:55.0011 6160 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:23:55.0013 6160 mrxsmb20 - ok
    21:23:55.0040 6160 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    21:23:55.0041 6160 msahci - ok
    21:23:55.0059 6160 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    21:23:55.0061 6160 msdsm - ok
    21:23:55.0081 6160 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    21:23:55.0085 6160 MSDTC - ok
    21:23:55.0108 6160 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    21:23:55.0109 6160 Msfs - ok
    21:23:55.0122 6160 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    21:23:55.0123 6160 mshidkmdf - ok
    21:23:55.0142 6160 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    21:23:55.0143 6160 msisadrv - ok
    21:23:55.0165 6160 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    21:23:55.0168 6160 MSiSCSI - ok
    21:23:55.0170 6160 msiserver - ok
    21:23:55.0187 6160 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    21:23:55.0188 6160 MSKSSRV - ok
    21:23:55.0198 6160 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    21:23:55.0199 6160 MSPCLOCK - ok
    21:23:55.0204 6160 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    21:23:55.0205 6160 MSPQM - ok
    21:23:55.0218 6160 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    21:23:55.0222 6160 MsRPC - ok
    21:23:55.0267 6160 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    21:23:55.0268 6160 mssmbios - ok
    21:23:55.0278 6160 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    21:23:55.0279 6160 MSTEE - ok
    21:23:55.0294 6160 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    21:23:55.0295 6160 MTConfig - ok
    21:23:55.0312 6160 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    21:23:55.0313 6160 Mup - ok
    21:23:55.0351 6160 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    21:23:55.0357 6160 napagent - ok
    21:23:55.0381 6160 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    21:23:55.0385 6160 NativeWifiP - ok
    21:23:55.0442 6160 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    21:23:55.0450 6160 NDIS - ok
    21:23:55.0478 6160 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    21:23:55.0479 6160 NdisCap - ok
     
  12. Taycat

    Taycat Newcomer, in training Topic Starter Posts: 52

    ...continued
    21:23:55.0506 6160 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    21:23:55.0507 6160 NdisTapi - ok
    21:23:55.0517 6160 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    21:23:55.0519 6160 Ndisuio - ok
    21:23:55.0531 6160 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    21:23:55.0533 6160 NdisWan - ok
    21:23:55.0545 6160 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    21:23:55.0546 6160 NDProxy - ok
    21:23:55.0552 6160 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    21:23:55.0554 6160 NetBIOS - ok
    21:23:55.0567 6160 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    21:23:55.0570 6160 NetBT - ok
    21:23:55.0579 6160 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    21:23:55.0581 6160 Netlogon - ok
    21:23:55.0596 6160 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    21:23:55.0601 6160 Netman - ok
    21:23:55.0622 6160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:23:55.0642 6160 NetMsmqActivator - ok
    21:23:55.0645 6160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:23:55.0646 6160 NetPipeActivator - ok
    21:23:55.0678 6160 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    21:23:55.0684 6160 netprofm - ok
    21:23:55.0756 6160 [ EED1FBDE98CF5F6D5C0C5B27AB1F68EC ] netr28ux C:\Windows\system32\DRIVERS\Dnetr28ux.sys
    21:23:55.0766 6160 netr28ux - ok
    21:23:55.0769 6160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:23:55.0770 6160 NetTcpActivator - ok
    21:23:55.0772 6160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:23:55.0773 6160 NetTcpPortSharing - ok
    21:23:55.0832 6160 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    21:23:55.0834 6160 nfrd960 - ok
    21:23:55.0851 6160 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    21:23:55.0855 6160 NlaSvc - ok
    21:23:55.0929 6160 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    21:23:55.0972 6160 NOBU - ok
    21:23:56.0023 6160 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    21:23:56.0025 6160 Npfs - ok
    21:23:56.0037 6160 npggsvc - ok
    21:23:56.0040 6160 NPPTNT2 - ok
    21:23:56.0061 6160 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    21:23:56.0063 6160 nsi - ok
    21:23:56.0076 6160 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    21:23:56.0077 6160 nsiproxy - ok
    21:23:56.0130 6160 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    21:23:56.0150 6160 Ntfs - ok
    21:23:56.0185 6160 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    21:23:56.0186 6160 Null - ok
    21:23:56.0201 6160 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    21:23:56.0203 6160 nvraid - ok
    21:23:56.0215 6160 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    21:23:56.0217 6160 nvstor - ok
    21:23:56.0247 6160 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    21:23:56.0248 6160 nv_agp - ok
    21:23:56.0259 6160 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    21:23:56.0261 6160 ohci1394 - ok
    21:23:56.0288 6160 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:23:56.0291 6160 ose - ok
    21:23:56.0435 6160 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    21:23:56.0517 6160 osppsvc - ok
    21:23:56.0539 6160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    21:23:56.0544 6160 p2pimsvc - ok
    21:23:56.0556 6160 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    21:23:56.0562 6160 p2psvc - ok
    21:23:56.0573 6160 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
    21:23:56.0575 6160 Parport - ok
    21:23:56.0590 6160 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    21:23:56.0592 6160 partmgr - ok
    21:23:56.0600 6160 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    21:23:56.0603 6160 PcaSvc - ok
    21:23:56.0617 6160 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    21:23:56.0620 6160 pci - ok
    21:23:56.0634 6160 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    21:23:56.0635 6160 pciide - ok
    21:23:56.0662 6160 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    21:23:56.0665 6160 pcmcia - ok
    21:23:56.0684 6160 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    21:23:56.0685 6160 pcw - ok
    21:23:56.0699 6160 pdfcDispatcher - ok
    21:23:56.0724 6160 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    21:23:56.0730 6160 PEAUTH - ok
    21:23:56.0810 6160 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    21:23:56.0812 6160 PerfHost - ok
    21:23:56.0847 6160 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    21:23:56.0860 6160 pla - ok
    21:23:56.0893 6160 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    21:23:56.0899 6160 PlugPlay - ok
    21:23:56.0920 6160 [ 0BEE791C7C7ACE453C134E73633C497D ] pmxdrv C:\Windows\system32\drivers\pmxdrv.sys
    21:23:56.0922 6160 pmxdrv - ok
    21:23:56.0947 6160 PnkBstrA - ok
    21:23:56.0957 6160 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    21:23:56.0960 6160 PNRPAutoReg - ok
    21:23:56.0965 6160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    21:23:56.0968 6160 PNRPsvc - ok
    21:23:56.0991 6160 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    21:23:56.0997 6160 PolicyAgent - ok
    21:23:57.0023 6160 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    21:23:57.0026 6160 Power - ok
    21:23:57.0034 6160 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    21:23:57.0036 6160 PptpMiniport - ok
    21:23:57.0057 6160 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
    21:23:57.0058 6160 Processor - ok
    21:23:57.0107 6160 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    21:23:57.0111 6160 ProfSvc - ok
    21:23:57.0127 6160 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    21:23:57.0129 6160 ProtectedStorage - ok
    21:23:57.0145 6160 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    21:23:57.0147 6160 Psched - ok
    21:23:57.0184 6160 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    21:23:57.0197 6160 ql2300 - ok
    21:23:57.0208 6160 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    21:23:57.0210 6160 ql40xx - ok
    21:23:57.0234 6160 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    21:23:57.0238 6160 QWAVE - ok
    21:23:57.0252 6160 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    21:23:57.0253 6160 QWAVEdrv - ok
    21:23:57.0270 6160 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    21:23:57.0272 6160 RasAcd - ok
    21:23:57.0285 6160 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    21:23:57.0286 6160 RasAgileVpn - ok
    21:23:57.0295 6160 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    21:23:57.0298 6160 RasAuto - ok
    21:23:57.0311 6160 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:23:57.0313 6160 Rasl2tp - ok
    21:23:57.0330 6160 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    21:23:57.0335 6160 RasMan - ok
    21:23:57.0341 6160 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    21:23:57.0343 6160 RasPppoe - ok
    21:23:57.0347 6160 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    21:23:57.0349 6160 RasSstp - ok
    21:23:57.0358 6160 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    21:23:57.0362 6160 rdbss - ok
    21:23:57.0380 6160 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    21:23:57.0381 6160 rdpbus - ok
    21:23:57.0384 6160 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:23:57.0384 6160 RDPCDD - ok
    21:23:57.0398 6160 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    21:23:57.0399 6160 RDPENCDD - ok
    21:23:57.0407 6160 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    21:23:57.0407 6160 RDPREFMP - ok
    21:23:57.0448 6160 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    21:23:57.0450 6160 RDPWD - ok
    21:23:57.0467 6160 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    21:23:57.0470 6160 rdyboost - ok
    21:23:57.0499 6160 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    21:23:57.0501 6160 RemoteAccess - ok
    21:23:57.0516 6160 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    21:23:57.0520 6160 RemoteRegistry - ok
    21:23:57.0565 6160 [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    21:23:57.0569 6160 RoxioNow Service - ok
    21:23:57.0578 6160 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    21:23:57.0581 6160 RpcEptMapper - ok
    21:23:57.0591 6160 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    21:23:57.0593 6160 RpcLocator - ok
    21:23:57.0614 6160 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    21:23:57.0618 6160 RpcSs - ok
    21:23:57.0633 6160 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    21:23:57.0635 6160 rspndr - ok
    21:23:57.0668 6160 [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    21:23:57.0672 6160 RTL8167 - ok
    21:23:57.0675 6160 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    21:23:57.0676 6160 SamSs - ok
    21:23:57.0691 6160 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    21:23:57.0693 6160 sbp2port - ok
    21:23:57.0775 6160 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    21:23:57.0785 6160 SBSDWSCService - ok
    21:23:57.0794 6160 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    21:23:57.0796 6160 SCardSvr - ok
    21:23:57.0810 6160 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    21:23:57.0810 6160 scfilter - ok
    21:23:57.0842 6160 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    21:23:57.0849 6160 Schedule - ok
    21:23:57.0872 6160 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    21:23:57.0874 6160 SCPolicySvc - ok
    21:23:57.0892 6160 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    21:23:57.0895 6160 SDRSVC - ok
    21:23:57.0937 6160 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    21:23:57.0940 6160 SeaPort - ok
    21:23:57.0948 6160 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    21:23:57.0949 6160 secdrv - ok
    21:23:57.0965 6160 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    21:23:57.0968 6160 seclogon - ok
    21:23:57.0970 6160 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    21:23:57.0973 6160 SENS - ok
    21:23:57.0989 6160 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    21:23:57.0992 6160 SensrSvc - ok
    21:23:58.0003 6160 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
    21:23:58.0004 6160 Serenum - ok
    21:23:58.0021 6160 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
    21:23:58.0022 6160 Serial - ok
    21:23:58.0036 6160 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    21:23:58.0037 6160 sermouse - ok
    21:23:58.0053 6160 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    21:23:58.0056 6160 SessionEnv - ok
    21:23:58.0071 6160 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    21:23:58.0073 6160 sffdisk - ok
    21:23:58.0088 6160 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    21:23:58.0089 6160 sffp_mmc - ok
    21:23:58.0098 6160 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    21:23:58.0099 6160 sffp_sd - ok
    21:23:58.0103 6160 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    21:23:58.0104 6160 sfloppy - ok
    21:23:58.0136 6160 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
    21:23:58.0143 6160 Sftfs - ok
    21:23:58.0243 6160 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    21:23:58.0247 6160 sftlist - ok
    21:23:58.0275 6160 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
    21:23:58.0278 6160 Sftplay - ok
    21:23:58.0302 6160 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
    21:23:58.0303 6160 Sftredir - ok
    21:23:58.0324 6160 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
    21:23:58.0325 6160 Sftvol - ok
    21:23:58.0349 6160 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    21:23:58.0351 6160 sftvsa - ok
    21:23:58.0393 6160 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    21:23:58.0396 6160 SharedAccess - ok
    21:23:58.0438 6160 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    21:23:58.0442 6160 ShellHWDetection - ok
    21:23:58.0451 6160 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    21:23:58.0452 6160 SiSRaid2 - ok
    21:23:58.0464 6160 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    21:23:58.0466 6160 SiSRaid4 - ok
    21:23:58.0511 6160 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    21:23:58.0513 6160 SkypeUpdate - ok
    21:23:58.0526 6160 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    21:23:58.0528 6160 Smb - ok
    21:23:58.0533 6160 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    21:23:58.0535 6160 SNMPTRAP - ok
    21:23:58.0563 6160 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    21:23:58.0563 6160 spldr - ok
    21:23:58.0602 6160 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    21:23:58.0609 6160 Spooler - ok
    21:23:58.0669 6160 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    21:23:58.0684 6160 sppsvc - ok
    21:23:58.0694 6160 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    21:23:58.0696 6160 sppuinotify - ok
    21:23:58.0717 6160 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    21:23:58.0720 6160 srv - ok
    21:23:58.0740 6160 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    21:23:58.0742 6160 srv2 - ok
    21:23:58.0758 6160 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    21:23:58.0759 6160 srvnet - ok
    21:23:58.0767 6160 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    21:23:58.0770 6160 SSDPSRV - ok
    21:23:58.0787 6160 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    21:23:58.0790 6160 SstpSvc - ok
    21:23:58.0807 6160 Steam Client Service - ok
    21:23:58.0824 6160 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
    21:23:58.0826 6160 stexstor - ok
    21:23:58.0860 6160 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    21:23:58.0864 6160 stisvc - ok
    21:23:58.0880 6160 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    21:23:58.0881 6160 swenum - ok
    21:23:58.0985 6160 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    21:23:58.0990 6160 SwitchBoard - ok
    21:23:59.0003 6160 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    21:23:59.0007 6160 swprv - ok
    21:23:59.0040 6160 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    21:23:59.0048 6160 SysMain - ok
    21:23:59.0056 6160 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    21:23:59.0059 6160 TabletInputService - ok
    21:23:59.0074 6160 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    21:23:59.0078 6160 TapiSrv - ok
    21:23:59.0086 6160 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    21:23:59.0089 6160 TBS - ok
    21:23:59.0153 6160 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    21:23:59.0161 6160 Tcpip - ok
    21:23:59.0200 6160 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    21:23:59.0207 6160 TCPIP6 - ok
    21:23:59.0214 6160 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    21:23:59.0215 6160 tcpipreg - ok
    21:23:59.0232 6160 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    21:23:59.0233 6160 TDPIPE - ok
    21:23:59.0256 6160 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    21:23:59.0257 6160 TDTCP - ok
    21:23:59.0272 6160 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    21:23:59.0273 6160 tdx - ok
    21:23:59.0359 6160 [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    21:23:59.0402 6160 TeamViewer7 - ok
    21:23:59.0421 6160 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    21:23:59.0422 6160 TermDD - ok
    21:23:59.0444 6160 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    21:23:59.0449 6160 TermService - ok
    21:23:59.0459 6160 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    21:23:59.0462 6160 Themes - ok
    21:23:59.0481 6160 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    21:23:59.0483 6160 THREADORDER - ok
    21:23:59.0496 6160 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    21:23:59.0499 6160 TrkWks - ok
    21:23:59.0531 6160 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    21:23:59.0532 6160 TrustedInstaller - ok
    21:23:59.0536 6160 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:23:59.0537 6160 tssecsrv - ok
    21:23:59.0557 6160 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    21:23:59.0558 6160 TsUsbFlt - ok
    21:23:59.0587 6160 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    21:23:59.0588 6160 TsUsbGD - ok
    21:23:59.0604 6160 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    21:23:59.0605 6160 tunnel - ok
    21:23:59.0615 6160 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    21:23:59.0617 6160 uagp35 - ok
    21:23:59.0632 6160 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    21:23:59.0634 6160 udfs - ok
    21:23:59.0641 6160 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    21:23:59.0644 6160 UI0Detect - ok
    21:23:59.0663 6160 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    21:23:59.0665 6160 uliagpkx - ok
    21:23:59.0675 6160 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    21:23:59.0677 6160 umbus - ok
    21:23:59.0685 6160 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
    21:23:59.0686 6160 UmPass - ok
    21:23:59.0723 6160 [ 927754ABF077AEB5504BE4E0F2C60C1B ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    21:23:59.0727 6160 UMVPFSrv - ok
    21:23:59.0809 6160 [ 758C2CE427C343F780A205E28555C98D ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    21:23:59.0851 6160 UNS - ok
    21:23:59.0884 6160 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    21:23:59.0888 6160 upnphost - ok
    21:23:59.0904 6160 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    21:23:59.0906 6160 usbccgp - ok
    21:23:59.0922 6160 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    21:23:59.0924 6160 usbcir - ok
    21:23:59.0952 6160 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    21:23:59.0953 6160 usbehci - ok
    21:23:59.0969 6160 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
    21:23:59.0972 6160 usbhub - ok
    21:23:59.0982 6160 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    21:23:59.0984 6160 usbohci - ok
    21:23:59.0990 6160 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    21:23:59.0992 6160 usbprint - ok
    21:24:00.0018 6160 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    21:24:00.0020 6160 usbscan - ok
    21:24:00.0041 6160 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:24:00.0043 6160 USBSTOR - ok
    21:24:00.0060 6160 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    21:24:00.0061 6160 usbuhci - ok
    21:24:00.0142 6160 [ 659BA43F61FC37609288A5340A8D37D4 ] usj C:\AeriaGames\EdenEternal\avital\ussjcs64.sys
    21:24:00.0144 6160 usj - ok
    21:24:00.0174 6160 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    21:24:00.0177 6160 UxSms - ok
    21:24:00.0187 6160 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    21:24:00.0189 6160 VaultSvc - ok
    21:24:00.0197 6160 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    21:24:00.0199 6160 vdrvroot - ok
    21:24:00.0220 6160 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    21:24:00.0224 6160 vds - ok
    21:24:00.0244 6160 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    21:24:00.0245 6160 vga - ok
    21:24:00.0256 6160 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    21:24:00.0257 6160 VgaSave - ok
    21:24:00.0268 6160 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    21:24:00.0271 6160 vhdmp - ok
    21:24:00.0283 6160 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    21:24:00.0284 6160 viaide - ok
    21:24:00.0312 6160 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    21:24:00.0314 6160 volmgr - ok
    21:24:00.0336 6160 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    21:24:00.0339 6160 volmgrx - ok
    21:24:00.0357 6160 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
    21:24:00.0360 6160 volsnap - ok
    21:24:00.0372 6160 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    21:24:00.0374 6160 vsmraid - ok
    21:24:00.0416 6160 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    21:24:00.0424 6160 VSS - ok
    21:24:00.0433 6160 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    21:24:00.0434 6160 vwifibus - ok
    21:24:00.0450 6160 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    21:24:00.0451 6160 vwififlt - ok
    21:24:00.0470 6160 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    21:24:00.0474 6160 W32Time - ok
    21:24:00.0489 6160 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    21:24:00.0490 6160 WacomPen - ok
    21:24:00.0505 6160 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    21:24:00.0507 6160 WANARP - ok
    21:24:00.0510 6160 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    21:24:00.0511 6160 Wanarpv6 - ok
    21:24:00.0580 6160 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    21:24:00.0591 6160 WatAdminSvc - ok
    21:24:00.0656 6160 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    21:24:00.0670 6160 wbengine - ok
    21:24:00.0688 6160 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    21:24:00.0691 6160 WbioSrvc - ok
    21:24:00.0711 6160 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    21:24:00.0715 6160 wcncsvc - ok
    21:24:00.0724 6160 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    21:24:00.0727 6160 WcsPlugInService - ok
    21:24:00.0736 6160 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
    21:24:00.0737 6160 Wd - ok
    21:24:00.0759 6160 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    21:24:00.0762 6160 Wdf01000 - ok
    21:24:00.0774 6160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    21:24:00.0777 6160 WdiServiceHost - ok
    21:24:00.0780 6160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    21:24:00.0783 6160 WdiSystemHost - ok
    21:24:00.0791 6160 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    21:24:00.0795 6160 WebClient - ok
    21:24:00.0814 6160 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    21:24:00.0819 6160 Wecsvc - ok
    21:24:00.0837 6160 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    21:24:00.0840 6160 wercplsupport - ok
    21:24:00.0856 6160 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    21:24:00.0859 6160 WerSvc - ok
    21:24:00.0865 6160 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    21:24:00.0866 6160 WfpLwf - ok
    21:24:00.0884 6160 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    21:24:00.0885 6160 WIMMount - ok
    21:24:00.0904 6160 WinDefend - ok
    21:24:00.0908 6160 WinHttpAutoProxySvc - ok
    21:24:00.0961 6160 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    21:24:00.0963 6160 Winmgmt - ok
    21:24:01.0039 6160 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
    21:24:01.0040 6160 WinRing0_1_2_0 - ok
    21:24:01.0081 6160 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    21:24:01.0091 6160 WinRM - ok
    21:24:01.0127 6160 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    21:24:01.0133 6160 Wlansvc - ok
    21:24:01.0178 6160 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    21:24:01.0179 6160 wlcrasvc - ok
    21:24:01.0236 6160 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    21:24:01.0254 6160 wlidsvc - ok
    21:24:01.0265 6160 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    21:24:01.0267 6160 WmiAcpi - ok
    21:24:01.0288 6160 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    21:24:01.0289 6160 wmiApSrv - ok
    21:24:01.0296 6160 WMPNetworkSvc - ok
    21:24:01.0306 6160 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    21:24:01.0309 6160 WPCSvc - ok
    21:24:01.0319 6160 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    21:24:01.0322 6160 WPDBusEnum - ok
    21:24:01.0330 6160 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    21:24:01.0331 6160 ws2ifsl - ok
    21:24:01.0349 6160 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    21:24:01.0352 6160 wscsvc - ok
    21:24:01.0354 6160 WSearch - ok
    21:24:01.0414 6160 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    21:24:01.0425 6160 wuauserv - ok
    21:24:01.0441 6160 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    21:24:01.0443 6160 WudfPf - ok
    21:24:01.0455 6160 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:24:01.0457 6160 WUDFRd - ok
    21:24:01.0461 6160 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    21:24:01.0464 6160 wudfsvc - ok
    21:24:01.0478 6160 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    21:24:01.0481 6160 WwanSvc - ok
    21:24:01.0574 6160 X6va005 - ok
    21:24:01.0577 6160 X6va006 - ok
    21:24:01.0617 6160 [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
    21:24:01.0618 6160 xusb21 - ok
    21:24:01.0641 6160 ================ Scan global ===============================
    21:24:01.0674 6160 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    21:24:01.0709 6160 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    21:24:01.0715 6160 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    21:24:01.0737 6160 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    21:24:01.0776 6160 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    21:24:01.0779 6160 [Global] - ok
    21:24:01.0779 6160 ================ Scan MBR ==================================
    21:24:01.0799 6160 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    21:24:01.0969 6160 \Device\Harddisk0\DR0 - ok
    21:24:01.0969 6160 ================ Scan VBR ==================================
    21:24:01.0970 6160 [ 5761593F61CF07FF6D4B05A4305B5BDE ] \Device\Harddisk0\DR0\Partition1
    21:24:01.0971 6160 \Device\Harddisk0\DR0\Partition1 - ok
    21:24:02.0024 6160 [ 7960E08037661025CA82EC17FAB1B37F ] \Device\Harddisk0\DR0\Partition2
    21:24:02.0025 6160 \Device\Harddisk0\DR0\Partition2 - ok
    21:24:02.0060 6160 [ C39F71C78D19BAFF87B580D93CD85B63 ] \Device\Harddisk0\DR0\Partition3
    21:24:02.0062 6160 \Device\Harddisk0\DR0\Partition3 - ok
    21:24:02.0062 6160 ============================================================
    21:24:02.0062 6160 Scan finished
    21:24:02.0062 6160 ============================================================
    21:24:02.0067 5084 Detected object count: 0
    21:24:02.0067 5084 Actual detected object count: 0
  13. Taycat

