Svchost.exe - help me Broni

Solved
By Fenixink
Oct 14, 2012
  1. Earlier today my system which had been periodically getting the BSOD, dumped and started to BSOD at login except in safe mode. I looked up lots of solutions and found this:
    http://www.techspot.com/community/topics/svchost-exe-trojan-removal.186099/

    I was following the directions on here and meeting with a great deal of success until I finished with aswMBR and noticed that the OTL section contained a custom fix that would not work for me. I resolved to sign up and start my own thread (I should have done this in the first place but did not want to be a bother if it was unnecessary). I then read the rule about not following any of the solutions on here unless they were given for you, so I apologize in advance for my mistake. TDSSKiller did uncover an infection and solve it but I want to be certain to complete the cleanup so the infection does not return.

    Here are my logs:
    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.13.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Fenixink :: FENIXINK-PC [administrator]

    Protection: Disabled

    10/13/2012 8:49:49 PM
    mbam-log-2012-10-13 (20-49-49).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 232180
    Time elapsed: 6 minute(s), 52 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    DDS (Ver_2012-10-14.05) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
    Run by Fenixink at 21:12:41 on 2012-10-13
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4091.2340 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    C:\Users\Fenixink\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\notepad.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Users\Fenixink\Desktop\xey5tpcr.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = my.daemon-search.com
    uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll
    BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll
    uRun: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
    uRun: [AdobeBridge] <no file>
    mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    mRun: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    StartupFolder: C:\Users\Fenixink\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Psi.lnk - C:\Program Files (x86)\Psi\Psi.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMMAT~1.LNK - C:\Program Files\MagicTune Premium\GammaTray.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
    IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{57B72277-21FC-4840-86B7-DC7AF27F66B0} : DHCPNameServer = 7.254.254.254
    TCP: Interfaces\{BD4BA26B-2CF6-4576-AEC6-5F18A50A9EF0} : DHCPNameServer = 75.75.75.75 75.75.76.76
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} -
    x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    x64-Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [MagicTuneEngine] C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
    FF - component: C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\FFExternalAlert.dll
    FF - component: C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\RadioWMPCore.dll
    FF - component: C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\Fenixink\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Fenixink\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Fenixink\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll
    FF - plugin: C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
    FF - plugin: C:\Users\Fenixink\AppData\Roaming\raidcall\plugins\nprcplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - ExtSQL: 2012-09-22 09:07; 505de2389df5a@505de2389df93.com; C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\extensions\505de2389df5a@505de2389df93.com
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2009-10-9 22568]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0502020.003\symds64.sys [2012-7-16 450680]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0502020.003\symefa64.sys [2012-7-16 912504]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121009.001\IDSviA64.sys [2012-10-9 513184]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0502020.003\symnets.sys [2012-7-16 386168]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-5 236544]
    R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-1-29 219360]
    R2 Marvell RAID;Marvell RAID Event Agent;C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [2009-10-5 151552]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-13 399432]
    R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-9-7 202048]
    R2 MRUWebService;MRU Web Service;C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2009-4-8 24635]
    R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2012-4-5 11174400]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2012-4-5 343040]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
    R3 DAdderFltr;DeathAdder Mouse;C:\Windows\System32\drivers\dadder.sys [2007-8-2 12672]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-9-25 73728]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-9-25 178688]
    R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-6-9 31232]
    R3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]
    S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-10-1 1385120]
    S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0502020.003\ironx64.sys [2012-7-16 171128]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 LicCtrlService;LicCtrl Service;C:\Windows\Runservice.exe [2010-4-18 2560]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-13 676936]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
    S3 danewFltr;NewDeathAdder Mouse;C:\Windows\System32\drivers\danew.sys [2011-11-30 12032]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-2-28 1315592]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-20 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
    S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-13 25928]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2010-2-11 56832]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-6 129976]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-1-29 239616]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-5 59392]
    S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-6-9 738152]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
    S3 VKbms;Razer Gaming Device;C:\Windows\System32\drivers\VKbms.sys [2011-11-30 13312]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-27 1255736]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
    S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
    .
    =============== File Associations ===============
    .
    FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2012-10-14 04:08:25 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D54C3C46-C965-4235-8BA5-1C4C354F067C}\mpengine.dll
    2012-10-14 03:44:18 -------- d-----w- C:\Users\Fenixink\AppData\Local\{A06FADE3-A1A1-4E0A-92EF-906A3AA60828}
    2012-10-14 00:43:09 -------- d-----w- C:\Users\Fenixink\AppData\Roaming\Malwarebytes
    2012-10-14 00:41:33 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-10-14 00:41:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-10-14 00:41:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-14 00:23:20 972192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BDA1E53B-2CB1-49FE-A87D-24892A34EBE6}\gapaengine.dll
    2012-10-14 00:22:22 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-10-14 00:22:15 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-10-13 23:52:00 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-10-06 23:08:16 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
    2012-10-06 23:08:01 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
    2012-10-06 23:08:01 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
    2012-10-06 23:08:01 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-10-06 23:08:01 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-10-05 15:13:28 -------- d-----w- C:\Users\Fenixink\AppData\Local\{9EEA60C4-F350-48B7-90B0-654BF02E03EE}
    2012-10-04 03:16:23 -------- d-----w- C:\Users\Fenixink\AppData\Local\{614328AD-62DE-46B2-9548-42EC17A8E864}
    2012-10-03 15:16:13 -------- d-----w- C:\Users\Fenixink\AppData\Local\{B3BDEF3B-6CAC-4EEF-BB3C-59923111467D}
    2012-10-02 01:39:57 -------- d-----w- C:\Users\Fenixink\AppData\Local\{F11098C4-10B3-49BC-BAA7-DC5A962F6F74}
    2012-09-28 05:29:24 -------- d-----w- C:\Program Files (x86)\GoldWave
    2012-09-26 15:24:20 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
    2012-09-25 14:17:51 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-09-25 14:17:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-09-25 14:17:50 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-09-25 14:17:50 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-09-25 14:17:50 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-09-25 14:06:56 395776 ----a-w- C:\Windows\System32\webio.dll
    2012-09-25 14:06:56 314880 ----a-w- C:\Windows\SysWow64\webio.dll
    2012-09-25 14:06:55 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-09-25 14:06:55 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-09-25 14:06:55 1572864 ----a-w- C:\Windows\System32\quartz.dll
    2012-09-25 14:06:55 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
    2012-09-25 14:06:51 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2012-09-25 14:06:50 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-09-25 14:06:50 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
    2012-09-25 14:06:50 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    2012-09-25 14:06:50 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2012-09-25 14:06:47 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-09-25 14:06:46 956928 ----a-w- C:\Windows\System32\localspl.dll
    2012-09-25 14:03:37 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2012-09-25 14:03:37 634880 ----a-w- C:\Windows\System32\msvcrt.dll
    2012-09-25 14:03:30 1731920 ----a-w- C:\Windows\System32\ntdll.dll
    2012-09-25 14:03:30 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2012-09-25 14:03:28 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2012-09-25 14:01:54 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-09-25 14:01:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-09-25 14:01:51 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-09-25 13:59:47 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-09-25 13:59:47 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-09-23 18:46:24 -------- d-----w- C:\ProgramData\Curse Client
    2012-09-22 16:05:04 -------- d-----w- C:\ProgramData\Premium
    2012-09-22 16:03:47 -------- d-----w- C:\Users\Fenixink\AppData\Roaming\SendSpace
    2012-09-22 16:03:05 -------- d-----w- C:\ProgramData\InstallMate
    2012-09-21 23:16:49 -------- d-----w- C:\Program Files (x86)\MDickie
    2012-09-21 20:36:52 -------- d-----w- C:\Users\Fenixink\AppData\Local\{A02F49ED-3B63-48BD-A06E-A095E556A9DD}
    2012-09-21 20:02:22 -------- d-----w- C:\Users\Fenixink\PsiData
    2012-09-21 20:02:08 -------- d-----w- C:\Program Files (x86)\Psi
    2012-09-15 03:36:52 -------- d-----w- C:\ProgramData\REVOLT
    .
    ==================== Find3M ====================
    .
    2012-10-14 03:04:53 1625 --sha-w- C:\Windows\SysWow64\mmf.sys
    2012-09-15 18:13:48 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-09-15 18:13:48 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-09-15 01:39:56 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-09-01 23:24:55 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2012-08-31 05:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2012-08-31 05:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
    2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-08-12 21:19:31 151552 ----a-w- C:\Windows\SysWow64\nvRegDev.dll
    2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
    2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2009-05-15 05:15:24 5719400 ----a-w- C:\Program Files\Common Files\adlmint_libFNP.dll
    2009-05-15 05:15:24 4397928 ----a-w- C:\Program Files\Common Files\adlmint.dll
    .
    ============= FINISH: 21:13:31.09 ===============
  2. Fenixink

    Fenixink Newcomer, in training Topic Starter Posts: 21

    Update: This morning when I checked this topic MBAM quarantined something and WSE asked me to send a record of an unknown object to MS for analysis. After agreeing to both those things words in this post began to highlight and show advertising on mouseover. I closed FF and reopened it (during which FF had to install updates) I checked my plugins for FF after launch and removed CacheViewer, the words no longer highlight.
  3. Broni

    Broni Malware Annihilator Posts: 46,335   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================

    You're running two AV programs, Norton and MSE.
    You must uninstall one of them.
    If Norton use this tool: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

    Then, I still need Attach.txt log from DDS and GMER log.
  4. Fenixink

    Fenixink Newcomer, in training Topic Starter Posts: 21

    Ran Norton Removal Tool before but apparently it wasn't successful (this time it found more Symantec stuff and removed it).
    Here is the contents of Attach.txt (dds.com didn't autorun and when I just clicked start the attach.txt toggle was unchecked).
    No log file for GMER (I turned it on, let it quick scan and then hit save, didn't do a full scan because the directions didn't specifically call for it).

    Here is Attach.txt:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-14.05)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/29/2010 6:58:51 PM
    System Uptime: 10/14/2012 8:54:18 AM (1 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | P55A-UD3
    Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | Socket 1156 | 2661/133mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 699 GiB total, 96.605 GiB free.
    D: is CDROM (CDFS)
    G: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek PCIe GBE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_03\4&1CBEE564&0&00E1
    Manufacturer: Realtek
    Name: Realtek PCIe GBE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_03\4&1CBEE564&0&00E1
    Service: RTL8167
    .
    ==== System Restore Points ===================
    .
    RP406: 10/9/2012 12:01:07 AM - Installed DirectX
    RP407: 10/9/2012 8:23:21 PM - Installed DirectX
    RP408: 10/13/2012 5:03:11 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    7-Zip 4.65 (x64 edition)
    7stacks 1.5 beta 1
    Acrobat.com
    ActiveState Komodo Edit 6.0.3
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe Acrobat 9.3.3 - CPSID_83708
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Anchor Service x64 CS4
    Adobe Asset Services CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe CMaps x64 CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe Creative Suite 4 Design Premium
    Adobe CSI CS4
    Adobe CSI CS4 x64
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dreamweaver CS4
    Adobe Drive CS4
    Adobe Drive CS4 x64
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI en
    Adobe Flash CS4 STI-en
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin 64-bit
    Adobe Fonts All
    Adobe Fonts All x64
    Adobe Illustrator CS4
    Adobe InDesign CS4
    Adobe InDesign CS4 Application Feature Set Files (Roman)
    Adobe InDesign CS4 Common Base Files
    Adobe InDesign CS4 Icon Handler
    Adobe InDesign CS4 Icon Handler x64
    Adobe Linguistics CS4
    Adobe Linguistics CS4 x64
    Adobe Media Encoder CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe PDF Library Files x64 CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 (64 Bit)
    Adobe Photoshop CS4 Support
    Adobe Reader 9.4.5
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe SGM CS4
    Adobe SING CS4
    Adobe Type Support CS4
    Adobe Type Support x64 CS4
    Adobe Update Manager CS4
    Adobe Version Cue CS4 Server
    Adobe WinSoft Linguistics Plugin
    Adobe WinSoft Linguistics Plugin x64
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Age of Conan - Hyborian Adventures
    Alan Wake
    AMD Accelerated Video Transcoding
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Drag and Drop Transcoding
    AMD Media Foundation Decoders
  5. Fenixink

    Fenixink Newcomer, in training Topic Starter Posts: 21

    Any Video Converter 3.3.3
    APB Reloaded
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Aquarius Soft PC Checklists
    Araneae 5.0.0
    Assassin's Creed Revelations
    ATI AVIVO64 Codecs
    ATI Catalyst Registration
    ATI Problem Report Wizard
    Autodesk Backburner 2008.1.3
    Autodesk DirectConnect 2010 (64-bit)
    Autodesk MatchMover 2010 (64-bit)
    Autodesk Toxik 2010 (64-bit)
    AviSynth 2.5
    Bandisoft MPEG-1 Decoder
    Batman Arkham City version 1.0
    BlueJ 3.0.4
    Bonjour
    Browser Configuration Utility
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Clue: Accusations and Alibis
    Connect
    Core Temp 1.0 RC3
    Crystal Reports for Visual Studio
    Curse Client
    CwGet V2.26
    D3DX10
    DC Universe Online
    Dead Space™
    Deus Ex - Human Revolution version 1.0
    Dev-C++ 5 beta 9 release (4.9.9.2)
    DiscJuggler
    Dishonored
    Divinity II - DKS
    Dotfuscator Software Services - Community Edition
    Dragon Age: Origins
    Driver Sweeper 2.1.0
    Dropbox
    Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.11.00.812
    EA Download Manager
    EA SPORTS Game Face Browser Plugin 1.0.0.18
    EVE Isk per Hour 2.1
    EVEMon
    EveNexus
    Fallen Earth
    Fallout New Vegas
    FastPictureViewer WIC Codec Pack 1.65
    ffdshow [rev 2527] [2008-12-19]
    FileZilla Client 3.3.2.1
    FlashDevelop 3.2.1
    Fraps (remove only)
    Game of Thrones
    GameFly
    GamersFirst LIVE!
    GoldWave v5.67
    Google Chrome
    Halite
    Hitman - Blood Money
    Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2736182)
    Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)
    Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2635973)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2736182)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
    HydraVision
    iCloud
    ImTOO DVD Ripper Ultimate
    Internet TV for Windows Media Center
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 16
    Java(TM) 6 Update 23 (64-bit)
    Java(TM) 6 Update 24
    Java(TM) 7 Update 4 (64-bit)
    Java(TM) SE Development Kit 6 Update 23 (64-bit)
    Junk Mail filter update
    KeyTweak - Keyboard Remapper (remove only)
    kuler
    L.A. Noire
    Mafia II
    Magic DVD Ripper V5.5.0
    Magic Online
    Magic Set Editor 2.0.0
    Magic Workstation 0.94f
    MagicDisc 2.7.106
    MagicTunePremium
    Malwarebytes Anti-Malware version 1.65.0.1400
    Marvell MRU V4
    Mass Effect
    MathType 6
    Maya 2010 (64-bit)
    Maya 2010 (64-bit) Documentation (en_US)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Help Viewer 1.1
    Microsoft IntelliType Pro 7.1
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 (64-bit)
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Management Objects (x64)
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft SQL Server Compact 4.0 x64 ENU
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server System CLR Types (x64)
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Sync Framework Services v1.0 SP1 (x64)
    Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    Microsoft Team Foundation Server 2010 Object Model - ENU
    Microsoft Visual C++ Compilers 2010 Standard - enu - x64
    Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual C++ 2010 Express - ENU
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    Microsoft Visual Studio 2010 Office Developer Tools (x64)
    Microsoft Visual Studio 2010 Professional - ENU
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Visual Studio 2010 SharePoint Developer Tools
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Microsoft Visual Studio Macro Tools
    Microsoft WSE 3.0 Runtime
    Microsoft Xbox 360 Accessories 1.2
    Monopoly by Parker Brothers
    MotoHelper 2.0.24 Driver 4.7.1
    MotoHelper MergeModules
    Motorola Mobile Drivers Installation 4.7.1
    Mount&Blade With Fire and Sword
    Mozilla Firefox 16.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NEC Electronics USB 3.0 Host Controller Driver
    Neverwinter Nights
    Neverwinter Nights 2
    Nexon Game Manager
    Nexus Mod Manager
    Notepad++
    NVIDIA Photoshop Plug-ins
    NVIDIA PhysX
    OCTGN
    OpenOffice.org 3.1
    Origin
    Pando Media Booster
    PDF Settings CS4
    PFPortChecker 1.0.32
    Photoshop Camera Raw
    Photoshop Camera Raw_x64
    Pixel Bender Toolkit
    Programmer's Notepad
    Project64 1.6
    Prototype(TM)
    Psi (remove only)
    PSP Video 9 6
    PunkBuster Services
    QuickTime
    RaidCall
    Realtek Ethernet Controller Driver For Windows Vista and Later
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.94
    Rockstar Games Social Club
    Samsung_MonSetup
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2645410)
    Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
    Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)
    Sid Meiers Pirates
    Spelling Dictionaries Support For Adobe Reader 9
    SPORE™
    Spotify
    Sql Server Customer Experience Improvement Program
    Star Wars Empire at War
    Star Wars Empire at War Forces of Corruption
    Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
    StarCraft II
    Steam
    Suite Shared Configuration CS4
    Switch Sound File Converter
    System Requirements Lab
    TeamSpeak 3 Client
    Temple of Elemental Evil
    The Game Of Life by Hasbro
    The Lord of the Rings FREE Trial
    The Secret World
    The Sims Medieval
    The Sims™ 3 Ambitions
    The Walking Dead
    The Witcher 2
    The Witcher 2 Assassins of Kings version 1.0
    The Witcher Enhanced Edition
    Torchlight
    TSLRCM 1.7
    Tunngle beta
    TWC4: Fight!
    Ubisoft Game Launcher
    Unity Web Player
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Vampire - The Masquerade Bloodlines
    Ventrilo Client for Windows x64
    Verizon V CAST Media Manager
    Videora iPad Converter 6
    Visual Studio 2010 Prerequisites - English
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    VLC media player 1.1.1
    Wasteland Cartographer
    WavePad Sound Editor
    WCF RIA Services V1.0 SP1
    Web Deployment Tool
    Windows 7 USB/DVD Download Tool
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Center Add-in for Flash
    Windows Media Player Firefox Plugin
    WinRAR archiver
    WMMA2
    WMMA3
    WMV9/VC-1 Video Playback
    Wrestling MPire 2008 (Management Edition)
    Wrestling Spirit
    Wrestling Spirit 2
    XCOM: Enemy Unknown Demo
    Xfire (remove only)
    Xilisoft DVD Ripper Ultimate
    XPort 360
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/14/2012 8:55:03 AM, Error: Service Control Manager [7000] - The atksgt service failed to start due to the following error: This driver has been blocked from loading
    10/14/2012 8:55:03 AM, Error: Application Popup [875] - Driver atksgt.sys has been blocked from loading.
    10/14/2012 8:51:16 AM, Error: Service Control Manager [7031] - The Norton Security Suite service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/13/2012 8:14:59 PM, Error: Service Control Manager [7034] - The LicCtrl Service service terminated unexpectedly. It has done this 1 time(s).
    10/13/2012 5:52:54 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    10/13/2012 5:51:37 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    10/13/2012 5:51:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/13/2012 5:51:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/13/2012 5:51:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    10/13/2012 5:51:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    10/13/2012 5:51:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/13/2012 5:51:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/13/2012 5:50:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    10/13/2012 5:50:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 CSC DfsC discache eeCtrl IDSVia64 MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr sptd SRTSP SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf
    10/13/2012 5:50:53 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/13/2012 5:50:53 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/13/2012 5:50:53 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    10/13/2012 5:50:53 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/13/2012 5:50:53 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/13/2012 5:50:53 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    10/13/2012 5:50:53 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/13/2012 5:50:53 PM, Error: Service Control Manager [7001] - The MRU Web Service service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/13/2012 5:50:53 PM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    10/13/2012 5:50:53 PM, Error: Service Control Manager [7001] - The Marvell RAID Event Agent service depends on the MRU Web Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/13/2012 5:50:53 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/13/2012 5:50:53 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/13/2012 5:50:53 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/13/2012 5:50:15 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    10/13/2012 4:50:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    10/13/2012 4:50:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    10/13/2012 4:47:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8005726bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101312-42135-01.
    10/13/2012 4:47:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 CSC DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr sptd SRTSP SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf
    10/13/2012 4:21:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    10/13/2012 4:16:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xffffffffffffffd8, 0x0000000000000002, 0x0000000000000000, 0xfffff800036cf67c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101312-38579-01.
    10/13/2012 4:16:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
    10/13/2012 3:55:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa800554ebb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101312-36395-01.
    10/13/2012 3:44:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800036c0405). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101312-65270-01.
    10/13/2012 3:31:14 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa800563dbb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101312-36379-01.
    10/13/2012 10:38:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 SRTSP SymIRON
    10/13/2012 10:37:54 PM, Error: SRTSP [5] -
    10/10/2012 4:03:35 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa80074684e0, 0xfffff88004bac768, 0x0000000000000000, 0x000000000000000d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101012-57345-01.
    .
    ==== End Of File ===========================
  6. Broni

    Broni Malware Annihilator Posts: 46,335   +252

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ===============================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  7. Fenixink