    Taycat Newcomer, in training Topic Starter Posts: 52

    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Taylor [Admin rights]
    Mode : Remove -- Date : 10/05/2012 21:28:50

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 6 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : RGSC (C:\Users\Taylor\Desktop\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent) -> DELETED
    [Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\X6va005 (\??\C:\Users\Taylor\AppData\Local\Temp\0054411.tmp) -> DELETED
    [Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\X6va005 (\??\C:\Users\Taylor\AppData\Local\Temp\0054411.tmp) -> DELETED
    [TASK][SUSP PATH] {441F5EF6-CF09-412E-BABB-97A519A979CF} : C:\Windows\system32\pcalua.exe -a "C:\Users\Taylor\Desktop\Gamez Aion Installer.exe" -d C:\Users\Taylor\Desktop -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : Root.MBR ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD15EARS-60MVWB0 +++++
    --- User ---
    [MBR] 323ca80c5469d2d2c86f06e50b5f8e41
    [BSP] 5a6395fbd10f98078d9c01ce463704f7 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1418632 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2905565184 | Size: 12065 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] a5b67e00066b9cc305788dc838fa8d70
    [BSP] 13475085f8c874585204fd0994409307 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 226125824 | Size: 300 Mo

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
  14. Taycat

    Taycat Newcomer, in training Topic Starter Posts: 52

    I assume you'll want me to remove what's been found in this log. Until you reply, I won't remove them yet.

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-05 21:30:11
    -----------------------------
    21:30:11.610 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:30:11.610 Number of processors: 4 586 0x2A07
    21:30:11.611 ComputerName: HOME UserName:
    21:30:13.752 Initialize success
    21:30:14.883 AVAST engine defs: 12100502
    21:30:27.731 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    21:30:27.733 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
    21:30:27.747 Disk 0 MBR read successfully
    21:30:27.749 Disk 0 MBR scan
    21:30:27.751 Disk 0 Windows 7 default MBR code
    21:30:27.757 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    21:30:27.768 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1418632 MB offset 206848
    21:30:27.804 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12065 MB offset 2905565184
    21:30:27.835 Disk 0 scanning C:\Windows\system32\drivers
    21:30:38.151 Service scanning
    21:30:52.584 Modules scanning
    21:30:52.588 Disk 0 trace - called modules:
    21:30:52.611 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    21:30:52.936 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a04f060]
    21:30:52.939 3 CLASSPNP.SYS[fffff88000dc243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80079e0050]
    21:30:54.395 AVAST engine scan C:\Windows
    21:30:59.171 AVAST engine scan C:\Windows\system32
    21:33:27.054 AVAST engine scan C:\Windows\system32\drivers
    21:34:06.320 AVAST engine scan C:\Users\Taylor
    21:43:23.881 File: C:\Users\Taylor\AppData\Roaming\1107.exe **INFECTED** Win32:Trojan-gen
    21:43:23.939 File: C:\Users\Taylor\AppData\Roaming\121A.exe **INFECTED** Win32:Downloader-QUI [Trj]
    21:43:23.990 File: C:\Users\Taylor\AppData\Roaming\358A.exe **INFECTED** Win32:VBCrypt-BVA [Trj]
    21:43:24.028 File: C:\Users\Taylor\AppData\Roaming\37A1.exe **INFECTED** Win32:VBCrypt-BVA [Trj]
    21:43:24.078 File: C:\Users\Taylor\AppData\Roaming\4927.exe **INFECTED** Win32:VBCrypt-BVA [Trj]
    21:43:24.099 File: C:\Users\Taylor\AppData\Roaming\6331.exe **INFECTED** Win32:VBCrypt-BVA [Trj]
    21:43:24.147 File: C:\Users\Taylor\AppData\Roaming\9A6F.exe **INFECTED** Win32:VBCrypt-BVA [Trj]
    21:43:26.787 File: C:\Users\Taylor\AppData\Roaming\BAAC.exe **INFECTED** Win32:VBCrypt-BVA [Trj]
    21:43:31.399 File: C:\Users\Taylor\AppData\Roaming\F40E.exe **INFECTED** Win32:Downloader-QUI [Trj]
    22:08:36.367 File: C:\Users\Taylor\Documents\Iterra\xfbjjvj.dll **INFECTED** Win32:Trojan-gen
    22:25:06.680 File: C:\Users\Taylor\kytqetorjans.exe **INFECTED** Win32:Downloader-QUI [Trj]
    22:32:05.777 AVAST engine scan C:\ProgramData
    22:34:47.340 Scan finished successfully
    22:36:18.317 Disk 0 MBR has been saved successfully to "C:\Users\Taylor\Desktop\MBR.dat"
    22:36:18.321 The log file has been saved successfully to "C:\Users\Taylor\Desktop\aswMBR.txt"
  15. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    =============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  16. Taycat

    Taycat Newcomer, in training Topic Starter Posts: 52

    I've tried both suggestions to get Combofix to work, but they have not worked. Each time it gets to stage 49 and stays there. I've done research and have found Combofix has 50 stages and I have no idea why it won't complete stage 50. I left my computer on all last night with Combofix running to no avail. I ran rkill.exe and have this log to show for it.