    Fenixink Newcomer, in training Topic Starter Posts: 21

    TDSSKiller
    09:41:52.0503 1068 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    09:41:52.0963 1068 ============================================================
    09:41:52.0963 1068 Current date / time: 2012/10/14 09:41:52.0963
    09:41:52.0963 1068 SystemInfo:
    09:41:52.0963 1068
    09:41:52.0963 1068 OS Version: 6.1.7601 ServicePack: 1.0
    09:41:52.0963 1068 Product type: Workstation
    09:41:52.0963 1068 ComputerName: FENIXINK-PC
    09:41:52.0963 1068 UserName: Fenixink
    09:41:52.0963 1068 Windows directory: C:\Windows
    09:41:52.0963 1068 System windows directory: C:\Windows
    09:41:52.0963 1068 Running under WOW64
    09:41:52.0963 1068 Processor architecture: Intel x64
    09:41:52.0963 1068 Number of processors: 4
    09:41:52.0963 1068 Page size: 0x1000
    09:41:52.0963 1068 Boot type: Normal boot
    09:41:52.0963 1068 ============================================================
    09:41:53.0853 1068 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x17A85, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
    09:41:53.0893 1068 ============================================================
    09:41:53.0893 1068 \Device\Harddisk0\DR0:
    09:41:53.0893 1068 MBR partitions:
    09:41:53.0893 1068 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    09:41:53.0893 1068 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000
    09:41:53.0893 1068 ============================================================
    09:41:53.0923 1068 C: <-> \Device\Harddisk0\DR0\Partition2
    09:41:53.0923 1068 ============================================================
    09:41:53.0923 1068 Initialize success
    09:41:53.0923 1068 ============================================================
    09:42:12.0029 6048 ============================================================
    09:42:12.0029 6048 Scan started
    09:42:12.0029 6048 Mode: Manual;
    09:42:12.0029 6048 ============================================================
    09:42:12.0239 6048 ================ Scan system memory ========================
    09:42:12.0239 6048 System memory - ok
    09:42:12.0239 6048 ================ Scan services =============================
    09:42:12.0369 6048 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    09:42:12.0369 6048 1394ohci - ok
    09:42:12.0419 6048 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    09:42:12.0419 6048 ACPI - ok
    09:42:12.0449 6048 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    09:42:12.0449 6048 AcpiPmi - ok
    09:42:12.0509 6048 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
    09:42:12.0509 6048 adfs - ok
    09:42:12.0599 6048 [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
    09:42:12.0599 6048 Adobe Version Cue CS4 - ok
    09:42:12.0639 6048 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    09:42:12.0639 6048 adp94xx - ok
    09:42:12.0659 6048 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    09:42:12.0659 6048 adpahci - ok
    09:42:12.0669 6048 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    09:42:12.0669 6048 adpu320 - ok
    09:42:12.0689 6048 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    09:42:12.0689 6048 AeLookupSvc - ok
    09:42:12.0729 6048 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    09:42:12.0729 6048 AFD - ok
    09:42:12.0759 6048 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    09:42:12.0759 6048 agp440 - ok
    09:42:12.0769 6048 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    09:42:12.0769 6048 ALG - ok
    09:42:12.0769 6048 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    09:42:12.0779 6048 aliide - ok
    09:42:12.0849 6048 ALSysIO - ok
    09:42:12.0889 6048 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    09:42:12.0889 6048 AMD External Events Utility - ok
    09:42:12.0889 6048 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    09:42:12.0889 6048 amdide - ok
    09:42:12.0899 6048 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    09:42:12.0899 6048 AmdK8 - ok
    09:42:13.0359 6048 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    09:42:13.0399 6048 amdkmdag - ok
    09:42:13.0459 6048 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    09:42:13.0469 6048 amdkmdap - ok
    09:42:13.0509 6048 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    09:42:13.0519 6048 AmdPPM - ok
    09:42:13.0579 6048 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    09:42:13.0579 6048 amdsata - ok
    09:42:13.0629 6048 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    09:42:13.0639 6048 amdsbs - ok
    09:42:13.0659 6048 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    09:42:13.0669 6048 amdxata - ok
    09:42:13.0739 6048 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    09:42:13.0739 6048 AppID - ok
    09:42:13.0809 6048 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    09:42:13.0819 6048 AppIDSvc - ok
    09:42:13.0899 6048 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    09:42:13.0899 6048 Appinfo - ok
    09:42:14.0109 6048 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    09:42:14.0109 6048 Apple Mobile Device - ok
    09:42:14.0219 6048 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    09:42:14.0229 6048 AppMgmt - ok
    09:42:14.0279 6048 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    09:42:14.0289 6048 arc - ok
    09:42:14.0309 6048 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    09:42:14.0309 6048 arcsas - ok
    09:42:14.0479 6048 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    09:42:14.0489 6048 aspnet_state - ok
    09:42:14.0529 6048 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    09:42:14.0529 6048 AsyncMac - ok
    09:42:14.0579 6048 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    09:42:14.0579 6048 atapi - ok
    09:42:14.0649 6048 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
    09:42:14.0659 6048 AtiHDAudioService - ok
    09:42:14.0699 6048 [ D481083348138B4933ACFE95812DB71C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
    09:42:14.0709 6048 AtiHdmiService - ok
    09:42:14.0799 6048 [ 09149D03629A44F4773E621C432D1D89 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
    09:42:14.0859 6048 atksgt - ok
    09:42:14.0969 6048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    09:42:14.0969 6048 AudioEndpointBuilder - ok
    09:42:14.0989 6048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    09:42:14.0999 6048 AudioSrv - ok
    09:42:15.0049 6048 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    09:42:15.0059 6048 AxInstSV - ok
    09:42:15.0149 6048 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    09:42:15.0159 6048 b06bdrv - ok
    09:42:15.0249 6048 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    09:42:15.0259 6048 b57nd60a - ok
    09:42:15.0359 6048 [ F29D375926E36E3A56AF4805C7749302 ] BCUService C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    09:42:15.0359 6048 BCUService - ok
    09:42:15.0409 6048 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    09:42:15.0419 6048 BDESVC - ok
    09:42:15.0489 6048 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    09:42:15.0499 6048 Beep - ok
    09:42:15.0689 6048 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    09:42:15.0689 6048 BFE - ok
    09:42:16.0029 6048 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    09:42:16.0039 6048 BITS - ok
    09:42:16.0069 6048 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    09:42:16.0079 6048 blbdrive - ok
    09:42:16.0329 6048 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    09:42:16.0329 6048 Bonjour Service - ok
    09:42:16.0360 6048 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    09:42:16.0370 6048 bowser - ok
    09:42:16.0370 6048 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    09:42:16.0380 6048 BrFiltLo - ok
    09:42:16.0380 6048 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    09:42:16.0380 6048 BrFiltUp - ok
    09:42:16.0450 6048 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    09:42:16.0450 6048 Browser - ok
    09:42:16.0517 6048 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    09:42:16.0517 6048 Brserid - ok
    09:42:16.0537 6048 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    09:42:16.0537 6048 BrSerWdm - ok
    09:42:16.0557 6048 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    09:42:16.0557 6048 BrUsbMdm - ok
    09:42:16.0577 6048 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    09:42:16.0577 6048 BrUsbSer - ok
    09:42:16.0587 6048 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    09:42:16.0587 6048 BTHMODEM - ok
    09:42:16.0617 6048 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    09:42:16.0617 6048 bthserv - ok
    09:42:16.0637 6048 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    09:42:16.0637 6048 cdfs - ok
    09:42:16.0677 6048 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    09:42:16.0677 6048 cdrom - ok
    09:42:16.0707 6048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    09:42:16.0707 6048 CertPropSvc - ok
    09:42:16.0737 6048 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    09:42:16.0737 6048 circlass - ok
    09:42:16.0757 6048 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    09:42:16.0757 6048 CLFS - ok
    09:42:16.0797 6048 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    09:42:16.0797 6048 clr_optimization_v2.0.50727_32 - ok
    09:42:16.0827 6048 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    09:42:16.0827 6048 clr_optimization_v2.0.50727_64 - ok
    09:42:16.0907 6048 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    09:42:16.0907 6048 clr_optimization_v4.0.30319_32 - ok
    09:42:16.0937 6048 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    09:42:16.0937 6048 clr_optimization_v4.0.30319_64 - ok
    09:42:16.0957 6048 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    09:42:16.0957 6048 CmBatt - ok
    09:42:16.0967 6048 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    09:42:16.0967 6048 cmdide - ok
    09:42:16.0987 6048 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    09:42:16.0987 6048 CNG - ok
    09:42:16.0987 6048 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    09:42:16.0987 6048 Compbatt - ok
    09:42:17.0037 6048 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    09:42:17.0037 6048 CompositeBus - ok
    09:42:17.0047 6048 COMSysApp - ok
    09:42:17.0057 6048 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    09:42:17.0057 6048 crcdisk - ok
    09:42:17.0077 6048 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    09:42:17.0077 6048 CryptSvc - ok
    09:42:17.0117 6048 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
    09:42:17.0117 6048 CSC - ok
    09:42:17.0157 6048 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
    09:42:17.0157 6048 CscService - ok
    09:42:17.0197 6048 [ 5BC67F1EFB6B1D039B151CF7353EC742 ] DAdderFltr C:\Windows\system32\drivers\dadder.sys
    09:42:17.0197 6048 DAdderFltr - ok
    09:42:17.0227 6048 [ 003626F7CA17C204F16CD5047AF0703A ] danewFltr C:\Windows\system32\drivers\danew.sys
    09:42:17.0237 6048 danewFltr - ok
    09:42:17.0337 6048 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    09:42:17.0337 6048 DAUpdaterSvc - ok
    09:42:17.0387 6048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    09:42:17.0387 6048 DcomLaunch - ok
    09:42:17.0407 6048 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    09:42:17.0417 6048 defragsvc - ok
    09:42:17.0447 6048 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    09:42:17.0447 6048 DfsC - ok
    09:42:17.0477 6048 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    09:42:17.0477 6048 Dhcp - ok
    09:42:17.0507 6048 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    09:42:17.0507 6048 discache - ok
    09:42:17.0537 6048 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    09:42:17.0537 6048 Disk - ok
    09:42:17.0567 6048 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    09:42:17.0567 6048 Dnscache - ok
    09:42:17.0597 6048 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    09:42:17.0597 6048 dot3svc - ok
    09:42:17.0627 6048 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    09:42:17.0627 6048 DPS - ok
    09:42:17.0647 6048 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    09:42:17.0647 6048 drmkaud - ok
    09:42:17.0697 6048 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    09:42:17.0707 6048 DXGKrnl - ok
    09:42:17.0717 6048 EagleX64 - ok
    09:42:17.0727 6048 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    09:42:17.0727 6048 EapHost - ok
    09:42:17.0777 6048 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    09:42:17.0807 6048 ebdrv - ok
    09:42:17.0837 6048 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    09:42:17.0837 6048 EFS - ok
    09:42:17.0867 6048 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    09:42:17.0867 6048 ehRecvr - ok
    09:42:17.0897 6048 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    09:42:17.0897 6048 ehSched - ok
    09:42:17.0917 6048 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    09:42:17.0927 6048 elxstor - ok
    09:42:17.0947 6048 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    09:42:17.0947 6048 ErrDev - ok
    09:42:17.0977 6048 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    09:42:17.0987 6048 EventSystem - ok
    09:42:17.0997 6048 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    09:42:17.0997 6048 exfat - ok
    09:42:18.0017 6048 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    09:42:18.0017 6048 fastfat - ok
    09:42:18.0057 6048 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    09:42:18.0057 6048 Fax - ok
    09:42:18.0067 6048 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    09:42:18.0067 6048 fdc - ok
    09:42:18.0087 6048 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    09:42:18.0087 6048 fdPHost - ok
    09:42:18.0087 6048 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    09:42:18.0097 6048 FDResPub - ok
    09:42:18.0097 6048 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    09:42:18.0097 6048 FileInfo - ok
    09:42:18.0107 6048 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    09:42:18.0107 6048 Filetrace - ok
    09:42:18.0167 6048 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    09:42:18.0177 6048 FLEXnet Licensing Service - ok
    09:42:18.0237 6048 [ F1A9C61436E12A637A647870DD6D9EEF ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    09:42:18.0247 6048 FLEXnet Licensing Service 64 - ok
    09:42:18.0247 6048 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    09:42:18.0247 6048 flpydisk - ok
    09:42:18.0287 6048 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    09:42:18.0287 6048 FltMgr - ok
    09:42:18.0327 6048 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    09:42:18.0337 6048 FontCache - ok
    09:42:18.0367 6048 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    09:42:18.0367 6048 FontCache3.0.0.0 - ok
    09:42:18.0377 6048 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    09:42:18.0377 6048 FsDepends - ok
    09:42:18.0407 6048 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
    09:42:18.0407 6048 fssfltr - ok