    Rkill 2.4.3 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 10/06/2012 12:12:21 PM in x64 mode.
    Windows Version: Windows 7 Home Premium Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * Windows Firewall Disabled

    [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = dword:00000000

    Checking Windows Service Integrity:

    * COM+ Event System (EventSystem) is not Running.
    Startup Type set to: Automatic

    * Security Center (wscsvc) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Windows Update (wuauserv) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * No issues found.

    Program finished at: 10/06/2012 12:12:24 PM
    Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s)
  17. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  18. Taycat

    Taycat Newcomer, in training Topic Starter Posts: 52

    FRST.txt
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2012 01
    Ran by SYSTEM at 06-10-2012 16:39:49
    Running from H:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet002

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-09-30] (Microsoft Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
    HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKLM-x32\...\Run: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent [1411224 2012-09-10] (Aeria Games & Entertainment)
    HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software)
    HKU\Taylor\...\Run: [Google Update] "C:\Users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-11-26] (Google Inc.)
    HKU\Taylor\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]
    HKU\Taylor\...\Run: [PlayNC Launcher] [x]
    HKU\Taylor\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
    HKU\Taylor\...\Run: [Akamai NetSession Interface] "C:\Users\Taylor\AppData\Local\Akamai\netsession_win.exe" [3331872 2012-03-13] (Akamai Technologies, Inc)
    HKU\Taylor\...\Run: [AdobeBridge] [x]
    HKU\Taylor\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1353080 2012-08-08] (Valve Corporation)
    HKU\Taylor\...\Run: [puush] C:\Program Files (x86)\puush\puush.exe [565480 2012-07-23] ()
    HKU\Taylor\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Startup: C:\Users\Taylor\Start Menu\Programs\Startup\Rainmeter.lnk
    ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

    ==================== Services (Whitelisted) ===================

    2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-08-21] (AVAST Software)
    2 EzVpnSvc; "C:\Program Files\COMODO\Unite\EzVpnSvc.exe" [534832 2011-08-22] (COMODO)
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
    2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-05-05] ()
    2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

    ==================== Drivers (Whitelisted) =====================

    1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
    2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
    2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
    1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-08-21] (AVAST Software)
    1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
    1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
    1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
    3 ATP; C:\Windows\System32\DRIVERS\cmdatp.sys [20888 2011-04-14] (Comodo, Inc.)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [279616 2011-12-16] (DT Soft Ltd)
    3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2012-01-10] (ManyCam LLC)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
    3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-22] (ManyCam LLC)
    3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1061888 2009-09-15] (Ralink Technology Corp.)
    3 pmxdrv; C:\Windows\System32\Drivers\pmxdrv.sys [31152 2011-09-13] ()
    3 usj; \??\C:\AeriaGames\EdenEternal\avital\ussjcs64.sys [89560 2012-09-17] ()
    3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
    3 dump_wmimmc; \??\C:\WeMade Entertainment\DigimonBattle\GameGuard\dump_wmimmc.sys [x]
    3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
    3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
    3 X6va006; \??\C:\Users\Taylor\AppData\Local\Temp\006337E.tmp [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-10-06 13:30 - 2012-10-06 13:30 - 01456405 ____A (Farbar) C:\Users\Taylor\Desktop\FRST64.exe
    2012-10-06 11:18 - 2012-10-06 11:24 - 00000000 ___SD C:\ComboFix
    2012-10-06 11:17 - 2012-10-06 11:17 - 04762471 ____N (Swearware) C:\Users\Taylor\Desktop\explorer.exe
    2012-10-06 08:52 - 2012-10-06 11:18 - 00002862 ____A C:\Users\Taylor\Desktop\Rkill.txt
    2012-10-06 08:52 - 2012-10-06 08:52 - 00000000 ____D C:\Users\Taylor\Desktop\rkill
    2012-10-06 08:49 - 2012-10-06 08:49 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Taylor\Desktop\rkill.exe
    2012-10-05 20:23 - 2012-10-05 20:23 - 00000000 ____D C:\Windows\erdnt
    2012-10-05 20:23 - 2012-10-05 20:23 - 00000000 ____D C:\Qoobox
    2012-10-05 20:23 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-10-05 20:23 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-10-05 20:23 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-10-05 20:23 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-10-05 20:23 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-10-05 20:23 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-10-05 20:23 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-10-05 20:23 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-10-05 19:36 - 2012-10-05 19:36 - 00003012 ____A C:\Users\Taylor\Desktop\aswMBR.txt
    2012-10-05 19:36 - 2012-10-05 19:36 - 00000512 ____A C:\Users\Taylor\Desktop\MBR.dat
    2012-10-05 18:29 - 2012-10-05 18:30 - 04731392 ____A (AVAST Software) C:\Users\Taylor\Desktop\aswMBR.exe
    2012-10-05 18:28 - 2012-10-05 18:28 - 00002381 ____A C:\Users\Taylor\Desktop\RKreport[1].txt
    2012-10-05 18:28 - 2012-10-05 18:28 - 00002235 ____A C:\Users\Taylor\Desktop\RKreport[2].txt
    2012-10-05 18:28 - 2012-10-05 18:28 - 00000000 ____D C:\Users\Taylor\Desktop\RK_Quarantine
    2012-10-05 18:25 - 2012-10-05 18:25 - 01422336 ____A C:\Users\Taylor\Desktop\RogueKiller.exe
    2012-10-05 18:23 - 2012-10-05 18:23 - 02193278 ____A C:\Users\Taylor\Desktop\tdsskiller.zip
    2012-10-05 18:23 - 2012-10-05 18:23 - 00000000 ____D C:\Users\Taylor\Desktop\tdsskiller
    2012-10-05 13:51 - 2012-10-05 13:51 - 00000000 ____A C:\Users\Taylor\Desktop\gmer.log
    2012-10-05 04:18 - 2012-10-05 04:18 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
    2012-10-04 22:10 - 2012-10-04 22:10 - 00001075 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-10-04 20:15 - 2012-10-04 20:15 - 00015360 ____A C:\Users\Taylor\AppData\Roaming\1107.exe
    2012-10-04 15:31 - 2012-10-04 15:31 - 00030720 ____A C:\Users\Taylor\kytqetorjans.exe
    2012-10-04 15:31 - 2012-10-04 15:31 - 00030720 ____A C:\Users\Taylor\AppData\Roaming\121A.exe
    2012-10-04 15:30 - 2012-10-04 15:30 - 00030720 ____A C:\Users\Taylor\AppData\Roaming\F40E.exe
    2012-10-04 01:12 - 2012-10-04 01:12 - 00073584 ____A C:\Users\Taylor\AppData\Roaming\37A1.exe
    2012-10-04 01:00 - 2012-10-04 01:00 - 00069496 ____A C:\Users\Taylor\AppData\Roaming\6331.exe
    2012-10-04 00:43 - 2012-10-04 00:43 - 00073584 ____A C:\Users\Taylor\AppData\Roaming\358A.exe
    2012-10-04 00:41 - 2012-10-04 06:29 - 00000000 ____D C:\Users\Taylor\Documents\Iterra
    2012-10-03 23:48 - 2012-10-03 23:48 - 00069496 ____A C:\Users\Taylor\AppData\Roaming\4927.exe
    2012-10-03 23:34 - 2012-10-03 23:34 - 00057232 ____A C:\Users\Taylor\AppData\Roaming\BAAC.exe
    2012-10-03 23:20 - 2012-10-03 23:20 - 00044968 ____A C:\Users\Taylor\AppData\Roaming\9A6F.exe
    2012-10-03 20:41 - 2012-10-04 21:58 - 00002081 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-10-03 20:41 - 2012-08-21 01:13 - 00969200 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-10-03 20:41 - 2012-08-21 01:13 - 00359464 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-10-03 20:41 - 2012-08-21 01:13 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-10-03 20:41 - 2012-08-21 01:13 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-10-03 20:41 - 2012-08-21 01:13 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2012-10-03 20:41 - 2012-08-21 01:13 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-10-03 20:41 - 2012-08-21 01:12 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
    2012-10-03 20:41 - 2012-08-21 01:12 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-10-03 15:48 - 2012-10-03 15:48 - 00000000 ____D C:\Program Files (x86)\CamStudio 2.6b
    2012-10-03 15:48 - 2010-10-23 21:56 - 00049664 ____A (CamStudio Group) C:\Windows\System32\CamCodec.dll
    2012-09-29 17:32 - 2012-09-29 17:32 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
    2012-09-25 21:25 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-09-21 20:24 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-09-21 20:24 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-09-21 20:24 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-09-21 20:24 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-09-21 20:24 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-09-21 20:24 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-09-21 20:24 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-09-21 20:24 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-09-21 20:24 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-09-21 20:24 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-09-21 20:24 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-09-21 20:24 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-09-21 20:24 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-09-21 20:24 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-09-21 20:24 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-09-21 20:24 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-09-21 20:24 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-09-21 20:24 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-09-21 20:24 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-09-21 20:24 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-09-21 20:24 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-09-21 20:24 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-09-21 20:24 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-09-21 20:24 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-09-21 20:24 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-09-21 20:24 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-09-21 20:24 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-09-21 20:24 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-09-21 20:24 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-09-21 20:24 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-09-21 20:24 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-09-21 20:24 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-09-17 17:43 - 2012-09-17 17:43 - 00000000 ____D C:\Users\Taylor\AppData\Local\Aeria Games
    2012-09-17 17:43 - 2012-09-17 17:43 - 00000000 ____D C:\Users\All Users\Aeria Games
    2012-09-17 17:08 - 2012-09-17 17:08 - 00000000 ____D C:\Program Files (x86)\Aeria Games
    2012-09-17 16:11 - 2012-09-17 17:08 - 00000000 ____D C:\AeriaGames
    2012-09-16 13:48 - 2012-09-16 14:29 - 00000000 ____D C:\Program Files\Disney Interactive
    2012-09-16 13:46 - 2012-09-16 14:29 - 00001781 ____A C:\Windows\disney.ini
    2012-09-15 20:02 - 2012-09-11 12:53 - 00000000 ____D C:\Users\Taylor\Tor Browser
    2012-09-14 18:07 - 2012-09-14 20:57 - 00000000 ____D C:\Users\All Users\PopCap Games
    2012-09-14 18:07 - 2012-09-14 18:07 - 00000000 ____D C:\Program Files (x86)\PopCap Games
    2012-09-13 07:37 - 2012-09-13 07:37 - 00000000 ____D C:\Users\Taylor\AppData\Local\{134C09C3-7A4C-4219-A447-8B1B1847AB91}
    2012-09-11 20:33 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-09-11 20:33 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-09-11 20:33 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-09-11 20:33 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-09-11 20:33 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-09-11 20:33 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-09-11 20:33 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
    2012-09-11 01:09 - 2012-09-11 01:11 - 00000000 ____D C:\Users\Taylor\Desktop\Plants vs. Zombies
    2012-09-10 01:59 - 2012-09-14 05:06 - 00000000 ____D C:\Users\Taylor\Desktop\NEW SPRITES
    2012-09-10 01:55 - 2012-09-10 01:55 - 00001454 ____A C:\Users\Taylor\AppData\Local\recently-used.xbel
    2012-09-07 13:38 - 2012-09-07 13:38 - 00000000 ____D C:\Users\Taylor\Desktop\downloads 3
    2012-09-07 13:36 - 2012-09-07 13:36 - 00000000 ____D C:\Users\Taylor\Desktop\downloads2
    2012-09-07 13:36 - 2012-09-07 13:36 - 00000000 ____D C:\Users\Taylor\Desktop\downloads 1