    09:42:18.0497 6048 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    09:42:18.0507 6048 fsssvc - ok
    09:42:18.0537 6048 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    09:42:18.0537 6048 Fs_Rec - ok
    09:42:18.0567 6048 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    09:42:18.0567 6048 fvevol - ok
    09:42:18.0587 6048 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    09:42:18.0587 6048 gagp30kx - ok
    09:42:18.0587 6048 gdrv - ok
    09:42:18.0617 6048 [ AF4DEE5531395DEE72B35B36C9671FD0 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    09:42:18.0617 6048 GEARAspiWDM - ok
    09:42:18.0657 6048 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    09:42:18.0657 6048 gpsvc - ok
    09:42:18.0667 6048 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    09:42:18.0667 6048 hcw85cir - ok
    09:42:18.0707 6048 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    09:42:18.0717 6048 HdAudAddService - ok
    09:42:18.0747 6048 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    09:42:18.0747 6048 HDAudBus - ok
    09:42:18.0757 6048 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    09:42:18.0757 6048 HidBatt - ok
    09:42:18.0767 6048 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    09:42:18.0767 6048 HidBth - ok
    09:42:18.0777 6048 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    09:42:18.0777 6048 HidIr - ok
    09:42:18.0807 6048 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    09:42:18.0807 6048 hidserv - ok
    09:42:18.0837 6048 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    09:42:18.0837 6048 HidUsb - ok
    09:42:18.0857 6048 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    09:42:18.0867 6048 hkmsvc - ok
    09:42:18.0897 6048 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    09:42:18.0907 6048 HomeGroupListener - ok
    09:42:18.0927 6048 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    09:42:18.0927 6048 HomeGroupProvider - ok
    09:42:18.0947 6048 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    09:42:18.0947 6048 HpSAMD - ok
    09:42:18.0987 6048 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    09:42:18.0997 6048 HTTP - ok
    09:42:19.0017 6048 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    09:42:19.0017 6048 hwpolicy - ok
    09:42:19.0047 6048 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    09:42:19.0047 6048 i8042prt - ok
    09:42:19.0087 6048 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    09:42:19.0087 6048 iaStorV - ok
    09:42:19.0127 6048 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    09:42:19.0127 6048 IDriverT - ok
    09:42:19.0157 6048 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    09:42:19.0157 6048 idsvc - ok
    09:42:19.0167 6048 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    09:42:19.0177 6048 iirsp - ok
    09:42:19.0197 6048 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    09:42:19.0197 6048 IKEEXT - ok
    09:42:19.0277 6048 [ CB7DADEF3D83FE2C12655A0BDCBA99F2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    09:42:19.0287 6048 IntcAzAudAddService - ok
    09:42:19.0297 6048 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    09:42:19.0297 6048 intelide - ok
    09:42:19.0317 6048 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    09:42:19.0317 6048 intelppm - ok
    09:42:19.0347 6048 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    09:42:19.0347 6048 IPBusEnum - ok
    09:42:19.0377 6048 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    09:42:19.0377 6048 IpFilterDriver - ok
    09:42:19.0417 6048 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    09:42:19.0417 6048 iphlpsvc - ok
    09:42:19.0447 6048 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    09:42:19.0447 6048 IPMIDRV - ok
    09:42:19.0457 6048 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    09:42:19.0457 6048 IPNAT - ok
    09:42:19.0497 6048 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    09:42:19.0507 6048 iPod Service - ok
    09:42:19.0517 6048 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    09:42:19.0517 6048 IRENUM - ok
    09:42:19.0537 6048 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    09:42:19.0547 6048 isapnp - ok
    09:42:19.0567 6048 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    09:42:19.0567 6048 iScsiPrt - ok
    09:42:19.0617 6048 [ BD5BF20EC242E003A2F570B8754A56D1 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
    09:42:19.0617 6048 ivusb - ok
    09:42:19.0637 6048 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    09:42:19.0647 6048 kbdclass - ok
    09:42:19.0667 6048 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    09:42:19.0667 6048 kbdhid - ok
    09:42:19.0687 6048 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    09:42:19.0687 6048 KeyIso - ok
    09:42:19.0717 6048 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    09:42:19.0717 6048 KSecDD - ok
    09:42:19.0757 6048 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    09:42:19.0757 6048 KSecPkg - ok
    09:42:19.0767 6048 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    09:42:19.0767 6048 ksthunk - ok
    09:42:19.0787 6048 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    09:42:19.0787 6048 KtmRm - ok
    09:42:19.0827 6048 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    09:42:19.0827 6048 LanmanServer - ok
    09:42:19.0867 6048 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    09:42:19.0867 6048 LanmanWorkstation - ok
    09:42:19.0897 6048 [ 29FAB5363138F6E322F4CD780ED9D337 ] LicCtrlService C:\Windows\runservice.exe
    09:42:19.0897 6048 LicCtrlService - ok
    09:42:19.0947 6048 [ 5EA407821BB3104C31A705175AB4F309 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
    09:42:19.0947 6048 lirsgt - ok
    09:42:19.0967 6048 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    09:42:19.0967 6048 lltdio - ok
    09:42:19.0977 6048 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    09:42:19.0987 6048 lltdsvc - ok
    09:42:19.0997 6048 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    09:42:19.0997 6048 lmhosts - ok
    09:42:20.0017 6048 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    09:42:20.0017 6048 LSI_FC - ok
    09:42:20.0027 6048 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    09:42:20.0027 6048 LSI_SAS - ok
    09:42:20.0027 6048 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    09:42:20.0037 6048 LSI_SAS2 - ok
    09:42:20.0047 6048 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    09:42:20.0047 6048 LSI_SCSI - ok
    09:42:20.0057 6048 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    09:42:20.0057 6048 luafv - ok
    09:42:20.0097 6048 [ B3B7C5F26F3F8C7992350B7EDE64F5C9 ] MagicTune C:\Windows\system32\drivers\MTiCtwl.sys
    09:42:20.0117 6048 MagicTune - ok
    09:42:20.0167 6048 [ 846A29C351FF5CB67C5960E2C21695AF ] Marvell RAID C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
    09:42:20.0197 6048 Marvell RAID - ok
    09:42:20.0237 6048 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    09:42:20.0237 6048 MBAMProtector - ok
    09:42:20.0297 6048 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    09:42:20.0297 6048 MBAMScheduler - ok
    09:42:20.0327 6048 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    09:42:20.0327 6048 MBAMService - ok
    09:42:20.0357 6048 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
    09:42:20.0387 6048 mcdbus - ok
    09:42:20.0407 6048 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    09:42:20.0407 6048 Mcx2Svc - ok
    09:42:20.0427 6048 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    09:42:20.0427 6048 megasas - ok
    09:42:20.0447 6048 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    09:42:20.0447 6048 MegaSR - ok
    09:42:20.0497 6048 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    09:42:20.0497 6048 Microsoft Office Groove Audit Service - ok
    09:42:20.0517 6048 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    09:42:20.0527 6048 MMCSS - ok
    09:42:20.0527 6048 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    09:42:20.0527 6048 Modem - ok
    09:42:20.0557 6048 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    09:42:20.0557 6048 monitor - ok
    09:42:20.0597 6048 [ 124CA6A5A87E310D312CB5199E6FAF92 ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
    09:42:20.0607 6048 MotioninJoyXFilter - ok
    09:42:20.0677 6048 [ 36AC4DECEAE4226A5B5DD038C49658E1 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    09:42:20.0687 6048 MotoHelper - ok
    09:42:20.0697 6048 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    09:42:20.0697 6048 mouclass - ok
    09:42:20.0727 6048 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    09:42:20.0727 6048 mouhid - ok
    09:42:20.0767 6048 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    09:42:20.0767 6048 mountmgr - ok
    09:42:20.0837 6048 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    09:42:20.0837 6048 MozillaMaintenance - ok
    09:42:20.0877 6048 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    09:42:20.0877 6048 MpFilter - ok
    09:42:20.0887 6048 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    09:42:20.0897 6048 mpio - ok
    09:42:20.0917 6048 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    09:42:20.0917 6048 mpsdrv - ok
    09:42:20.0957 6048 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    09:42:20.0957 6048 MpsSvc - ok
    09:42:21.0017 6048 [ 8881574868E648689B7AA88A88716E17 ] MRUWebService C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
    09:42:21.0017 6048 MRUWebService - ok
    09:42:21.0047 6048 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    09:42:21.0047 6048 MRxDAV - ok
    09:42:21.0077 6048 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    09:42:21.0077 6048 mrxsmb - ok
    09:42:21.0107 6048 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    09:42:21.0107 6048 mrxsmb10 - ok
    09:42:21.0117 6048 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    09:42:21.0127 6048 mrxsmb20 - ok
    09:42:21.0157 6048 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    09:42:21.0157 6048 msahci - ok
    09:42:21.0187 6048 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    09:42:21.0187 6048 msdsm - ok
    09:42:21.0197 6048 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    09:42:21.0207 6048 MSDTC - ok
    09:42:21.0217 6048 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    09:42:21.0217 6048 Msfs - ok
    09:42:21.0227 6048 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    09:42:21.0227 6048 mshidkmdf - ok
    09:42:21.0247 6048 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    09:42:21.0247 6048 msisadrv - ok
    09:42:21.0447 6048 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    09:42:21.0447 6048 MSiSCSI - ok
    09:42:21.0457 6048 msiserver - ok
    09:42:21.0477 6048 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    09:42:21.0477 6048 MSKSSRV - ok
    09:42:21.0547 6048 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    09:42:21.0547 6048 MsMpSvc - ok
    09:42:21.0567 6048 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    09:42:21.0567 6048 MSPCLOCK - ok
    09:42:21.0567 6048 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    09:42:21.0577 6048 MSPQM - ok
    09:42:21.0597 6048 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    09:42:21.0597 6048 MsRPC - ok
    09:42:21.0617 6048 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    09:42:21.0617 6048 mssmbios - ok
    09:42:21.0677 6048 MSSQL$SQLEXPRESS - ok
    09:42:21.0727 6048 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
    09:42:21.0727 6048 MSSQLServerADHelper100 - ok
    09:42:21.0727 6048 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    09:42:21.0727 6048 MSTEE - ok
    09:42:21.0737 6048 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    09:42:21.0737 6048 MTConfig - ok
    09:42:21.0747 6048 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    09:42:21.0747 6048 Mup - ok
    09:42:21.0767 6048 [ 6AF2640B5D7202FA0D96467318D4592E ] mv91cons C:\Windows\system32\DRIVERS\mv91cons.sys
    09:42:21.0767 6048 mv91cons - ok
    09:42:21.0807 6048 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    09:42:21.0817 6048 napagent - ok
    09:42:21.0857 6048 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    09:42:21.0857 6048 NativeWifiP - ok
    09:42:21.0907 6048 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    09:42:21.0917 6048 NDIS - ok
    09:42:21.0927 6048 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    09:42:21.0927 6048 NdisCap - ok
    09:42:21.0947 6048 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    09:42:21.0947 6048 NdisTapi - ok
    09:42:21.0977 6048 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    09:42:21.0977 6048 Ndisuio - ok
    09:42:22.0007 6048 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    09:42:22.0007 6048 NdisWan - ok
    09:42:22.0027 6048 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    09:42:22.0027 6048 NDProxy - ok
    09:42:22.0037 6048 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    09:42:22.0037 6048 NetBIOS - ok
    09:42:22.0077 6048 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    09:42:22.0077 6048 NetBT - ok
    09:42:22.0087 6048 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    09:42:22.0087 6048 Netlogon - ok
    09:42:22.0107 6048 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    09:42:22.0107 6048 Netman - ok
    09:42:22.0147 6048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    09:42:22.0147 6048 NetMsmqActivator - ok
    09:42:22.0147 6048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    09:42:22.0147 6048 NetPipeActivator - ok
    09:42:22.0167 6048 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    09:42:22.0177 6048 netprofm - ok
    09:42:22.0177 6048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    09:42:22.0177 6048 NetTcpActivator - ok
    09:42:22.0177 6048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    09:42:22.0177 6048 NetTcpPortSharing - ok
    09:42:22.0197 6048 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    09:42:22.0197 6048 nfrd960 - ok
    09:42:22.0247 6048 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    09:42:22.0247 6048 NisDrv - ok
    09:42:22.0287 6048 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    09:42:22.0297 6048 NisSrv - ok
    09:42:22.0327 6048 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    09:42:22.0327 6048 NlaSvc - ok
    09:42:22.0337 6048 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    09:42:22.0337 6048 Npfs - ok
    09:42:22.0347 6048 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    09:42:22.0358 6048 nsi - ok
    09:42:22.0358 6048 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    09:42:22.0358 6048 nsiproxy - ok
    09:42:22.0408 6048 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    09:42:22.0418 6048 Ntfs - ok
    09:42:22.0438 6048 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    09:42:22.0438 6048 Null - ok
    09:42:22.0448 6048 [ A61B0AF4D6B934928CFD1140DEEA5C8D ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
    09:42:22.0448 6048 nusb3hub - ok
    09:42:22.0458 6048 [ FA4B2F20561BDBCC6B9AC3E3BDCD7E3F ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
  8. Fenixink