    ==================== 3 Months Modified Files ==================

    2012-10-06 13:30 - 2012-10-06 13:30 - 01456405 ____A (Farbar) C:\Users\Taylor\Desktop\FRST64.exe
    2012-10-06 11:18 - 2012-10-06 08:52 - 00002862 ____A C:\Users\Taylor\Desktop\Rkill.txt
    2012-10-06 11:17 - 2012-10-06 11:17 - 04762471 ____N (Swearware) C:\Users\Taylor\Desktop\explorer.exe
    2012-10-06 08:51 - 2010-11-20 19:47 - 00901380 ____A C:\Windows\PFRO.log
    2012-10-06 08:50 - 2011-11-26 07:00 - 01671018 ____A C:\Windows\WindowsUpdate.log
    2012-10-06 08:49 - 2012-10-06 08:49 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Taylor\Desktop\rkill.exe
    2012-10-06 08:47 - 2011-11-26 07:22 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2504441003-1554018461-1511963873-1000UA.job
    2012-10-06 08:01 - 2011-11-26 07:29 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-10-05 20:22 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-05 20:22 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-05 19:36 - 2012-10-05 19:36 - 00003012 ____A C:\Users\Taylor\Desktop\aswMBR.txt
    2012-10-05 19:36 - 2012-10-05 19:36 - 00000512 ____A C:\Users\Taylor\Desktop\MBR.dat
    2012-10-05 18:30 - 2012-10-05 18:29 - 04731392 ____A (AVAST Software) C:\Users\Taylor\Desktop\aswMBR.exe
    2012-10-05 18:28 - 2012-10-05 18:28 - 00002381 ____A C:\Users\Taylor\Desktop\RKreport[1].txt
    2012-10-05 18:28 - 2012-10-05 18:28 - 00002235 ____A C:\Users\Taylor\Desktop\RKreport[2].txt
    2012-10-05 18:25 - 2012-10-05 18:25 - 01422336 ____A C:\Users\Taylor\Desktop\RogueKiller.exe
    2012-10-05 18:23 - 2012-10-05 18:23 - 02193278 ____A C:\Users\Taylor\Desktop\tdsskiller.zip
    2012-10-05 14:10 - 2011-11-26 07:29 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-10-05 14:10 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-05 14:09 - 2009-07-13 20:51 - 00087601 ____A C:\Windows\setupact.log
    2012-10-05 13:51 - 2012-10-05 13:51 - 00000000 ____A C:\Users\Taylor\Desktop\gmer.log
    2012-10-05 04:18 - 2012-10-05 04:18 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
    2012-10-04 22:10 - 2012-10-04 22:10 - 00001075 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-10-04 21:58 - 2012-10-03 20:41 - 00002081 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-10-04 20:15 - 2012-10-04 20:15 - 00015360 ____A C:\Users\Taylor\AppData\Roaming\1107.exe
    2012-10-04 15:31 - 2012-10-04 15:31 - 00030720 ____A C:\Users\Taylor\kytqetorjans.exe
    2012-10-04 15:31 - 2012-10-04 15:31 - 00030720 ____A C:\Users\Taylor\AppData\Roaming\121A.exe
    2012-10-04 15:30 - 2012-10-04 15:30 - 00030720 ____A C:\Users\Taylor\AppData\Roaming\F40E.exe
    2012-10-04 09:47 - 2011-11-26 07:22 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2504441003-1554018461-1511963873-1000Core.job
    2012-10-04 01:12 - 2012-10-04 01:12 - 00073584 ____A C:\Users\Taylor\AppData\Roaming\37A1.exe
    2012-10-04 01:00 - 2012-10-04 01:00 - 00069496 ____A C:\Users\Taylor\AppData\Roaming\6331.exe
    2012-10-04 00:43 - 2012-10-04 00:43 - 00073584 ____A C:\Users\Taylor\AppData\Roaming\358A.exe
    2012-10-03 23:48 - 2012-10-03 23:48 - 00069496 ____A C:\Users\Taylor\AppData\Roaming\4927.exe
    2012-10-03 23:34 - 2012-10-03 23:34 - 00057232 ____A C:\Users\Taylor\AppData\Roaming\BAAC.exe
    2012-10-03 23:20 - 2012-10-03 23:20 - 00044968 ____A C:\Users\Taylor\AppData\Roaming\9A6F.exe
    2012-10-03 20:41 - 2011-11-26 07:54 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-10-03 20:40 - 2011-11-26 07:44 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-10-03 09:43 - 2012-04-02 00:26 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-10-03 09:43 - 2011-09-13 18:30 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-10-03 09:41 - 2011-11-30 17:34 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
    2012-09-30 06:47 - 2011-11-27 10:57 - 00000166 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-09-27 21:27 - 2011-11-26 07:29 - 00000824 ____A C:\Users\Public\Desktop\CC.lnk
    2012-09-23 21:51 - 2012-01-15 00:24 - 00000132 ____A C:\Users\Taylor\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2012-09-16 14:29 - 2012-09-16 13:46 - 00001781 ____A C:\Windows\disney.ini
    2012-09-15 22:11 - 2009-07-13 21:13 - 00829564 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-13 07:39 - 2012-01-10 02:02 - 00025600 ____A C:\Users\Taylor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-09-12 00:00 - 2011-12-07 13:51 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-09-10 01:55 - 2012-09-10 01:55 - 00001454 ____A C:\Users\Taylor\AppData\Local\recently-used.xbel
    2012-09-07 14:04 - 2011-11-26 07:43 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-08-31 13:55 - 2011-11-26 07:04 - 00064552 ____A C:\Users\Taylor\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-08-31 05:58 - 2012-08-31 05:58 - 00000042 ____A C:\Users\Taylor\Desktop\werwer.txt
    2012-08-24 06:42 - 2012-08-24 06:42 - 00001224 ____A C:\Users\Taylor\Desktop\Spybot - Search & Destroy.lnk
    2012-08-24 03:15 - 2012-09-21 20:24 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 02:39 - 2012-09-21 20:24 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 02:31 - 2012-09-21 20:24 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 02:22 - 2012-09-21 20:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 02:21 - 2012-09-21 20:24 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 02:20 - 2012-09-21 20:24 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 02:18 - 2012-09-21 20:24 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 02:17 - 2012-09-21 20:24 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 02:14 - 2012-09-21 20:24 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 02:14 - 2012-09-21 20:24 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 02:13 - 2012-09-21 20:24 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 02:12 - 2012-09-21 20:24 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 02:11 - 2012-09-21 20:24 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 02:10 - 2012-09-21 20:24 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 02:09 - 2012-09-21 20:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 02:04 - 2012-09-21 20:24 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-23 23:27 - 2012-09-21 20:24 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-23 23:03 - 2012-09-21 20:24 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-23 22:59 - 2012-09-21 20:24 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-23 22:51 - 2012-09-21 20:24 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-23 22:51 - 2012-09-21 20:24 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-23 22:51 - 2012-09-21 20:24 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-23 22:49 - 2012-09-21 20:24 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-23 22:48 - 2012-09-21 20:24 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-23 22:47 - 2012-09-21 20:24 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-23 22:47 - 2012-09-21 20:24 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-23 22:47 - 2012-09-21 20:24 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-23 22:45 - 2012-09-21 20:24 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-23 22:44 - 2012-09-21 20:24 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-23 22:44 - 2012-09-21 20:24 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-23 22:43 - 2012-09-21 20:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-23 22:40 - 2012-09-21 20:24 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-23 16:02 - 2012-08-23 16:02 - 00000285 ____A C:\Windows\EReg072.dat
    2012-08-22 10:19 - 2012-08-22 10:19 - 00002380 ____A C:\Users\Taylor\Documents\MumbleAutomaticCertificateBackup.p12
    2012-08-22 10:12 - 2012-09-11 20:33 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 10:12 - 2012-09-11 20:33 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-08-22 10:12 - 2012-09-11 20:33 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 10:12 - 2012-09-11 20:33 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-21 13:01 - 2012-09-25 21:25 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-08-21 01:13 - 2012-10-03 20:41 - 00969200 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-08-21 01:13 - 2012-10-03 20:41 - 00359464 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-08-21 01:13 - 2012-10-03 20:41 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-08-21 01:13 - 2012-10-03 20:41 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-08-21 01:13 - 2012-10-03 20:41 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2012-08-21 01:13 - 2012-10-03 20:41 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-08-21 01:12 - 2012-10-03 20:41 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
    2012-08-21 01:12 - 2012-10-03 20:41 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-08-21 01:12 - 2011-11-26 07:54 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-08-20 17:20 - 2012-08-20 17:20 - 00000169 ____A C:\Users\Taylor\Documents\builder_known_files.txt
    2012-08-15 08:46 - 2009-07-13 20:45 - 04917416 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-02 09:58 - 2012-09-11 20:33 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-08-02 08:57 - 2012-09-11 20:33 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-08-01 23:33 - 2011-11-26 07:23 - 00002458 ____A C:\Users\Taylor\Desktop\Chrome.lnk
    2012-08-01 22:52 - 2011-09-13 18:33 - 00324816 ____A C:\Windows\DirectX.log
    2012-07-30 17:53 - 2012-07-30 17:08 - 00000676 ____A C:\Users\Taylor\Desktop\smbc_save_data.txt
    2012-07-28 14:33 - 2012-07-28 14:33 - 00001745 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-07-18 10:15 - 2012-08-14 15:54 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-16 03:17 - 2012-07-16 03:17 - 00004140 ____A C:\Users\All Users\mtbjfghn.xbe


    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-10-03 20:40:57
    Restore point made on: 2012-10-05 14:17:08
    Restore point made on: 2012-10-05 20:15:40

    ==================== Memory info ===========================

    Percentage of memory in use: 13%
    Total physical RAM: 8098.52 MB
    Available physical RAM: 6989.34 MB
    Total Pagefile: 8096.71 MB
    Available Pagefile: 6985.66 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ==================== Partitions =============================

    1 Drive c: (OS) (Fixed) (Total:1385.38 GB) (Free:1037.52 GB) NTFS
    2 Drive e: (HP_RECOVERY) (Fixed) (Total:11.78 GB) (Free:1.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive f: (FF2PC-EN) (CDROM) (Total:0.3 GB) (Free:0 GB) CDFS
    5 Drive h: () (Removable) (Total:1.86 GB) (Free:1.56 GB) FAT
    6 Drive x: (Boot) (Fixed) (Total:0.12 GB) (Free:0.12 GB) NTFS
    7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 1397 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 Online 1907 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 1385 GB 101 MB
    Partition 3 Primary 11 GB 1385 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 1385 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E HP_RECOVERY NTFS Partition 11 GB Healthy

    =========================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1907 MB 64 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H FAT Removable 1907 MB Healthy

    =========================================================

    Last Boot: 2012-09-27 22:04

    ==================== End Of Log =============================
  19. Taycat

    Taycat Newcomer, in training Topic Starter Posts: 52

    Search.txt
    Farbar Recovery Scan Tool (x64) Version: 02-10-2012 01
    Ran by SYSTEM at 2012-10-06 17:05:46
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    ====== End Of Search ======
  20. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Looks good :)

    Any current issues?

    ========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  21. Taycat

    Taycat Newcomer, in training Topic Starter Posts: 52

    There was a tiny issue earlier where I found some strange 4 letter [random].exe in my %appdata% folder, but I quickly scanned them and avast called them trojans so they were removed. But since I've done all the steps, it seems my problems are fixed! Will run OTL ASAP and post the logs.
  22. Taycat

    Taycat Newcomer, in training Topic Starter Posts: 52

    OTL.txt

    OTL logfile created on: 10/6/2012 9:51:42 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Taylor\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.91 Gb Total Physical Memory | 5.94 Gb Available Physical Memory | 75.09% Memory free
    15.82 Gb Paging File | 13.78 Gb Available in Paging File | 87.13% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1385.38 Gb Total Space | 1035.42 Gb Free Space | 74.74% Space Free | Partition Type: NTFS
    Drive D: | 11.78 Gb Total Space | 1.44 Gb Free Space | 12.25% Space Free | Partition Type: NTFS
    Drive E: | 311.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: HOME | User Name: Taylor | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/06 21:51:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Taylor\Desktop\OTL.exe
    PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/08/21 04:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/07/23 22:19:23 | 000,565,480 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe
    PRC - [2012/05/05 17:45:00 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012/03/19 06:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012/03/13 05:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Taylor\AppData\Local\Akamai\netsession_win.exe
    PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/08/19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    PRC - [2011/06/09 07:37:18 | 000,264,008 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    PRC - [2011/06/09 07:37:00 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    PRC - [2011/06/09 07:36:34 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    PRC - [2011/05/05 18:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    PRC - [2011/03/28 19:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    PRC - [2011/02/01 02:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2011/02/01 02:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    PRC - [2010/11/20 22:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/23 22:19:23 | 000,565,480 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe
    MOD - [2012/06/13 07:56:52 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/13 07:56:44 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/05/09 20:52:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/09 20:52:07 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/09 20:52:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/09 20:52:04 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/09 20:52:00 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2011/08/22 07:57:20 | 000,534,832 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\Unite\EzVpnSvc.exe -- (EzVpnSvc)
    SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/09/17 06:22:17 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/09/14 13:46:19 | 000,531,280 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/08/29 12:03:36 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/06/26 15:35:20 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
    SRV - [2012/06/20 10:28:03 | 004,145,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
    SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/05/05 17:45:00 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/03/19 06:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/08/19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
    SRV - [2011/06/09 13:23:58 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/06/09 07:37:18 | 000,264,008 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
    SRV - [2011/05/05 18:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
    SRV - [2011/03/28 19:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
    SRV - [2011/02/01 02:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2011/02/01 02:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
    SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/08/21 04:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/08/21 04:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/08/21 04:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/08/21 04:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/08/21 04:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/08/21 04:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/22 05:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
    DRV:64bit: - [2012/01/11 01:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
    DRV:64bit: - [2011/12/16 03:17:55 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/09/13 21:35:04 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
    DRV:64bit: - [2011/09/13 21:14:05 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/09/13 21:14:05 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/08/19 10:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
    DRV:64bit: - [2011/04/26 14:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/04/22 05:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/04/14 12:01:46 | 000,020,888 | ---- | M] (Comodo, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmdatp.sys -- (ATP)
    DRV:64bit: - [2011/01/27 12:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/19 06:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/02/26 19:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/11/06 09:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
    DRV:64bit: - [2009/09/15 13:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
    DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2009/03/06 19:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
    DRV - [2012/09/17 21:07:24 | 000,089,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\AeriaGames\EdenEternal\avital\ussjcs64.sys -- (usj)
    DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2005/01/04 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{7314BB05-1EBB-42D9-AB98-B9ECEAC052B4}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE - HKLM\..\SearchScopes\{7314BB05-1EBB-42D9-AB98-B9ECEAC052B4}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000\..\SearchScopes\{7314BB05-1EBB-42D9-AB98-B9ECEAC052B4}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
    IE - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "Search Shop"
    FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.4
    FF - prefs.js..extensions.enabledAddons: add-to-searchbox@maltekraus.de:2.0
    FF - prefs.js..extensions.enabledAddons: autorefresh@plugin:1.0.2
    FF - prefs.js..extensions.enabledAddons: giorgio@gilestro.tk:1.0.4
    FF - prefs.js..extensions.enabledAddons: quickdrag@mozilla.ktechcomputing.com:2.1.3.23
    FF - prefs.js..extensions.enabledAddons: searchloadoptions@esteban.torres:0.6.3
    FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3
    FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8
    FF - prefs.js..extensions.enabledAddons: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.9.81
    FF - prefs.js..extensions.enabledAddons: {7b1bf0b6-a1b9-42b0-b75d-252036438bdc}:4.0
    FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.6
    FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.3
    FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@comodo.com/EasyvpnLvn: C:\Program Files\COMODO\Unite\npEasyVpnLVN.dll (COMODO)
    FF - HKLM\Software\MozillaPlugins\@comodo.com/EasyvpnRdp: C:\Program Files\COMODO\Unite\NpRdpView.dll ( )
    FF - HKLM\Software\MozillaPlugins\@comodo.com/EasyvpnVnc: C:\Program Files\COMODO\Unite\NpVncView.dll ( )
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@vizzed.com/VizzedRGR: C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Taylor\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Taylor\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Taylor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/20 02:19:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/10/03 23:41:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/17 06:22:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/17 06:22:18 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/12/22 10:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Extensions
    [2012/10/03 14:10:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions
    [2012/08/01 02:25:32 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
    [2012/09/17 20:48:06 | 000,000,000 | ---D | M] (Youtube High Definition) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}
    [2012/08/21 19:59:23 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
    [2012/10/03 14:10:13 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2012/09/15 13:28:54 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\ich@maltegoetz.de
    [2012/06/21 07:13:43 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\adblockpopups@jessehakanen.net.xpi
    [2012/07/17 06:04:11 | 000,025,781 | ---- | M] () (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\add-to-searchbox@maltekraus.de.xpi
    [2011/12/22 12:11:02 | 000,148,816 | ---- | M] () (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\autofillForms@blueimp.net.xpi
    [2012/07/15 22:46:21 | 000,036,763 | ---- | M] () (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\autorefresh@plugin.xpi
    [2012/07/06 08:32:24 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\elemhidehelper@adblockplus.org.xpi
    [2012/09/12 18:00:17 | 000,082,490 | ---- | M] () (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\giorgio@gilestro.tk.xpi
    [2012/08/10 23:16:03 | 000,659,570 | ---- | M] () (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\jid0-0PGffAcVvhUBieFYkRVVc5w6lIU@jetpack.xpi
    [2012/07/17 06:03:24 | 000,032,381 | ---- | M] () (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\quickdrag@mozilla.ktechcomputing.com.xpi
    [2012/07/17 06:04:29 | 000,018,838 | ---- | M] () (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\searchloadoptions@esteban.torres.xpi
    [2011/12/22 12:11:02 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\youtube2mp3@mondayx.de.xpi
    [2011/12/22 12:11:02 | 000,242,709 | ---- | M] () (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
    [2012/07/07 12:19:49 | 000,164,885 | ---- | M] () (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}.xpi
    [2012/09/26 19:28:56 | 000,529,316 | ---- | M] () (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2012/07/10 12:29:43 | 000,177,357 | ---- | M] () (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
    [2012/07/24 17:05:12 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012/01/23 04:12:57 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
    [2012/07/20 17:05:13 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
    [2012/10/03 14:10:13 | 000,257,937 | ---- | M] () (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
    [2012/07/17 06:06:26 | 000,001,773 | ---- | M] () -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\mw24vz1z.default\searchplugins\search-shop.xml
    [2012/09/17 19:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/09/17 19:02:56 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
    [2012/09/17 06:22:18 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/17 06:22:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/09/17 06:22:09 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
  23. Taycat

    Taycat Newcomer, in training Topic Starter Posts: 52

    ...continued

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Taylor\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Taylor\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Taylor\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\npwebsitelogon.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Vizzed Retro Game Room Plugin (Enabled) = C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll
    CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\Taylor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: Smooth Scroll up and down = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\agogmgfohokgmpiendjpnapecmdlmccg\1.0_0\
    CHR - Extension: Flash render quality = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbkhhhlbomjpenealmjakmfmlgnbimep\0.10.1.10_0\
    CHR - Extension: Missing e = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid\2.13.1_0\
    CHR - Extension: YouTube Options for Google Chrome\u2122 = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.81_0\
    CHR - Extension: WOT = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.1_0\
    CHR - Extension: YouTube = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Adblock Plus (Beta) = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
    CHR - Extension: Google Search = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: YouTube to MP3 = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajdnhmdgikmjbcggoihnbmnnkbmljlg\0.0.3_0\
    CHR - Extension: Search by Image (by Google) = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.3.0_0\
    CHR - Extension: Nightlife = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpfkbndloiljngcmkidohlpcmioelkl\0.1_0\
    CHR - Extension: Eye Dropper = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka\0.2.6_0\
    CHR - Extension: avast! WebRep = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
    CHR - Extension: Tumblr Reblog Yourself = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jejbghkomhclcokokkldimnofgcmbcpo\0.3.2_0\
    CHR - Extension: Website Logon = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\
    CHR - Extension: Tumblr Follow Cost = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\khdmegpjogelgemeedbhmhhcfclkminb\1.0_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Tumblr: dashboard links, new tabs = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdcnaoabgicidfbhacmlpngmbcefcnan\1.0_0\
    CHR - Extension: Gmail = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
    O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000..\Run: [AdobeBridge] File not found
    O4 - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000..\Run: [Akamai NetSession Interface] C:\Users\Taylor\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    O4 - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
    O4 - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000..\Run: [PlayNC Launcher] File not found
    O4 - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000..\Run: [puush] C:\Program Files (x86)\puush\puush.exe ()
    O4 - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - Startup: C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O9 - Extra Button: Turn Off the Lights - {493fb0d5-a2ea-4528-9fcf-4e2cfb61cbde} - C:\Program Files (x86)\Stefan vd\Turn Off the Lights IE Extension\lights.html ()
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2504441003-1554018461-1511963873-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {00BC5049-C7F3-4AC9-92AE-1991C76608B0} http://tr.nopp.co.kr/Data/ActiveX/TRLauncher.cab (TRLauncher Control)
    O16 - DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} http://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab (DownStarter2 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {F30E6BE6-F620-4DD7-B67C-47920AEC2F4E} http://tr.nopp.co.kr/Data/ActiveX/systeminfo.cab (SystemInfo Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EC96254-66ED-4A20-AD6C-5B3CB8FADA58}: DhcpNameServer = 10.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA922B1A-25C6-45F7-98EE-A229E7B3197F}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Swearware)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Swearware)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/02/25 13:27:12 | 000,000,016 | R--- | M] () - E:\AUTOPLAY.BAT -- [ CDFS ]
    O32 - AutoRun File - [2008/02/25 13:27:28 | 000,000,055 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/06 21:51:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Taylor\Desktop\OTL.exe
    [2012/10/06 19:39:44 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/10/06 17:36:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/10/06 16:30:27 | 001,456,405 | ---- | C] (Farbar) -- C:\Users\Taylor\Desktop\FRST64.exe
    [2012/10/06 14:18:26 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/10/06 14:17:32 | 004,762,471 | ---- | C] (Swearware) -- C:\Users\Taylor\Desktop\explorer.exe
    [2012/10/06 11:52:16 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Desktop\rkill
    [2012/10/06 11:49:20 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Taylor\Desktop\rkill.exe
    [2012/10/05 23:23:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/05 23:23:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/05 23:23:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/05 23:23:53 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/05 23:23:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/05 21:29:57 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Taylor\Desktop\aswMBR.exe
    [2012/10/05 21:28:10 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Desktop\RK_Quarantine
    [2012/10/05 21:23:32 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Desktop\tdsskiller
    [2012/10/04 03:41:23 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Documents\Iterra
    [2012/10/03 23:41:48 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/10/03 23:41:48 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/10/03 23:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/10/03 23:41:46 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/10/03 23:41:45 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/10/03 23:41:43 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/10/03 23:41:36 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/10/03 23:41:08 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/10/03 23:41:07 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/10/03 18:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio
    [2012/10/03 18:48:43 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\Windows\SysNative\CamCodec.dll
    [2012/10/03 18:48:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio 2.6b
    [2012/09/29 20:32:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
    [2012/09/17 20:43:53 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Local\Aeria Games
    [2012/09/17 20:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
    [2012/09/17 20:11:38 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
    [2012/09/17 20:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
    [2012/09/17 20:08:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
    [2012/09/17 19:11:55 | 000,000,000 | ---D | C] -- C:\AeriaGames
    [2012/09/16 16:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\Disney Interactive
    [2012/09/15 23:02:25 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Tor Browser
    [2012/09/14 21:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
    [2012/09/14 21:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
    [2012/09/14 21:07:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PopCap Games
    [2012/09/13 10:37:25 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Local\{134C09C3-7A4C-4219-A447-8B1B1847AB91}
    [2012/09/11 04:09:22 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Desktop\Plants vs. Zombies
    [2012/09/10 04:59:38 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Desktop\NEW SPRITES
    [2012/09/07 16:38:37 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Desktop\downloads 3
    [2012/09/07 16:36:30 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Desktop\downloads2
    [2012/09/07 16:36:17 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Desktop\downloads 1
    [2012/07/08 19:57:28 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Taylor\tdsskiller.exe
    [2012/05/21 18:03:07 | 007,878,008 | ---- | C] (Microsoft Corporation) -- C:\Users\Taylor\Xbox360_64Eng.exe
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/06 21:51:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Taylor\Desktop\OTL.exe
    [2012/10/06 21:47:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2504441003-1554018461-1511963873-1000UA.job
    [2012/10/06 21:01:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/06 20:29:21 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
    [2012/10/06 17:45:12 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/06 17:45:12 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/06 17:40:36 | 000,826,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/06 17:40:36 | 000,693,284 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/06 17:40:36 | 000,133,898 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/06 17:36:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/06 17:35:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/06 17:35:27 | 2073,964,543 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/06 16:30:29 | 001,456,405 | ---- | M] (Farbar) -- C:\Users\Taylor\Desktop\FRST64.exe
    [2012/10/06 14:17:36 | 004,762,471 | ---- | M] (Swearware) -- C:\Users\Taylor\Desktop\explorer.exe
    [2012/10/06 11:49:23 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Taylor\Desktop\rkill.exe
    [2012/10/05 22:36:18 | 000,000,512 | ---- | M] () -- C:\Users\Taylor\Desktop\MBR.dat
    [2012/10/05 21:30:03 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Taylor\Desktop\aswMBR.exe
    [2012/10/05 21:25:49 | 001,422,336 | ---- | M] () -- C:\Users\Taylor\Desktop\RogueKiller.exe
    [2012/10/05 21:23:23 | 002,193,278 | ---- | M] () -- C:\Users\Taylor\Desktop\tdsskiller.zip
    [2012/10/05 07:18:52 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat
    [2012/10/05 01:10:19 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/05 00:58:17 | 000,002,081 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/10/04 18:31:04 | 000,030,720 | ---- | M] () -- C:\Users\Taylor\kytqetorjans.exe
    [2012/10/04 12:47:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2504441003-1554018461-1511963873-1000Core.job
    [2012/10/03 23:41:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/10/03 23:40:18 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/09/28 00:27:02 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CC.lnk
    [2012/09/24 00:51:44 | 000,000,132 | ---- | M] () -- C:\Users\Taylor\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2012/09/20 18:39:58 | 001,484,624 | ---- | M] () -- C:\Users\Taylor\Desktop\DuckTales Music (NES) - The Moon Theme - from YouTube by Offliberty.mp3
    [2012/09/16 17:29:35 | 000,001,781 | ---- | M] () -- C:\Windows\disney.ini
    [2012/09/15 17:38:15 | 004,207,210 | ---- | M] () -- C:\Users\Taylor\Desktop\Skrillex - Scary Monsters And Nice Sprites (Live Dubstep Cover by Pinn Panelle) - from YouTube by Offliberty.mp3
    [2012/09/13 10:39:36 | 000,025,600 | ---- | M] () -- C:\Users\Taylor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/09/12 04:07:34 | 000,025,160 | ---- | M] () -- C:\Users\Taylor\Desktop\trolls-1.png
    [2012/09/10 04:55:52 | 000,001,454 | ---- | M] () -- C:\Users\Taylor\AppData\Local\recently-used.xbel
    [2012/09/10 02:54:18 | 000,038,107 | ---- | M] () -- C:\Users\Taylor\Desktop\sauria.gif
    [2012/09/10 02:53:53 | 000,029,211 | ---- | M] () -- C:\Users\Taylor\Desktop\octana.gif
    [2012/09/10 02:53:43 | 000,064,915 | ---- | M] () -- C:\Users\Taylor\Desktop\artoni.gif
    [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/10/05 23:23:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/05 23:23:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/05 23:23:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/05 23:23:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/05 23:23:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/05 22:36:18 | 000,000,512 | ---- | C] () -- C:\Users\Taylor\Desktop\MBR.dat
    [2012/10/05 21:25:47 | 001,422,336 | ---- | C] () -- C:\Users\Taylor\Desktop\RogueKiller.exe
    [2012/10/05 21:23:17 | 002,193,278 | ---- | C] () -- C:\Users\Taylor\Desktop\tdsskiller.zip
    [2012/10/05 07:18:52 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
    [2012/10/05 01:10:19 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/04 18:31:16 | 000,030,720 | ---- | C] () -- C:\Users\Taylor\kytqetorjans.exe
    [2012/10/03 23:41:48 | 000,002,081 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/09/20 18:39:44 | 001,484,624 | ---- | C] () -- C:\Users\Taylor\Desktop\DuckTales Music (NES) - The Moon Theme - from YouTube by Offliberty.mp3
    [2012/09/16 16:46:22 | 000,001,781 | ---- | C] () -- C:\Windows\disney.ini
    [2012/09/15 17:38:05 | 004,207,210 | ---- | C] () -- C:\Users\Taylor\Desktop\Skrillex - Scary Monsters And Nice Sprites (Live Dubstep Cover by Pinn Panelle) - from YouTube by Offliberty.mp3
    [2012/09/12 04:07:33 | 000,025,160 | ---- | C] () -- C:\Users\Taylor\Desktop\trolls-1.png
    [2012/09/10 04:55:52 | 000,001,454 | ---- | C] () -- C:\Users\Taylor\AppData\Local\recently-used.xbel
    [2012/09/10 02:54:17 | 000,038,107 | ---- | C] () -- C:\Users\Taylor\Desktop\sauria.gif
    [2012/09/10 02:53:53 | 000,029,211 | ---- | C] () -- C:\Users\Taylor\Desktop\octana.gif
    [2012/09/10 02:53:43 | 000,064,915 | ---- | C] () -- C:\Users\Taylor\Desktop\artoni.gif
    [2012/08/23 19:02:39 | 000,000,285 | ---- | C] () -- C:\Windows\EReg072.dat
    [2012/07/16 06:17:24 | 000,004,140 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
    [2012/05/28 17:51:55 | 000,000,132 | ---- | C] () -- C:\Users\Taylor\AppData\Roaming\Adobe PNG Format CS6 Prefs
    [2012/05/26 09:46:19 | 001,756,578 | ---- | C] () -- C:\Users\Taylor\HA HAHA HA.mp3
    [2012/05/20 03:16:51 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
    [2012/05/12 22:36:58 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2012/04/21 02:03:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\ColorSet.ini
    [2012/04/05 23:59:35 | 000,000,017 | ---- | C] () -- C:\Users\Taylor\AppData\Local\resmon.resmoncfg
    [2012/04/01 22:04:30 | 000,508,190 | ---- | C] () -- C:\Users\Taylor\MMMWATCHASAAAYYY.mp3
    [2012/02/27 23:12:11 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
    [2012/02/06 17:04:06 | 000,000,132 | ---- | C] () -- C:\Users\Taylor\AppData\Roaming\Adobe GIF Format CS5 Prefs
    [2012/01/15 03:24:23 | 000,000,132 | ---- | C] () -- C:\Users\Taylor\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2012/01/14 12:31:19 | 000,000,043 | ---- | C] () -- C:\Users\Taylor\.gtk-bookmarks
    [2012/01/10 05:02:35 | 000,025,600 | ---- | C] () -- C:\Users\Taylor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/12/27 05:35:01 | 000,001,016 | ---- | C] () -- C:\Users\Taylor\Auto Clicker.lnk
    [2011/12/19 01:21:26 | 000,283,416 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011/12/19 01:21:20 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2011/12/05 16:42:26 | 2480,366,539 | ---- | C] () -- C:\Users\Taylor\MabinogiSetup95R.exe
    [2011/12/01 16:50:03 | 000,003,284 | ---- | C] () -- C:\Users\Taylor\AppData\Roaming\ANIWZCS{6A6ED24E-A18D-4FF4-A80C-489FE515F9E6}
    [2011/12/01 16:47:18 | 000,000,258 | ---- | C] () -- C:\Users\Taylor\AppData\Roaming\ANICONFIG_{6A6ED24E-A18D-4FF4-A80C-489FE515F9E6}.ini
    [2011/11/26 10:18:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
    [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/09/13 21:35:44 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011
    [2011/09/13 21:14:30 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/09/13 21:14:30 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/09/13 21:14:28 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/08/19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
    [2011/08/19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
    [2011/08/19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
    [2011/06/21 02:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
    [2011/05/31 01:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
    [2011/05/31 01:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
    [2011/02/11 12:15:43 | 000,843,158 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/07/15 01:13:03 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\.techniclauncher
    [2012/07/08 18:48:42 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Audacity
    [2012/03/24 11:59:14 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\avidemux
    [2012/10/04 19:31:55 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\BitTorrent
    [2012/03/27 05:30:00 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Canneverbe Limited
    [2012/07/16 06:17:06 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Carambis
    [2012/08/23 17:48:32 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\CBLoader
    [2012/01/28 22:45:16 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\DAEMON Tools Lite
    [2012/02/05 22:22:45 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\DefendersQuest
    [2011/12/17 15:24:35 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\GameFly
    [2012/06/08 22:29:47 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\GoldSunGames
    [2012/05/14 14:29:49 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\gtk-2.0
    [2012/07/23 22:21:36 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Gyazo
    [2012/06/11 04:11:58 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\IBAGroup
    [2011/12/11 06:25:15 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\LolClient
    [2012/06/11 05:56:17 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Ludia
    [2012/08/04 02:52:03 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Macro Recorder
    [2012/04/06 15:59:07 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\ManyCam
    [2012/08/22 13:25:49 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Mumble
    [2012/08/12 14:57:05 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\NeopleLauncherDFO
    [2012/04/03 16:12:06 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\OpenOffice.org
    [2012/05/13 20:06:17 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Origin
    [2012/02/10 08:07:20 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Publish Providers
    [2012/07/23 22:19:07 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\puush
    [2011/12/23 17:35:53 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Rainmeter
    [2012/01/18 07:12:48 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\RenPy
    [2012/02/22 23:03:49 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\RotMG.Production
    [2012/06/22 09:22:26 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\SEGA
    [2012/08/31 08:58:34 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\SoftGrid Client
    [2012/02/10 08:07:19 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Sony
    [2012/02/10 08:25:37 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Sony Creative Software Inc
    [2012/06/09 01:23:58 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\SulusGames
    [2011/11/26 11:36:53 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\SYSTEMAX Software Development
    [2012/05/26 20:11:40 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\TalesRunner
    [2012/03/14 16:21:49 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\TP
    [2012/08/02 01:53:35 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Trine2
    [2012/05/05 04:00:24 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Unity
    [2011/11/28 22:14:04 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\uTorrent
    [2011/12/17 19:54:21 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Valusoft
    [2012/06/09 04:45:12 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\ViquaSoft