    Fenixink Newcomer, in training Topic Starter Posts: 21

    09:42:22.0458 6048 nusb3xhc - ok
    09:42:22.0458 6048 nvlddmkm - ok
    09:42:22.0498 6048 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    09:42:22.0498 6048 nvraid - ok
    09:42:22.0518 6048 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    09:42:22.0518 6048 nvstor - ok
    09:42:22.0548 6048 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    09:42:22.0548 6048 nv_agp - ok
    09:42:22.0608 6048 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    09:42:22.0618 6048 odserv - ok
    09:42:22.0648 6048 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    09:42:22.0648 6048 ohci1394 - ok
    09:42:22.0678 6048 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    09:42:22.0688 6048 ose - ok
    09:42:22.0698 6048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    09:42:22.0698 6048 p2pimsvc - ok
    09:42:22.0718 6048 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    09:42:22.0718 6048 p2psvc - ok
    09:42:22.0748 6048 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    09:42:22.0748 6048 Parport - ok
    09:42:22.0768 6048 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    09:42:22.0768 6048 partmgr - ok
    09:42:22.0778 6048 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    09:42:22.0778 6048 PcaSvc - ok
    09:42:22.0808 6048 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    09:42:22.0808 6048 pci - ok
    09:42:22.0818 6048 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    09:42:22.0828 6048 pciide - ok
    09:42:22.0828 6048 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    09:42:22.0838 6048 pcmcia - ok
    09:42:22.0838 6048 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    09:42:22.0838 6048 pcw - ok
    09:42:22.0858 6048 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    09:42:22.0868 6048 PEAUTH - ok
    09:42:22.0898 6048 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    09:42:22.0908 6048 PeerDistSvc - ok
    09:42:22.0978 6048 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    09:42:22.0988 6048 PerfHost - ok
    09:42:23.0028 6048 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    09:42:23.0038 6048 pla - ok
    09:42:23.0088 6048 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    09:42:23.0088 6048 PlugPlay - ok
    09:42:23.0108 6048 PnkBstrA - ok
    09:42:23.0118 6048 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    09:42:23.0128 6048 PNRPAutoReg - ok
    09:42:23.0128 6048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    09:42:23.0138 6048 PNRPsvc - ok
    09:42:23.0168 6048 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    09:42:23.0168 6048 PolicyAgent - ok
    09:42:23.0198 6048 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    09:42:23.0198 6048 Power - ok
    09:42:23.0238 6048 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    09:42:23.0238 6048 PptpMiniport - ok
    09:42:23.0248 6048 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    09:42:23.0248 6048 Processor - ok
    09:42:23.0268 6048 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    09:42:23.0278 6048 ProfSvc - ok
    09:42:23.0288 6048 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    09:42:23.0288 6048 ProtectedStorage - ok
    09:42:23.0328 6048 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    09:42:23.0328 6048 Psched - ok
    09:42:23.0368 6048 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    09:42:23.0378 6048 ql2300 - ok
    09:42:23.0388 6048 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    09:42:23.0398 6048 ql40xx - ok
    09:42:23.0398 6048 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    09:42:23.0408 6048 QWAVE - ok
    09:42:23.0448 6048 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    09:42:23.0448 6048 QWAVEdrv - ok
    09:42:23.0458 6048 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    09:42:23.0458 6048 RasAcd - ok
    09:42:23.0468 6048 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    09:42:23.0468 6048 RasAgileVpn - ok
    09:42:23.0478 6048 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    09:42:23.0488 6048 RasAuto - ok
    09:42:23.0508 6048 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    09:42:23.0508 6048 Rasl2tp - ok
    09:42:23.0558 6048 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    09:42:23.0558 6048 RasMan - ok
    09:42:23.0568 6048 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    09:42:23.0568 6048 RasPppoe - ok
    09:42:23.0578 6048 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    09:42:23.0578 6048 RasSstp - ok
    09:42:23.0588 6048 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    09:42:23.0588 6048 rdbss - ok
    09:42:23.0598 6048 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    09:42:23.0598 6048 rdpbus - ok
    09:42:23.0618 6048 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    09:42:23.0618 6048 RDPCDD - ok
    09:42:23.0648 6048 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    09:42:23.0648 6048 RDPDR - ok
    09:42:23.0658 6048 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    09:42:23.0658 6048 RDPENCDD - ok
    09:42:23.0658 6048 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    09:42:23.0658 6048 RDPREFMP - ok
    09:42:23.0688 6048 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    09:42:23.0688 6048 RDPWD - ok
    09:42:23.0728 6048 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    09:42:23.0738 6048 rdyboost - ok
    09:42:23.0748 6048 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    09:42:23.0748 6048 RemoteAccess - ok
    09:42:23.0758 6048 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    09:42:23.0768 6048 RemoteRegistry - ok
    09:42:23.0778 6048 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    09:42:23.0778 6048 RpcEptMapper - ok
    09:42:23.0798 6048 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    09:42:23.0798 6048 RpcLocator - ok
    09:42:23.0838 6048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    09:42:23.0838 6048 RpcSs - ok
    09:42:23.0878 6048 [ C9FE05A63C500ABE3AFA5786504C4D36 ] RsFx0105 C:\Windows\system32\DRIVERS\RsFx0105.sys
    09:42:23.0888 6048 RsFx0105 - ok
    09:42:23.0888 6048 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    09:42:23.0888 6048 rspndr - ok
    09:42:23.0918 6048 [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    09:42:23.0918 6048 RTL8167 - ok
    09:42:23.0948 6048 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    09:42:23.0948 6048 s3cap - ok
    09:42:23.0958 6048 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    09:42:23.0958 6048 SamSs - ok
    09:42:23.0988 6048 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    09:42:23.0988 6048 sbp2port - ok
    09:42:23.0998 6048 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    09:42:23.0998 6048 SCardSvr - ok
    09:42:24.0028 6048 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    09:42:24.0028 6048 scfilter - ok
    09:42:24.0048 6048 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    09:42:24.0068 6048 Schedule - ok
    09:42:24.0108 6048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    09:42:24.0108 6048 SCPolicySvc - ok
    09:42:24.0148 6048 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    09:42:24.0148 6048 SDRSVC - ok
    09:42:24.0148 6048 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    09:42:24.0148 6048 secdrv - ok
    09:42:24.0178 6048 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    09:42:24.0178 6048 seclogon - ok
    09:42:24.0188 6048 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    09:42:24.0198 6048 SENS - ok
    09:42:24.0208 6048 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    09:42:24.0208 6048 SensrSvc - ok
    09:42:24.0218 6048 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    09:42:24.0218 6048 Serenum - ok
    09:42:24.0238 6048 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    09:42:24.0238 6048 Serial - ok
    09:42:24.0288 6048 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    09:42:24.0288 6048 sermouse - ok
    09:42:24.0318 6048 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    09:42:24.0318 6048 SessionEnv - ok
    09:42:24.0338 6048 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    09:42:24.0338 6048 sffdisk - ok
    09:42:24.0348 6048 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    09:42:24.0348 6048 sffp_mmc - ok
    09:42:24.0358 6048 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    09:42:24.0358 6048 sffp_sd - ok
    09:42:24.0358 6048 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    09:42:24.0368 6048 sfloppy - ok
    09:42:24.0378 6048 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    09:42:24.0388 6048 SharedAccess - ok
    09:42:24.0418 6048 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    09:42:24.0418 6048 ShellHWDetection - ok
    09:42:24.0433 6048 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    09:42:24.0433 6048 SiSRaid2 - ok
    09:42:24.0433 6048 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    09:42:24.0433 6048 SiSRaid4 - ok
    09:42:24.0449 6048 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    09:42:24.0449 6048 Smb - ok
    09:42:24.0500 6048 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    09:42:24.0500 6048 SNMPTRAP - ok
    09:42:24.0510 6048 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    09:42:24.0510 6048 spldr - ok
    09:42:24.0540 6048 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    09:42:24.0550 6048 Spooler - ok
    09:42:24.0620 6048 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    09:42:24.0680 6048 sppsvc - ok
    09:42:24.0720 6048 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    09:42:24.0720 6048 sppuinotify - ok
    09:42:24.0777 6048 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
    09:42:24.0777 6048 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
    09:42:24.0777 6048 sptd ( LockedFile.Multi.Generic ) - warning
    09:42:24.0777 6048 sptd - detected LockedFile.Multi.Generic (1)
    09:42:24.0847 6048 [ 45E65FB17A4CD5FACBD3CA16C8334C82 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
    09:42:24.0857 6048 SQLAgent$SQLEXPRESS - ok
    09:42:24.0897 6048 [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    09:42:24.0907 6048 SQLBrowser - ok
    09:42:24.0947 6048 [ F92E5F93BE572B512DA3C016B675EDE0 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    09:42:24.0947 6048 SQLWriter - ok
    09:42:24.0977 6048 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    09:42:24.0977 6048 srv - ok
    09:42:24.0997 6048 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    09:42:24.0997 6048 srv2 - ok
    09:42:25.0007 6048 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    09:42:25.0017 6048 srvnet - ok
    09:42:25.0027 6048 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    09:42:25.0037 6048 SSDPSRV - ok
    09:42:25.0047 6048 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    09:42:25.0047 6048 SstpSvc - ok
    09:42:25.0077 6048 Steam Client Service - ok
    09:42:25.0097 6048 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    09:42:25.0097 6048 stexstor - ok
    09:42:25.0137 6048 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    09:42:25.0147 6048 stisvc - ok
    09:42:25.0177 6048 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    09:42:25.0177 6048 storflt - ok
    09:42:25.0187 6048 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
    09:42:25.0187 6048 StorSvc - ok
    09:42:25.0197 6048 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    09:42:25.0197 6048 storvsc - ok
    09:42:25.0227 6048 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    09:42:25.0227 6048 swenum - ok
    09:42:25.0247 6048 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    09:42:25.0247 6048 swprv - ok
    09:42:25.0297 6048 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    09:42:25.0317 6048 SysMain - ok
    09:42:25.0337 6048 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    09:42:25.0347 6048 TabletInputService - ok
    09:42:25.0377 6048 [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys
    09:42:25.0377 6048 tap0901t - ok
    09:42:25.0407 6048 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    09:42:25.0407 6048 TapiSrv - ok
    09:42:25.0417 6048 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    09:42:25.0417 6048 TBS - ok
    09:42:25.0457 6048 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    09:42:25.0487 6048 Tcpip - ok
    09:42:25.0517 6048 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    09:42:25.0527 6048 TCPIP6 - ok
    09:42:25.0557 6048 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    09:42:25.0557 6048 tcpipreg - ok
    09:42:25.0567 6048 TCPZ - ok
    09:42:25.0637 6048 Tcpz-x64 - ok
    09:42:25.0647 6048 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    09:42:25.0647 6048 TDPIPE - ok
    09:42:25.0677 6048 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    09:42:25.0677 6048 TDTCP - ok
    09:42:25.0707 6048 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    09:42:25.0707 6048 tdx - ok
    09:42:25.0717 6048 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    09:42:25.0717 6048 TermDD - ok
    09:42:25.0747 6048 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    09:42:25.0757 6048 TermService - ok
    09:42:25.0767 6048 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    09:42:25.0767 6048 Themes - ok
    09:42:25.0777 6048 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    09:42:25.0777 6048 THREADORDER - ok
    09:42:25.0787 6048 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    09:42:25.0787 6048 TrkWks - ok
    09:42:25.0837 6048 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    09:42:25.0837 6048 TrustedInstaller - ok
    09:42:25.0867 6048 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    09:42:25.0867 6048 tssecsrv - ok
    09:42:25.0887 6048 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    09:42:25.0887 6048 TsUsbFlt - ok
    09:42:25.0927 6048 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    09:42:25.0937 6048 tunnel - ok
    09:42:25.0997 6048 [ 3DB1CE045A552161EF7252988752C65F ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe
    09:42:26.0568 6048 TunngleService - ok
    09:42:26.0598 6048 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    09:42:26.0598 6048 uagp35 - ok
    09:42:26.0618 6048 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    09:42:26.0618 6048 udfs - ok
    09:42:26.0628 6048 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    09:42:26.0638 6048 UI0Detect - ok
    09:42:26.0648 6048 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    09:42:26.0648 6048 uliagpkx - ok
    09:42:26.0678 6048 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    09:42:26.0678 6048 umbus - ok
    09:42:26.0698 6048 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    09:42:26.0698 6048 UmPass - ok
    09:42:26.0738 6048 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    09:42:26.0738 6048 UmRdpService - ok
    09:42:26.0748 6048 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    09:42:26.0758 6048 upnphost - ok
    09:42:26.0788 6048 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    09:42:26.0798 6048 USBAAPL64 - ok
    09:42:26.0838 6048 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    09:42:26.0838 6048 usbaudio - ok
    09:42:26.0868 6048 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    09:42:26.0868 6048 usbccgp - ok
    09:42:26.0898 6048 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    09:42:26.0898 6048 usbcir - ok
    09:42:26.0928 6048 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    09:42:26.0928 6048 usbehci - ok
    09:42:26.0948 6048 [ 68BAD03835873D4BBBDE95CBB135A395 ] UsbFltr C:\Windows\system32\Drivers\UsbFltr.sys
    09:42:26.0948 6048 UsbFltr - ok
    09:42:26.0978 6048 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    09:42:26.0978 6048 usbhub - ok
    09:42:26.0988 6048 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    09:42:26.0998 6048 usbohci - ok
    09:42:27.0008 6048 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    09:42:27.0008 6048 usbprint - ok
    09:42:27.0038 6048 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    09:42:27.0038 6048 usbscan - ok
    09:42:27.0048 6048 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    09:42:27.0058 6048 USBSTOR - ok
    09:42:27.0068 6048 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    09:42:27.0078 6048 usbuhci - ok
    09:42:27.0078 6048 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    09:42:27.0078 6048 UxSms - ok
    09:42:27.0088 6048 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    09:42:27.0098 6048 VaultSvc - ok
    09:42:27.0128 6048 [ 84BB306B7863883018D7F3EB0C453BD5 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
    09:42:27.0128 6048 VClone - ok
    09:42:27.0158 6048 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    09:42:27.0158 6048 vdrvroot - ok
    09:42:27.0198 6048 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    09:42:27.0198 6048 vds - ok
    09:42:27.0208 6048 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    09:42:27.0218 6048 vga - ok
    09:42:27.0218 6048 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    09:42:27.0218 6048 VgaSave - ok
    09:42:27.0238 6048 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    09:42:27.0238 6048 vhdmp - ok
    09:42:27.0248 6048 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    09:42:27.0248 6048 viaide - ok
    09:42:27.0288 6048 [ 3B59BB6D10CF969DBE4DB93D9EAD7FB4 ] VKbms C:\Windows\system32\DRIVERS\VKbms.sys
    09:42:27.0288 6048 VKbms - ok
    09:42:27.0308 6048 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    09:42:27.0308 6048 vmbus - ok
    09:42:27.0328 6048 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    09:42:27.0328 6048 VMBusHID - ok
    09:42:27.0338 6048 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    09:42:27.0338 6048 volmgr - ok
    09:42:27.0378 6048 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    09:42:27.0378 6048 volmgrx - ok
    09:42:27.0388 6048 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    09:42:27.0398 6048 volsnap - ok
    09:42:27.0408 6048 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    09:42:27.0418 6048 vsmraid - ok
    09:42:27.0458 6048 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    09:42:27.0478 6048 VSS - ok
    09:42:27.0488 6048 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    09:42:27.0488 6048 vwifibus - ok
    09:42:27.0508 6048 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    09:42:27.0518 6048 W32Time - ok
    09:42:27.0538 6048 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    09:42:27.0538 6048 WacomPen - ok
    09:42:27.0558 6048 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    09:42:27.0558 6048 WANARP - ok
    09:42:27.0558 6048 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    09:42:27.0558 6048 Wanarpv6 - ok
    09:42:27.0608 6048 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    09:42:27.0618 6048 WatAdminSvc - ok
    09:42:27.0658 6048 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    09:42:27.0688 6048 wbengine - ok
    09:42:27.0708 6048 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    09:42:27.0708 6048 WbioSrvc - ok
    09:42:27.0738 6048 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    09:42:27.0738 6048 wcncsvc - ok
    09:42:27.0748 6048 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    09:42:27.0748 6048 WcsPlugInService - ok
    09:42:27.0768 6048 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    09:42:27.0768 6048 Wd - ok
    09:42:27.0778 6048 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    09:42:27.0788 6048 Wdf01000 - ok
    09:42:27.0798 6048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    09:42:27.0798 6048 WdiServiceHost - ok
    09:42:27.0808 6048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    09:42:27.0808 6048 WdiSystemHost - ok
    09:42:27.0838 6048 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    09:42:27.0838 6048 WebClient - ok
    09:42:27.0848 6048 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    09:42:27.0858 6048 Wecsvc - ok
    09:42:27.0868 6048 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    09:42:27.0868 6048 wercplsupport - ok
    09:42:27.0888 6048 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    09:42:27.0888 6048 WerSvc - ok
    09:42:27.0898 6048 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    09:42:27.0898 6048 WfpLwf - ok
    09:42:27.0908 6048 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    09:42:27.0908 6048 WIMMount - ok
    09:42:27.0908 6048 WinDefend - ok
    09:42:27.0918 6048 WinHttpAutoProxySvc - ok
    09:42:27.0958 6048 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    09:42:27.0958 6048 Winmgmt - ok
    09:42:28.0008 6048 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    09:42:28.0038 6048 WinRM - ok
    09:42:28.0098 6048 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    09:42:28.0098 6048 WinUsb - ok
    09:42:28.0118 6048 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    09:42:28.0128 6048 Wlansvc - ok
    09:42:28.0218 6048 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    09:42:28.0228 6048 wlidsvc - ok
    09:42:28.0258 6048 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    09:42:28.0258 6048 WmiAcpi - ok
    09:42:28.0268 6048 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    09:42:28.0268 6048 wmiApSrv - ok
    09:42:28.0288 6048 WMPNetworkSvc - ok
    09:42:28.0298 6048 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    09:42:28.0298 6048 WPCSvc - ok
    09:42:28.0328 6048 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    09:42:28.0328 6048 WPDBusEnum - ok
    09:42:28.0348 6048 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    09:42:28.0348 6048 ws2ifsl - ok
    09:42:28.0358 6048 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    09:42:28.0358 6048 wscsvc - ok
    09:42:28.0358 6048 WSearch - ok
    09:42:28.0418 6048 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    09:42:28.0448 6048 wuauserv - ok
    09:42:28.0478 6048 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    09:42:28.0478 6048 WudfPf - ok
    09:42:28.0508 6048 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    09:42:28.0508 6048 wudfsvc - ok
    09:42:28.0518 6048 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    09:42:28.0528 6048 WwanSvc - ok
    09:42:28.0558 6048 X6va001 - ok
    09:42:28.0578 6048 [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
    09:42:28.0588 6048 xusb21 - ok
    09:42:28.0588 6048 ================ Scan global ===============================
    09:42:28.0608 6048 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    09:42:28.0638 6048 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    09:42:28.0638 6048 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    09:42:28.0648 6048 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    09:42:28.0668 6048 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    09:42:28.0668 6048 [Global] - ok
    09:42:28.0668 6048 ================ Scan MBR ==================================
    09:42:28.0678 6048 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    09:42:28.0908 6048 \Device\Harddisk0\DR0 - ok
    09:42:28.0908 6048 ================ Scan VBR ==================================
    09:42:28.0918 6048 [ A485339A708CB7AE0240441055F9665D ] \Device\Harddisk0\DR0\Partition1
    09:42:28.0918 6048 \Device\Harddisk0\DR0\Partition1 - ok
    09:42:28.0928 6048 [ B34FDDFB4436807093C6C32FC60F044C ] \Device\Harddisk0\DR0\Partition2
    09:42:28.0928 6048 \Device\Harddisk0\DR0\Partition2 - ok
    09:42:28.0928 6048 ============================================================
    09:42:28.0928 6048 Scan finished
    09:42:28.0928 6048 ============================================================
    09:42:28.0938 2392 Detected object count: 1
    09:42:28.0938 2392 Actual detected object count: 1
    09:42:42.0537 2392 sptd ( LockedFile.Multi.Generic ) - skipped by user
    09:42:42.0537 2392 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
  9. Fenixink