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 251 bytes -> C:\ProgramData\Temp:33384BC0
    @Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:CA8D6B60
    @Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:88AE8AB0
    @Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:A2B3764A
    @Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:C0A2E219
    @Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:D2A5A561
    @Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:56C66609
    @Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:3790BACD
    @Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:22741C1F
    @Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:AE2EA3C2
    @Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:4A966CC2
    @Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:96646EC1
    @Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:B1E64E47
    @Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:3BF63E4A
    @Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:2F93516B
    @Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:439E3411
    @Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:EB5BDBB0
    @Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:073139EC
    @Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:02B823FE
    @Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:5F1019FF
    @Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:B722BCE5
    @Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:417B6FAC
    @Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:D8DB81DC
    @Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:0DFE2AE1
    @Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:BDF08FAF
    @Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:63F8EC77
    @Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:E5DE9C8F
    @Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:393F7B1E
    @Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:0D52F295
    @Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:0860D6D6
    @Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:DF0BC727
    @Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:FC60E0F8
    @Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:6FD26134
    @Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:6BD304B9
    @Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:52E1DB1D
    @Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:A688EF17
    @Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:27C3CD07

    < End of report >
  24. Taycat

    Taycat Newcomer, in training Topic Starter Posts: 52

    Extras.txt

    OTL Extras logfile created on: 10/6/2012 9:51:42 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Taylor\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.91 Gb Total Physical Memory | 5.94 Gb Available Physical Memory | 75.09% Memory free
    15.82 Gb Paging File | 13.78 Gb Available in Paging File | 87.13% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1385.38 Gb Total Space | 1035.42 Gb Free Space | 74.74% Space Free | Partition Type: NTFS
    Drive D: | 11.78 Gb Total Space | 1.44 Gb Free Space | 12.25% Space Free | Partition Type: NTFS
    Drive E: | 311.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: HOME | User Name: Taylor | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2504441003-1554018461-1511963873-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Users\Taylor\PHOTOSHOPCS6\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Users\Taylor\PHOTOSHOPCS6\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{20156F85-3540-46AC-931E-E3807CF25B3A}" = rport=138 | protocol=17 | dir=out | app=system |
    "{25A06BB4-30C6-4DA6-BC76-D09AB69053D7}" = rport=139 | protocol=6 | dir=out | app=system |
    "{2D65E6FD-1B0E-4ADC-9CA6-4669B1CBE9F9}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{440A5534-5EB6-4F64-8979-933BBF0AD921}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{52921696-6C0D-4D2F-8086-56C36263352B}" = rport=137 | protocol=17 | dir=out | app=system |
    "{5EC8D675-EED7-46FB-944A-6405252D9BE4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{61A321ED-0C56-4C4B-9E96-139905968C90}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{689E8D9D-7136-48AD-870A-1B44F449C2E4}" = lport=139 | protocol=6 | dir=in | app=system |
    "{70B6BA53-B530-4C94-BEE7-A996CA801FA7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{7C85EF21-E60F-4B3F-A017-BB50CDDD929B}" = lport=445 | protocol=6 | dir=in | app=system |
    "{9BDF219B-53B9-4136-A320-E728C5A9A43C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A86CC5C8-296A-4B1E-A876-E7CA875E79E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{C9125975-A478-4C53-95D5-57D88406DFCF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CA8AB075-F885-4D74-8479-DC0F39801B76}" = lport=138 | protocol=17 | dir=in | app=system |
    "{D55DD65E-C7A4-4711-8349-95A89D039DEF}" = rport=445 | protocol=6 | dir=out | app=system |
    "{D8A3ACF4-D644-478B-9144-ACB21710BC27}" = lport=137 | protocol=17 | dir=in | app=system |
    "{DA6F23F3-51B0-4BE8-B187-0F4AB2190089}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{DB2D2821-9E81-4512-9BAE-2E96777537FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{DCEE266A-7CCC-407F-8EF9-DCFEEBE9141E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{E7E91809-279C-4973-B914-FD3CB2914A88}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{E8D0CD71-43FE-4851-9C45-FAEBB297A2C7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EC8F4678-6025-42CF-ADEB-39D947561D59}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{F152DC4A-E453-4561-9BC2-8EC5D8352795}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01259F32-2E7D-4DF0-8E1D-2131087203BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eye\eye.exe |
    "{01E74797-B0B6-46C2-89B0-49D0F3505C3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
    "{036FC221-5BF9-4A80-8D4F-D5B9DB5DA498}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
    "{04453DD3-A18D-434A-A548-D5D62A05DCFC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
    "{08B92867-B08E-4346-A7ED-B96D01298A31}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{091D7E29-6E7F-464B-B81E-360A4ADEE90E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
    "{0ADD4FA1-4C55-4DB4-81C7-2B9F9602A033}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
    "{0B09D921-3E84-495B-8768-D729E090F185}" = protocol=17 | dir=in | app=c:\program files\comodo\unite\prtw.exe |
    "{0D560631-1090-42CE-9365-3747448F1845}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{0EE8AFB0-ACB9-4593-A081-2244F5EB3953}" = protocol=6 | dir=in | app=c:\program files\comodo\unite\prtw.exe |
    "{0FB1488B-3958-4B98-B58B-32E6DD01D511}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{1083A766-D252-4A77-8879-0F4453AA98B2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
    "{10D884F5-4C96-40F9-B84B-CFAF5D8F8BE4}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
    "{14ECDD82-B717-41EB-AF32-5A58839CF5C6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{16438668-29AB-4F3B-B861-1028AA3D247C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{16ABACAA-AC90-4268-9582-803A55EDBB03}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
    "{16B1FB39-76BB-4A38-96E9-C7F4B3E448DF}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
    "{1B14CAF1-AA51-4057-97AB-7843E7789A90}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
    "{1CC8C8B4-953F-499C-8683-4FB956037B92}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{2040DE1F-2253-45C4-ACF1-E92783E131AC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dfo\dfo.exe |
    "{2163F5FD-9320-40E9-8451-00779305FBBE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{2370D3F6-E5E3-457A-A1E4-FAC35F757D4B}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
    "{243D58DF-C062-4EC5-856B-6BF0ED8B1E8B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{24FA1A1F-F698-4007-AF75-0BEAC04EC8BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{257D8BFA-9A87-4BC5-AA55-884957EA11CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
    "{264E05AD-BEB4-4A03-A0A0-3F190E2FADA6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
    "{27231FC1-90DB-4420-9E7A-053AEB2C551E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
    "{277D0B3E-B3C0-4D1B-8AF3-76C76ACB104C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite v2 demo\bin\sniperelitev2demo.exe |
    "{2B057B6E-15D3-4243-997C-BA5E0E5CD46A}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
    "{2CE27B0E-6CBB-4714-ABEA-BC9337D0086D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{2EA619F5-178A-4CBC-AA3F-316501CB446F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dfo\nxsteam.exe |
    "{32BF8269-A608-4F73-BCDD-FC27CB23BF7C}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "{335404CA-DDFA-4DFD-9B26-2ED3BEB0EA0A}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
    "{36D4E534-FC50-4AD0-A775-3878251755E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
    "{37B17C47-A0CD-4992-9395-37D6E643C8B4}" = protocol=6 | dir=in | app=c:\users\taylor\appdata\local\akamai\netsession_win.exe |
    "{38866F77-F4F1-486B-9DF5-7138DAC0B46B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe |
    "{38E1E7ED-AC59-4C62-9332-FD2EA7CE0A3C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{39429476-EE0C-4698-ADBA-A27001B4C637}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3B2A8E09-A74F-4C53-86BF-DC49879FC82C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xiyamae\source sdk base\hl2.exe |
    "{3CE4D04C-78FC-459E-8A51-D83284C30949}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{3FC42F7E-8E04-479C-8F08-CA3151E6A3F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
    "{41EAE368-B06A-4D6B-BD13-F8C9F50F5574}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{420902C1-941C-4F83-B818-5DE38D139F87}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rusty hearts\clientlauncher.exe |
    "{47288910-CFD1-4598-A28E-95C5145644BC}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
    "{4AA2FF36-6CA1-4052-8156-9987154CCA97}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{4B2C675F-047D-4CA9-A18E-AAF1152A6932}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{4B4C392A-F232-4FE7-B3E6-147CA51CDCCF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
    "{4C180508-800E-4F25-AF89-7DB8123B896F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xiyamae\source sdk base\hl2.exe |
    "{4D39A1D5-C5EA-4EA9-8DCD-CBC94D6F1298}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
    "{4FDE364A-B5C7-4688-98D1-FB364FF40017}" = protocol=6 | dir=in | app=c:\users\taylor\appdata\local\temp\_nowcdn_\nowdownloader.exe |
    "{50BF4C3D-0E67-44F1-9888-6947031FA25B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dfo\dfo.exe |
    "{50E700E6-F43D-4550-9603-0CF4A4285F67}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{52E54315-D606-4331-8199-6B43437C4884}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{532DF8B0-3766-4369-832E-F32EDBDC816F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{54BA26E0-660D-4C58-AF2E-B7A726B09BDC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{55DE09DF-1938-41B4-BC98-5E22EE62DEF6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
    "{55E376F3-CC81-41FE-853F-6412FF972EC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
    "{59C30F58-E2B2-49A2-8A83-8C0298D17C61}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{5C162FF3-113F-42F3-88CF-978C83B33195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5CDCFCB6-4088-42EF-B864-FB1431191FF2}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
    "{5D542D0B-9A47-45D0-BA9D-DBADC8ECF7A4}" = protocol=6 | dir=out | app=system |
    "{5DD2E3D9-1656-4955-868D-C110A39D19B1}" = protocol=17 | dir=in | app=c:\program files (x86)\boxgame\talesrunner\trgame.exe |
    "{63836EF3-9B0A-4C91-A00E-2EF5E344007D}" = protocol=6 | dir=in | app=c:\program files\comodo\unite\crdphappshare.exe |
    "{6417D0DE-4641-4331-A8F9-B4179B00513C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rusty hearts\clientlauncher.exe |
    "{6966BDE3-8D8E-4AAC-973A-0A1562C4C2C9}" = dir=in | app=c:\users\taylor\appdata\local\temp\_nowcdn_\downenginesdk_rhaon_talesrunner.dll |
    "{6A3578BA-4E7F-42C0-A725-EB8027AE80F5}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
    "{6AC928DD-65F7-4AEC-9B4D-7749F141543C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{6D3E75AF-4393-4D3D-A484-2AD0CFAD7849}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
    "{6EB6339C-19D7-45D0-A0A9-FDAD96DF25CB}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
    "{704834C3-B5DC-48C5-82C6-19B688DB2440}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{70F484A7-3D21-48A4-9725-14411F49AA6C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
    "{7293EC41-88FE-439C-A22E-874462D97531}" = protocol=17 | dir=in | app=c:\program files\comodo\unite\ezvpnsvc.exe |
    "{765A554C-740A-4923-8417-013642752486}" = protocol=6 | dir=in | app=c:\program files\comodo\unite\crdphservice.exe |
    "{79E895D6-FA81-4B91-9D3F-2C887C83EA0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe |
    "{7AD41CBF-F75C-4EFA-B9F7-127378015326}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
    "{821FFBEC-2BE3-4AF9-BDAB-62BC9B6394F1}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "{8612086B-E532-43AC-97F2-B053FA8CD494}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{896C4B2C-5BA8-4202-8E8A-368CA011541E}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
    "{8B1D4F75-7018-4636-810C-60A5207BDE19}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{8B408917-6D21-46D8-9E4D-C60ED7849EB2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{8BA99C35-4534-41F3-B90A-CC13D79F64B2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
    "{8C7E7ECA-D285-4E39-A19D-8F9FC0F372F9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{8D82812D-16DD-4638-9FCD-099AA85FCD06}" = protocol=17 | dir=in | app=c:\users\taylor\appdata\local\temp\_nowcdn_\nowdownloader.exe |
    "{8DB254C5-D5C2-4FE1-A3B6-4172547FA632}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite v2 demo\bin\sniperelitev2demo.exe |
    "{90F9B1F4-5B48-46F4-ADDE-04B2BC6CF923}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
    "{914D7DF3-2DB8-49C5-96D5-C436F0509792}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{94E8294B-13D3-4512-8F14-AAFBB94E8993}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{9740EC49-8341-47F3-944F-CB4E02B9A473}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
    "{99914174-2C07-4181-86F0-233560198E75}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
    "{9AB72635-614F-4FEC-AFD7-A18F8CEF8760}" = protocol=17 | dir=in | app=c:\program files\comodo\unite\crdphservice.exe |
    "{9E1FCBA7-9CE6-4FE9-A1B7-E19396F8C0A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{9E354818-B572-4303-81F9-EEC192BD7168}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{9EED7A77-9F93-47A1-95A0-562D0E27366F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
    "{9F8B3229-E8B0-46BA-AC2A-5F5ACE419093}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{9FB2805B-7D81-493C-AFA2-B498C70366E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
    "{A1EC9460-CEB9-4B4A-A4FE-5B24A8A9AF3E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xiyamae\team fortress 2 beta\hl2.exe |
    "{A373AF5F-95BE-4F59-A5C4-E30B6EC47984}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
    "{A52B5140-F7D8-4F3F-BADE-CEB94164DAE1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A56BC600-61DD-4B25-9C52-932B23EE6BD7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{A97693B3-C343-4437-A02C-389929831CC8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{AA470FBC-EB30-45A3-9DA7-4469B4FC65F6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{AAF852F0-A799-4B57-A153-4FFE847F79A2}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
    "{AC14D2B4-85F0-4238-920E-035DF7685D52}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{AE5899B3-E35A-4B11-BEED-585025FCD95E}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
    "{AF3C90D4-0C3F-46A0-A880-2494AFC45148}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
    "{B107493E-151C-4FAA-AC5E-BBCA94C2756A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{B424CB12-E853-422D-90FF-A605AB48822A}" = protocol=58 | dir=in | app=system |
    "{B43FDB7C-509A-4DEF-AF41-3798A33354FB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{B45A0D24-6583-42B5-83F7-014974A9488A}" = protocol=6 | dir=in | app=c:\program files\comodo\unite\unitecam.exe |
    "{B97ACD0B-5E06-44A2-8A16-CA5203A513B2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eye\eye.exe |
    "{BAAF7133-5C9B-4370-A6F9-51BC53A5488A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dfo\nxsteam.exe |
    "{BBDD88D0-3275-4926-97DA-4AA1DFE9B791}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
    "{BC3A6E63-6001-4973-8E3F-6329B0F1DEC1}" = protocol=17 | dir=in | app=c:\program files\comodo\unite\crdphappshare.exe |
    "{BD45EB41-B6F0-4D3F-A0D9-A8E0DFE2C24B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe |
    "{BECB5C51-C72A-43DD-9311-77A610FC0596}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
    "{C32B5EF2-047E-4478-BE48-83E80D793A1E}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{C355628A-E861-4E47-81A5-330F94FBC812}" = protocol=17 | dir=in | app=c:\program files\comodo\unite\unite.exe |
    "{C44DA381-480F-45AE-822B-76F2E5BAF3A6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{C4BFEBCF-B3FF-4115-8271-A82D24679D2A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
    "{C68A3BAB-ADC8-4C5B-A1CE-68DEA66E8300}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
    "{CA65F27E-F6B3-45C8-95E9-C56F823C94AB}" = protocol=6 | dir=in | app=c:\program files\comodo\unite\ezvpnsvc.exe |
    "{CD11DA06-81FA-4D6D-BC09-2B915DD5606D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
    "{D0EFC387-E2C3-4ACD-982B-BFA393392D19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
    "{D703E0AE-3D0A-4063-8305-0BB0DAC1EA57}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
    "{D7762BB7-FB4F-4404-B569-479A641769FF}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{DB1F2909-FEB2-4532-B30C-430ED56B8D8D}" = protocol=6 | dir=in | app=c:\program files\comodo\unite\unite.exe |
    "{DC1ABC2F-F862-421C-9A2F-E2FC2B2AAD55}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
    "{DCAF620E-EF1D-4E1B-A5C1-D0C9AF98B445}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{DCFE3AED-BE5B-451D-A221-914DB4F95C19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
    "{E7213931-953D-4E6F-9790-024B5BBED06F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
    "{E7880D14-BDE2-451C-BD04-665DB4D77793}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8E4E188-0187-48D7-A986-3D65211753C3}" = protocol=17 | dir=in | app=c:\program files\comodo\unite\unitecam.exe |
    "{E9103C0A-9E91-4A49-940B-6839A102B682}" = protocol=17 | dir=in | app=c:\users\taylor\appdata\local\akamai\netsession_win.exe |
    "{E9DF0CAB-9416-4337-9785-8CB414359E7D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xiyamae\team fortress 2 beta\hl2.exe |
    "{E9FD77A0-908A-40B4-9813-013480763708}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{EA8C44CD-1A3A-4B07-94E5-A6A95A2087C0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{ECD49E18-1106-4B0A-BB10-662286548A62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe |
    "{EF6A6E93-5863-4352-AB7E-8CA46CC7AFC4}" = protocol=6 | dir=in | app=c:\program files (x86)\boxgame\talesrunner\trgame.exe |
    "{F0E02AD5-6EBC-4BD9-A429-A043089211ED}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{F1A243A9-97A1-437B-BEAC-D4B126122054}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F2FB2C50-60CF-434C-B923-06EF7ACB86EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{F401BDFF-E772-47CA-AB91-3017D121D44D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{F70D508B-DE65-4379-9F17-BE8F6257994F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
    "{FBCB0DEE-E433-40B4-8016-5D61553E3927}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
    "{FC61E1F0-E6BD-4F38-B6C7-9A9EC6F553B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{FD09B902-8D72-432A-AB7F-C839CCC11AE6}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
    "{FFEABB8A-A1A6-4D7F-8E0B-189A8FFF941C}" = dir=out | app=c:\users\taylor\appdata\local\temp\_nowcdn_\downenginesdk_rhaon_talesrunner.dll |
    "TCP Query User{0D485F41-58B7-4C77-8648-97029B1854F0}C:\users\taylor\desktop\qualitygunz28.1\qualitygunz\gunz.exe" = protocol=6 | dir=in | app=c:\users\taylor\desktop\qualitygunz28.1\qualitygunz\gunz.exe |
    "TCP Query User{14F0B91B-3144-4E6E-B63F-210EAB129A9A}C:\users\taylor\desktop\inter flyff v17-18\inter flyff v17-18\itak.exe" = protocol=6 | dir=in | app=c:\users\taylor\desktop\inter flyff v17-18\inter flyff v17-18\itak.exe |
    "TCP Query User{177F4D71-69E5-4777-A74A-148C1201418E}C:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe |
    "TCP Query User{1A6E0375-D04E-4EBA-BA06-5DA795CCD28A}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
    "TCP Query User{255FEAF2-A324-470F-A4AA-0BB03C600693}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
    "TCP Query User{2635F0BC-257D-40D6-B930-45411111C99A}C:\program files (x86)\boxgame\talesrunner\trgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\boxgame\talesrunner\trgame.exe |
    "TCP Query User{30770C65-B6C7-43A8-A82E-34C827987AFD}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
    "TCP Query User{47BA9DF2-3D4B-46A3-95A7-0DF0149B719F}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "TCP Query User{561ACA92-AB95-4129-9B2D-8A17BFD87DFB}C:\program files (x86)\steam\steamapps\common\dfo\dfo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dfo\dfo.exe |
    "TCP Query User{5E91B318-D2F6-4C1D-8620-B2C9CA59CC85}C:\program files (x86)\steam\steamapps\xiyamae\team fortress 2 beta\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xiyamae\team fortress 2 beta\hl2.exe |
    "TCP Query User{63900401-335E-4C5F-B5A0-44E6E232BD23}C:\users\taylor\desktop\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\users\taylor\desktop\rockstar games\grand theft auto iv\gtaiv.exe |
    "TCP Query User{8C196D5C-BCCF-4A42-8A3B-BA3D8F1BF761}C:\program files (x86)\ogplanet\zone4\zone4_na.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\zone4\zone4_na.exe |
    "TCP Query User{99D9F260-BEAA-4097-93D6-D57E17D799D0}C:\program files (x86)\steam\steamapps\xiyamae\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xiyamae\source sdk base\hl2.exe |
    "TCP Query User{9C6AFBDD-8940-4104-90CF-1569E6802A6B}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
    "TCP Query User{A318BF8F-1730-4F0B-BC97-1DD91682C3BC}C:\users\taylor\appdata\local\temp\_nowcdn_\nowdownloader.exe" = protocol=6 | dir=in | app=c:\users\taylor\appdata\local\temp\_nowcdn_\nowdownloader.exe |
    "TCP Query User{B18C65C0-5459-4646-8C16-04C6A7C1B781}C:\program files (x86)\steam\steamapps\xiyamae\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xiyamae\team fortress 2\hl2.exe |
    "TCP Query User{B6F9681A-3365-48F3-848D-4DE6CC71B5A5}C:\program files (x86)\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe |
    "TCP Query User{C6D7E828-B470-4661-ADF8-81C896BEA0EA}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "TCP Query User{CEB8F612-6CA3-41FC-BF03-8BD0B5F1AE43}C:\users\taylor\documents\gamefly\games\thq\saints row 2\sr2_pc.exe" = protocol=6 | dir=in | app=c:\users\taylor\documents\gamefly\games\thq\saints row 2\sr2_pc.exe |
    "TCP Query User{CF0BF68A-E28C-4B1C-BC4F-E42990CDA5C9}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
    "TCP Query User{FA1FF150-5E8C-4869-B2D5-CF9E9962C95D}C:\users\taylor\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\taylor\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{0B215E5F-579B-47D5-9DD4-0507081D69DC}C:\users\taylor\appdata\local\temp\_nowcdn_\nowdownloader.exe" = protocol=17 | dir=in | app=c:\users\taylor\appdata\local\temp\_nowcdn_\nowdownloader.exe |
    "UDP Query User{1FE7A819-DA0B-4CDC-BA59-0D9E4BAD13AD}C:\program files (x86)\steam\steamapps\xiyamae\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xiyamae\source sdk base\hl2.exe |
    "UDP Query User{22218F4E-E8EF-4935-B0C5-08E98C6E2B58}C:\program files (x86)\steam\steamapps\xiyamae\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xiyamae\team fortress 2\hl2.exe |
    "UDP Query User{2C9A3746-CB77-4E50-886D-42CDEAEC96E9}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
    "UDP Query User{661EB43B-F1DC-4D9C-AAA5-CEF04BE4E7C0}C:\program files (x86)\boxgame\talesrunner\trgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\boxgame\talesrunner\trgame.exe |
    "UDP Query User{6DA04E54-A476-4A37-AD64-8C0455C17F3F}C:\program files (x86)\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe |
    "UDP Query User{7B738217-48B8-4B95-B49B-1CEC87107EA3}C:\users\taylor\desktop\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\users\taylor\desktop\rockstar games\grand theft auto iv\gtaiv.exe |
    "UDP Query User{82B05563-7EEF-458F-B4B0-352CA8D3E663}C:\users\taylor\documents\gamefly\games\thq\saints row 2\sr2_pc.exe" = protocol=17 | dir=in | app=c:\users\taylor\documents\gamefly\games\thq\saints row 2\sr2_pc.exe |
    "UDP Query User{859C5D19-A659-4161-94EB-7519394464F9}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
    "UDP Query User{889BCBD3-87C7-405F-8F42-24886D7464DD}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
    "UDP Query User{95B8C887-B41B-4E87-9EB6-6643F3DD5068}C:\program files (x86)\steam\steamapps\xiyamae\team fortress 2 beta\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xiyamae\team fortress 2 beta\hl2.exe |
    "UDP Query User{A3C88DC0-8E78-4F8F-AE3A-A605E742A191}C:\program files (x86)\steam\steamapps\common\dfo\dfo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dfo\dfo.exe |
    "UDP Query User{B4783030-6D9E-4F1B-ACA7-E65670965185}C:\users\taylor\desktop\inter flyff v17-18\inter flyff v17-18\itak.exe" = protocol=17 | dir=in | app=c:\users\taylor\desktop\inter flyff v17-18\inter flyff v17-18\itak.exe |
    "UDP Query User{BA7685E4-F18B-4671-B9BE-B064F4E2F33F}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{BAD863D5-9D42-4282-9773-0F0610ED9545}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
    "UDP Query User{BCF8C30D-C586-4B87-89A6-0280C46652AD}C:\users\taylor\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\taylor\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{BD0AB26A-7B85-4FC5-8236-9B84C9BD3863}C:\users\taylor\desktop\qualitygunz28.1\qualitygunz\gunz.exe" = protocol=17 | dir=in | app=c:\users\taylor\desktop\qualitygunz28.1\qualitygunz\gunz.exe |
    "UDP Query User{E84C7CBD-C0A1-4731-8ED8-9EA3040D7D54}C:\program files (x86)\ogplanet\zone4\zone4_na.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\zone4\zone4_na.exe |
    "UDP Query User{EA8A1D33-C329-4FFB-A29B-121479B027F7}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
    "UDP Query User{EC503B57-20B4-49D6-B60F-E97D1FA64153}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "UDP Query User{FDF1495F-FC41-49CC-978E-606B61B33C41}C:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe |
  25. Taycat