    Fenixink Newcomer, in training Topic Starter Posts: 21

    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Fenixink [Admin rights]
    Mode : Scan -- Date : 10/13/2012 20:15:27

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] Runservice.exe -- C:\Windows\runservice.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 9 ¤¤¤
    [TASK][SUSP PATH] {6B5ACE91-EE77-414E-92AD-4097F5A14DDE} : C:\Users\Fenixink\Desktop\Apprentice\appr200\ApprWork.exe -> FOUND
    [TASK][SUSP PATH] {CB617242-57FF-42C4-BA09-AE895424AD78} : C:\Users\Fenixink\Desktop\Apprentice\appr2csv\appr2csv.exe -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 hl2rcv.adobe.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD7501AALS-00E8B0 ATA Device +++++
    --- User ---
    [MBR] d70311da9ca6380bd010ba7adf9e71e7
    [BSP] 9d8563a0c14ec9c46a0ec278cba1da64 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 715302 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
  10. Fenixink

    Fenixink Newcomer, in training Topic Starter Posts: 21

    aswMBR.exe keeps crashing about an hour into the scan.
    I have tried it with internet connection/AV on and off to no avail.
  11. Broni

    Broni Malware Annihilator Posts: 46,335   +252

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  12. Fenixink

    Fenixink Newcomer, in training Topic Starter Posts: 21

    ComboFix below. RogueKiller left an RK_Quarantine folder behind do I need to keep this folder or can I delete it when we're done cleaning?

    ComboFix 12-10-14.03 - Fenixink 10/14/2012 13:57:30.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4091.1087 [GMT -7:00]
    Running from: c:\users\Fenixink\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\program files (x86)\autoclicker
    c:\program files (x86)\autoclicker\autoclicker.exe
    c:\program files (x86)\autoclicker\readme.txt
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk
    c:\users\Fenixink\AppData\Local\assembly\tmp
    c:\users\Fenixink\AppData\Roaming\Local
    c:\users\Fenixink\AppData\Roaming\Local\FalloutNV\Fallout.ini
    c:\users\Fenixink\AppData\Roaming\Local\FalloutNV\FalloutPrefs.ini
    c:\users\Fenixink\AppData\Roaming\Local\FalloutNV\NVDLCList.txt
    c:\users\Fenixink\AppData\Roaming\Local\FalloutNV\plugins.txt
    c:\users\Fenixink\AppData\Roaming\Local\FalloutNV\RendererInfo.txt
    c:\users\Fenixink\AppData\Roaming\PropMgrAsync
    c:\users\Fenixink\AppData\Roaming\PropMgrAsync\PropMgrAsync.cfg
    c:\users\Fenixink\AppData\Roaming\PropMgrAsync\PropMgrAsync.log
    c:\windows\SysWow64\logs
    c:\windows\SysWow64\logs\debug.txt
    c:\windows\SysWow64\Settings
    c:\windows\SysWow64\URTTemp
    c:\windows\SysWow64\URTTemp\regtlib.exe
    c:\windows\XSxS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-14 to 2012-10-14 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-14 21:05 . 2012-10-14 21:05 -------- d-----w- c:\users\Mcx1-FENIXINK-PC\AppData\Local\temp
    2012-10-14 21:05 . 2012-10-14 21:05 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-14 20:50 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E6B124B-712A-4DC7-B87A-A6AAEE99822C}\mpengine.dll
    2012-10-14 14:25 . 2012-10-14 14:25 -------- d-----w- c:\programdata\NVIDIA
    2012-10-14 14:15 . 2012-10-14 14:15 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
    2012-10-14 14:15 . 2012-10-14 14:15 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-10-14 14:15 . 2012-10-14 14:15 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-10-14 14:15 . 2012-10-14 14:15 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
    2012-10-14 14:15 . 2012-10-14 14:15 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
    2012-10-14 04:14 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-10-14 00:43 . 2012-10-14 00:43 -------- d-----w- c:\users\Fenixink\AppData\Roaming\Malwarebytes
    2012-10-14 00:41 . 2012-10-14 00:41 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-14 00:41 . 2012-10-14 00:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-14 00:41 . 2012-09-08 00:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-14 00:23 . 2012-10-14 00:23 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BDA1E53B-2CB1-49FE-A87D-24892A34EBE6}\gapaengine.dll
    2012-10-14 00:22 . 2012-10-14 00:22 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-10-14 00:22 . 2012-10-14 00:22 -------- d-----w- c:\program files\Microsoft Security Client
    2012-10-13 23:52 . 2012-10-13 23:52 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-10-06 23:08 . 2012-10-14 15:54 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-10-06 23:08 . 2012-10-14 14:15 2559968 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
    2012-10-06 23:08 . 2012-10-14 14:15 115168 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-10-06 23:08 . 2012-10-14 14:15 192600 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-10-06 23:08 . 2012-10-14 14:15 124384 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
    2012-09-28 05:29 . 2012-09-28 05:29 -------- d-----w- c:\program files (x86)\GoldWave
    2012-09-26 15:24 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-09-25 14:17 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-09-25 14:17 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2012-09-25 14:17 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-09-25 14:17 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-09-25 14:17 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-09-25 14:08 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-09-25 14:06 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
    2012-09-25 14:06 . 2011-11-17 05:35 314880 ----a-w- c:\windows\SysWow64\webio.dll
    2012-09-25 14:06 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
    2012-09-25 14:06 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-09-25 14:06 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-09-25 14:06 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
    2012-09-25 14:06 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
    2012-09-25 14:06 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
    2012-09-25 14:06 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-09-25 14:06 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2012-09-25 14:06 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-09-25 14:06 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-09-25 14:06 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
    2012-09-25 14:03 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
    2012-09-25 14:03 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    2012-09-25 14:03 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
    2012-09-25 14:03 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
    2012-09-25 14:03 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2012-09-25 14:01 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-09-25 14:01 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-09-25 14:01 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-09-25 13:59 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
    2012-09-25 13:59 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2012-09-23 18:46 . 2012-09-23 18:46 -------- d-----w- c:\programdata\Curse Client
    2012-09-22 16:05 . 2012-09-22 16:05 -------- d-----w- c:\programdata\Premium
    2012-09-22 16:03 . 2012-09-22 16:03 -------- d-----w- c:\users\Fenixink\AppData\Roaming\SendSpace
    2012-09-22 16:03 . 2012-09-22 16:05 -------- d-----w- c:\programdata\InstallMate
    2012-09-21 23:16 . 2012-09-22 17:04 -------- d-----w- c:\program files (x86)\MDickie
    2012-09-21 20:02 . 2012-10-14 15:56 -------- d-----w- c:\users\Fenixink\PsiData
    2012-09-21 20:02 . 2012-09-21 20:02 -------- d-----w- c:\program files (x86)\Psi
    2012-09-15 03:36 . 2012-09-15 03:36 -------- d-----w- c:\programdata\REVOLT
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-14 00:06 . 2010-01-29 19:14 65309168 ----a-w- c:\windows\system32\MRT.exe
    2012-09-26 15:53 . 2011-03-29 08:11 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2012-09-26 15:32 . 2011-06-21 13:45 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
    2012-09-15 18:13 . 2011-07-24 20:40 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-09-15 18:13 . 2011-03-27 07:58 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-09-15 01:39 . 2011-03-27 07:58 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-09-01 23:24 . 2011-03-27 07:57 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-08-31 05:03 . 2012-08-31 05:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-08-31 05:03 . 2012-08-31 05:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-08-20 17:38 . 2012-10-14 00:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-08-16 02:16 . 2012-08-16 02:16 119808 ----a-r- c:\users\Fenixink\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
    2012-08-12 21:19 . 2012-08-12 21:19 151552 ----a-w- c:\windows\SysWow64\nvRegDev.dll
    2009-05-15 05:15 . 2009-05-15 05:15 5719400 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
    2009-05-15 05:15 . 2009-05-15 05:15 4397928 ----a-w- c:\program files\Common Files\adlmint.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
    [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
    [-] 2011-05-18 . 0E02BAA408FFEF55C82D52226915FAD9 . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Fenixink\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Fenixink\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Fenixink\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Fenixink\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    "Spotify Web Helper"="c:\users\Fenixink\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-09-23 1193176]
    "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-11-26 393216]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-05 346320]
    "MRUTray"="c:\program files (x86)\Marvell\raid\tray\MarvellTray.exe" [2009-10-09 741376]
    "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-09-25 106496]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
    .
    c:\users\Fenixink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Psi.lnk - c:\program files (x86)\Psi\Psi.exe [2009-12-2 8456704]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2012-9-19 2835096]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2010-04-18 2560]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
    R3 ALSysIO;ALSysIO;c:\users\Fenixink\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-03-24 12032]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-06-25 1315592]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2010-02-12 56832]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-14 115168]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
    R3 Tcpz-x64;Tcpz-x64;c:\users\Fenixink\AppData\Local\Temp\Tcpz-x64.sys [x]
    R3 TCPZ;TCP Half Open Limited Patcher ( TCP-Z);c:\windows\system32\DRIVERS\tcpz-x64d.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-07-20 738152]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 VKbms;Razer Gaming Device;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1255736]
    R3 X6va001;X6va001;c:\users\Fenixink\AppData\Local\Temp\001DD75.tmp [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
    S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2009-10-09 22568]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-04 834544]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
    S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-05 219360]
    S2 Marvell RAID;Marvell RAID Event Agent;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe [2009-10-05 151552]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]
    S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]
    S2 MRUWebService;MRU Web Service;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2009-04-09 24635]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
    S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 12672]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-09-25 73728]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-09-25 178688]
    S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
    S3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 12288]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 98068732
    *Deregistered* - 98068732
    *Deregistered* - aswMBR
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2551055566-3378420269-3791946891-1000Core.job
    - c:\users\Fenixink\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-12 02:09]
    .
    2012-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2551055566-3378420269-3791946891-1000UA.job
    - c:\users\Fenixink\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-12 02:09]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Fenixink\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Fenixink\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Fenixink\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Fenixink\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-12 2345848]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
    "MagicTuneEngine"="c:\program files\MagicTune Premium\MagicTuneLauncher.exe" [2011-05-26 53760]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = my.daemon-search.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
    IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-DS3 Tool - c:\program files\MotioninJoy\ds3\DS3_Tool.exe
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    SafeBoot-58939911.sys
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001]
    "ImagePath"="\??\c:\users\Fenixink\AppData\Local\Temp\001DD75.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2551055566-3378420269-3791946891-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*$%Y%„%]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-2551055566-3378420269-3791946891-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*$%Y%„%\OpenWithList]
    @Class="Shell"
    .
    [HKEY_USERS\S-1-5-21-2551055566-3378420269-3791946891-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:36,78,87,eb,37,7b,bf,1e,ee,09,c2,ae,64,95,7f,d2,1d,21,33,53,e3,69,1c,
    9d,23,3c,08,99,c1,2e,a2,f8,17,d7,73,0a,5f,3b,3e,94,7b,b5,14,b1,02,ae,9d,18,\
    "??"=hex:c1,2b,32,b9,fa,ab,72,fc,6d,dd,77,58,59,54,9b,90
    .
    [HKEY_USERS\S-1-5-21-2551055566-3378420269-3791946891-1000\Software\SecuROM\License information*]
    "datasecu"=hex:ad,eb,af,66,18,a3,52,f3,f6,29,ae,ae,02,8f,1b,17,e5,80,85,a3,cd,
    a3,31,15,7a,67,e7,92,b4,ff,7f,c3,81,76,c3,21,03,83,db,a8,f2,fd,e6,f6,1f,ed,\
    "rkeysecu"=hex:da,17,a0,37,11,12,0f,0a,6f,b3,3f,80,42,dd,1b,20
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$I&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB]
    "1"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,d6,9f,52,ce,23,dc,1a,
    c2
    "2"=hex:d1,c8,c3,5e,08,10,b9,8f,1e,fd,a6,7c,f5,6d,b0,f3,a6,71,8f,f8,ab,bd,bd,
    76,64,10,04,f0,92,77,f9,20
    "3"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,ac,98,11,9b,be,95,83,
    07,ae,ba,7e,d8,e6,d6,56,50,c4,dc,bb,7b,18,78,a4,de,04,5c,25,4e,9f,d7,39,6d
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$I&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\104E77F331FE55C82179809564DE14F8]
    "1"=hex:8b,95,de,34,eb,97,26,65,50,ac,1c,a4,ba,6a,31,94,5d,20,a0,de,8b,8a,6d,
    19
    "2"=hex:fb,97,8a,4e,d1,2e,6d,60
    "3"=hex:81,20,8f,ab,28,6a,52,9c
    "4"=hex:2f,ad,a2,e7,8a,bf,05,5e
    "5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
    1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
    "6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
    51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
    "7"=hex:3b,e8,2f,01,6c,32,33,d8,e1,d7,f3,f6,0e,0a,fa,46,62,39,09,43,d3,da,73,
    d4,4e,db,d0,f9,b1,fb,0a,f1,d3,99,57,af,7d,98,93,fd,a5,1e,64,b6,5b,35,28,e1,\
    "8"=hex:63,5a,d7,1b,b1,d4,18,46,3c,25,e7,95,a9,cd,5a,04,53,bc,e8,9f,e1,d0,70,
    9a,4b,f2,32,f0,cb,cc,b7,56,ac,d7,a2,69,37,59,77,e8
    "9"=hex:81,20,8f,ab,28,6a,52,9c
    "18"=hex:70,56,26,33,e3,20,f8,ab
    "10"=hex:81,20,8f,ab,28,6a,52,9c
    "11"=hex:81,20,8f,ab,28,6a,52,9c
    "12"=hex:81,20,8f,ab,28,6a,52,9c
    "13"=hex:81,20,8f,ab,28,6a,52,9c
    "14"=hex:81,20,8f,ab,28,6a,52,9c
    "24"=hex:81,20,8f,ab,28,6a,52,9c
    "26"=hex:81,20,8f,ab,28,6a,52,9c
    "27"=hex:81,20,8f,ab,28,6a,52,9c
    "19"=hex:81,20,8f,ab,28,6a,52,9c
    "22"=hex:81,20,8f,ab,28,6a,52,9c
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$I&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\D3D1B0FFCBEAEE83F78310A5B5826958]
    "1"=hex:8b,95,de,34,eb,97,26,65,50,ac,1c,a4,ba,6a,31,94,e4,e5,23,be,cb,7e,44,
    ff
    "8"=hex:63,5a,d7,1b,b1,d4,18,46,3c,25,e7,95,a9,cd,5a,04,62,c9,11,69,d3,5c,37,
    e1,f1,ed,02,1c,ba,dc,25,94,da,f2,c3,7b,6d,de,d7,10
    "18"=hex:70,56,26,33,e3,20,f8,ab
    "26"=hex:f0,c6,30,1a,cf,25,01,ae,e2,35,c6,bf,ea,46,2f,43,1d,8a,bc,2e,f8,00,8b,
    67,e0,eb,31,23,11,55,b8,a0,19,ac,69,54,4f,8b,c1,db,1c,6c,fa,0e,11,b6,b7,53,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-10-14 14:08:12
    ComboFix-quarantined-files.txt 2012-10-14 21:08
    .
    Pre-Run: 128,457,027,584 bytes free
    Post-Run: 128,355,950,592 bytes free
    .
    - - End Of File - - 1AC83842ADFE4807F0A071970DD27BAD
  13. Broni