    Taycat Newcomer, in training Topic Starter Posts: 52

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{33C19CDE-E935-11E0-A0DA-F04DA23A5C58}" = MSVCRT Redists
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
    "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F527D3F1-57DF-43B5-A570-ADED61CE8C06}" = COMODO Unite
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "CCleaner" = CCleaner
    "Defraggler" = Defraggler
    "Explorer Suite_is1" = Explorer Suite III
    "GIMP-2_is1" = GIMP 2.8.2
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}" = HP SimplePass PE 2011
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{24E34264-D483-477C-A9A0-4E53F69834CF}" = Façade
    "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34681D92-5958-406A-A654-1B57E7A7B3DC}" = HP Support Assistant
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime
    "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{4213401F-F796-C80F-652F-7B7CC8D956A2}" = Defender's Quest
    "{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
    "{53527E6C-D448-944C-C927-5D04EA99AA9F}" = GameFly
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
    "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
    "{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
    "{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{815928D4-B230-40C7-AEEF-FCC3DC4B3C59}" = Aeria Ignite
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.3.7
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
    "{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
    "{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
    "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
    "{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1" = Auto Clicker v1.1
    "{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
    "{C3592426-531E-4110-911D-BFECE2CE284B}" = puush
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DB3147AB-4024-4773-8EC0-A1FE5B44933D}" = HP LinkUp
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE19F3DA-1A2C-4D93-B017-2820597430D7}" = Vizzed Retro Game Room
    "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
    "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ECE53F21-5528-4DC5-AA9D-A0D1BFB5EB31}_is1" = Turn Off the Lights IE Extension version 1.0.1
    "{ED23E382-E5E3-4E21-B616-01FC59A40916}" = OpenOffice.org 3.3
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}" = The Sims Complete Collection
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "Å×ÀÏÁî·±³Ê" = Å×ÀÏÁî·±³Ê
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Aeria Ignite" = Aeria Ignite
    "Aeria Ignite 1.10.1721" = Aeria Ignite
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
    "avast" = avast! Free Antivirus
    "Avidemux 2.5 (64-bit)" = Avidemux 2.5
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "BFG-Burger Bustle" = Burger Bustle
    "BFG-Burger Bustle - Ellie's Organics" = Burger Bustle: Ellie's Organics
    "BFG-Busy Bea's Halftime Hustle" = Busy Bea's Halftime Hustle
    "BFGC" = Big Fish Games: Game Manager
    "BFG-Cake Mania - Lights, Camera, Action" = Cake Mania: Lights, Camera, Action!
    "BFG-Cake Mania - To the Max" = Cake Mania: To the Max
    "BFG-Cake Mania 3" = Cake Mania 3
    "BFG-Cake Mania Main Street" = Cake Mania Main Street
    "BFG-Club Control 2" = Club Control 2
    "BFG-Coffee Rush" = Coffee Rush
    "BFG-Cooking Dash" = Cooking Dash
    "BFG-Cooking Dash - DinerTown Studios" = Cooking Dash: DinerTown Studios
    "BFG-Cooking Dash 3 - Thrills and Spills Collector's Edition" = Cooking Dash 3: Thrills and Spills Collector's Edition
    "BFG-Daycare Nightmare - Mini-Monsters" = Daycare Nightmare: Mini-Monsters
    "BFG-Diner Dash - Flo Through Time" = Diner Dash: Flo Through Time
    "BFG-Diner Dash - Hometown Hero" = Diner Dash: Hometown Hero
    "BFG-Diner Dash 5 - Boom Collectors Edition" = Diner Dash 5: Boom Collector's Edition
    "BFG-DQ Tycoon" = DQ Tycoon
    "BFG-Dress Up Rush" = Dress Up Rush
    "BFG-Fashion Boutique" = Fashion Boutique
    "BFG-Fitness Dash" = Fitness Dash
    "BFG-Garden Dash" = Garden Dash
    "BFG-Hells Kitchen" = Hell's Kitchen
    "BFG-Kitchen Brigade" = Kitchen Brigade
    "BFG-Lovely Kitchen" = Lovely Kitchen
    "BFG-Megaplex Madness - Now Playing" = Megaplex Madness: Now Playing ™
    "BFG-Megaplex Madness - Summer Blockbuster" = Megaplex Madness: Summer Blockbuster
    "BFG-Megastore Madness" = Megastore Madness
    "BFG-Nanny Mania" = Nanny Mania
    "BFG-Nanny Mania 2 - Goes to Hollywood" = Nanny Mania 2: Goes to Hollywood
    "BFG-Pets Fun House" = Pets Fun House
    "BFG-Shop It Up!" = Shop It Up!
    "BFG-Shop-n-Spree" = Shop-n-Spree
    "BFG-Shop-N-Spree Family Fortune" = Shop-N-Spree: Family Fortune
    "BFG-Supermarket Management" = Supermarket Management
    "BFG-Supermarket Mania" = Supermarket Mania
    "BFG-Wendy's Wellness" = Wendy's Wellness
    "BitTorrent" = BitTorrent
    "Celestia Luna Online Alpha" = Celestia Luna Online Alpha 1.1
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "DefendersQuest" = Defender's Quest
    "DFO" = DFOLauncher
    "Diner Dash 3 - Flo On The Go" = Diner Dash 3 - Flo On The Go
    "DivX Setup" = DivX Setup
    "DragonNest" = DragonNest
    "Eden Eternal" = Eden Eternal
    "Feeding Frenzy 2 Deluxe 1.0" = Feeding Frenzy 2 Deluxe 1.0
    "ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
    "Fraps" = Fraps (remove only)
    "Game Booster_is1" = Game Booster 3
    "GameFly" = GameFly
    "Hot Dish 2 - Cross Country Cook-Off" = Hot Dish 2 - Cross Country Cook-Off
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "Katawa Shoujo" = Katawa Shoujo
    "Kobo" = Kobo
    "LAME for Audacity_is1" = LAME v3.98.3 for Audacity
    "LogMeIn Hamachi" = LogMeIn Hamachi
    "Mabinogi" = Mabinogi
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "ManyCam" = ManyCam 3.0.62 (remove only)
    "MapleStory" = MapleStory
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "OGPlanet Game Launcher US" = OGPlanet Game Launcher
    "OpenAL" = OpenAL
    "Origin" = Origin
    "pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
    "PDF Complete" = PDF Complete Special Edition
    "Pesterchum" = PESTERCHUM
    "PlayPets - 101 Kitty Pets" = PlayPets - 101 Kitty Pets
    "Prince of Persia The Sands of Time" = Prince of Persia The Sands of Time
    "PunkBusterSvc" = PunkBuster Services
    "Rainmeter" = Rainmeter
    "Saints Row 2" = Saints Row 2
    "Steam App 105600" = Terraria
    "Steam App 113200" = The Binding of Isaac
    "Steam App 200210" = Realm of the Mad God
    "Steam App 210470" = Sniper Elite V2 Demo
    "Steam App 212220" = Dungeon Fighter Online
    "Steam App 215" = Source SDK Base 2006
    "Steam App 24200" = DC Universe Online
    "Steam App 35720" = Trine 2
    "Steam App 39000" = Moonbase Alpha
    "Steam App 440" = Team Fortress 2
    "Steam App 500" = Left 4 Dead
    "Steam App 520" = Team Fortress 2 Beta
    "Steam App 550" = Left 4 Dead 2
    "Steam App 99900" = Spiral Knights
    "TeamViewer 7" = TeamViewer 7
    "Theme Park World" = SimTheme Park
    "TS3 Install Helper Monkey" = TS3 Install Helper Monkey
    "VIP Access SDK" = VIP Access SDK (1.0.1.4)
    "VLC media player" = VLC media player 2.0.1
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WTA-02e2c404-139f-4145-ac6d-082bf82b4e55" = Penguins!
    "WTA-0bcca74a-4034-42c7-a7ef-21de20d3f26c" = Mah Jong Medley
    "WTA-20d617f7-5a97-418d-a678-6bed3ea8bcbf" = Cake Mania
    "WTA-22d0b4c0-2c9e-4d80-9918-4931aa6513dd" = Chuzzle Deluxe
    "WTA-2a71bdee-4b12-46c0-a010-d68728ca5a6a" = Polar Golfer
    "WTA-2fcb4575-fa3e-460a-846b-8de86a90e0e9" = Blackhawk Striker 2
    "WTA-3cb40ca2-8a95-4c54-b592-f5aeed1370c0" = Bounce Symphony
    "WTA-4ecd9278-d56f-41c1-881b-f6b382a205e2" = Polar Bowler
    "WTA-61582674-3be4-47a7-9750-bf2f19b0d898" = Vacation Quest - The Hawaiian Islands
    "WTA-64429e73-2dad-417d-b445-2f86fcc8a3d2" = Plants vs. Zombies - Game of the Year
    "WTA-6dca7e4a-febe-4941-8c79-0979ed9c4029" = Agatha Christie - Peril at End House
    "WTA-918058f4-157b-4075-bcf8-4bef6a8d73b3" = Jewel Quest: The Sleepless Star - Collector's Edition
    "WTA-acfc3741-69ff-415d-abb0-ed866b7be7db" = Namco All-Stars: PAC-MAN
    "WTA-b5e5d971-3ff5-4155-ab3c-a54c22aeef67" = Mystery of Mortlake Mansion
    "WTA-bd67679c-93bf-443d-aa33-86f0523e76cb" = Cradle of Rome 2
    "WTA-bd9767aa-73c6-4820-b059-a61545fbbb49" = Poker Superstars III
    "WTA-c805e18f-3e9b-4303-ab70-fdb4726bc68a" = Farm Frenzy
    "WTA-cd3dfd9b-d059-4da0-9864-5f1090ea0a8b" = Bejeweled 3
    "WTA-d4766c96-5fd8-4e8e-86a6-a8f85f04a1ec" = Blasterball 3
    "WTA-dc07a2b9-6b72-45f0-af6b-3e4f56c21d43" = Slingo Supreme
    "WTA-de5923cf-b30a-4c49-a18a-30f59c56be05" = Virtual Villagers 5 - New Believers
    "WTA-e20f001a-ead9-498e-b62e-5eb0a4001def" = FATE
    "WTA-ed5f7b81-8006-430b-98ad-ac6ac830d835" = Governor of Poker 2 Premium Edition
    "WTA-f7ac44b0-1bab-4255-8989-13e75b7f4a52" = Zuma Deluxe
    "WTA-f9f72ecc-da60-41e1-8f9e-fa6c4e9be40c" = Chronicles of Albian
    "ZinioReader4" = Zinio Reader 4

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2504441003-1554018461-1511963873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "2a7a433177cfa3a6" = Macro Recorder
    "Akamai" = Akamai NetSession Interface
    "Google Chrome" = Google Chrome
    "NCsoft-Aion" = Aion
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/20/2012 3:05:37 AM | Computer Name = Home | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 9/20/2012 11:02:58 AM | Computer Name = Home | Source = PerfNet | ID = 2004
    Description =

    Error - 9/20/2012 11:04:48 AM | Computer Name = Home | Source = MsiInstaller | ID = 11310
    Description =

    Error - 9/20/2012 11:05:12 AM | Computer Name = Home | Source = MsiInstaller | ID = 11310
    Description =

    Error - 9/20/2012 12:38:19 PM | Computer Name = Home | Source = Application Error | ID = 1000
    Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
    0x5047fbf4 Faulting module name: studiorender.dll, version: 0.0.0.0, time stamp:
    0x504e3242 Exception code: 0xc0000005 Fault offset: 0x00002bea Faulting process id:
    0x17f8 Faulting application start time: 0x01cd97477dea3f58 Faulting application path:
    c:\program files (x86)\steam\steamapps\xiyamae\team fortress 2\hl2.exe Faulting
    module path: c:\program files (x86)\steam\steamapps\xiyamae\team fortress 2\bin\studiorender.dll
    Report
    Id: 94e61661-0341-11e2-b00c-3860774c4e64

    Error - 9/20/2012 5:43:55 PM | Computer Name = Home | Source = MsiInstaller | ID = 11310
    Description =

    Error - 9/20/2012 5:44:19 PM | Computer Name = Home | Source = MsiInstaller | ID = 11310
    Description =

    Error - 9/20/2012 10:06:59 PM | Computer Name = Home | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 9/20/2012 10:45:04 PM | Computer Name = Home | Source = MsiInstaller | ID = 11310
    Description =

    Error - 9/20/2012 10:45:47 PM | Computer Name = Home | Source = MsiInstaller | ID = 11310
    Description =

    [ Hewlett-Packard Events ]
    Error - 7/22/2012 10:45:51 AM | Computer Name = Home | Source = HPSF.exe | ID = 4000
    Description =

    [ System Events ]
    Error - 10/6/2012 5:28:11 PM | Computer Name = Home | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 10/6/2012 5:28:11 PM | Computer Name = Home | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Provider
    Host service which failed to start because of the following error: %%1068

    Error - 10/6/2012 5:28:13 PM | Computer Name = Home | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 10/6/2012 5:28:13 PM | Computer Name = Home | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 10/6/2012 5:28:13 PM | Computer Name = Home | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 10/6/2012 5:30:35 PM | Computer Name = Home | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR2.

    Error - 10/6/2012 5:30:36 PM | Computer Name = Home | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR2.

    Error - 10/6/2012 6:36:20 PM | Computer Name = Home | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Hi-Rez
    Studios Authenticate and Update Service service to connect.

    Error - 10/6/2012 6:37:27 PM | Computer Name = Home | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
    Live ID Sign-in Assistant service to connect.

    Error - 10/6/2012 6:37:27 PM | Computer Name = Home | Source = Service Control Manager | ID = 7000
    Description = The Windows Live ID Sign-in Assistant service failed to start due
    to the following error: %%1053


    < End of report >


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.