    Broni Malware Annihilator Posts: 46,335   +252

    Looks good :)

    Any current issues?

    =================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  14. Fenixink

    Fenixink Newcomer, in training Topic Starter Posts: 21

    No current issues.
    Here are the logs from OTL:

    OTL.txt
    OTL logfile created on: 10/14/2012 2:38:53 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fenixink\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 29.59% Memory free
    7.99 Gb Paging File | 5.03 Gb Available in Paging File | 62.98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 698.54 Gb Total Space | 119.64 Gb Free Space | 17.13% Space Free | Partition Type: NTFS
    Drive D: | 437.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive G: | 5.49 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: FENIXINK-PC | User Name: Fenixink | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/14 14:37:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fenixink\Desktop\OTL.exe
    PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/09/01 16:24:55 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2010/11/25 22:31:10 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    PRC - [2010/09/07 09:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    PRC - [2010/09/07 09:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    PRC - [2009/10/05 11:01:30 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
    PRC - [2009/09/25 07:59:18 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2009/08/04 18:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    PRC - [2009/08/04 18:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    PRC - [2009/04/08 17:38:52 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/09/07 09:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    MOD - [2009/07/30 19:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2012/04/05 19:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/06/25 09:03:34 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/10/14 07:15:35 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/09/01 16:24:55 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/07/19 18:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
    SRV - [2010/11/09 20:02:22 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/09/07 09:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
    SRV - [2010/04/18 16:59:12 | 000,002,560 | ---- | M] () [Auto | Stopped] -- C:\Windows\Runservice.exe -- (LicCtrlService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/28 13:58:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/12/15 13:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
    SRV - [2009/10/05 11:01:30 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe -- (Marvell RAID)
    SRV - [2009/08/04 18:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/04/08 17:38:52 | 000,024,635 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe -- (MRUWebService)
    SRV - [2008/08/15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/04/05 22:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/04/05 18:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/23 05:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/09/22 22:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
    DRV:64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/09 20:02:19 | 000,312,480 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
    DRV:64bit: - [2011/01/09 20:02:18 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
    DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/10/01 01:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
    DRV:64bit: - [2010/07/29 01:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
    DRV:64bit: - [2010/06/03 18:07:22 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010/03/23 17:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
    DRV:64bit: - [2010/02/11 21:34:48 | 000,056,832 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
    DRV:64bit: - [2009/11/18 16:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/10/09 15:55:56 | 000,022,568 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
    DRV:64bit: - [2009/09/25 07:58:32 | 000,178,688 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2009/09/25 07:58:24 | 000,073,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
    DRV:64bit: - [2009/08/21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/08/20 09:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/08/09 14:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV:64bit: - [2008/11/04 13:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (MagicTune)
    DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
    DRV:64bit: - [2007/08/02 10:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
    DRV:64bit: - [2007/04/09 11:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
  15. Fenixink

    Fenixink Newcomer, in training Topic Starter Posts: 21

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
    IE - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 97 79 2A 1F 56 CB 01 [binary data]
    IE - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
    IE - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\..\SearchScopes,DefaultScope = {49C7F867-EFD7-4ed4-BE03-047ED3694A06}
    IE - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\..\SearchScopes\{0633EE93-1111-472f-A0FF-E1416B8B2E3B}: "URL" = http://www.gooofullsearch.com/googl...3:l82qfgcdkgt&cof=FORID:10&ie=UTF-8&hl=es#740
    IE - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\..\SearchScopes\{49C7F867-EFD7-4ed4-BE03-047ED3694A06}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
    IE - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\..\SearchScopes\{7BB618D9-F291-4b6f-B61A-895B93D64FF8}: "URL" = http://www.google.com/custom?client...0FF;GIMP:0000FF;FORID:1&hl=en&q={searchTerms}
    IE - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
    IE - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google Customized Web Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: anttoolbar@ant.com:2.4.7.3
    FF - prefs.js..extensions.enabledAddons: firebug@software.joehewitt.com:1.9.2
    FF - prefs.js..extensions.enabledAddons: survey-remover@gmx.com:3.1.1
    FF - prefs.js..extensions.enabledAddons: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.118
    FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105
    FF - prefs.js..extensions.enabledAddons: {b442f4c0-c292-4998-aabe-48608a73ba75}:1.1
    FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
    FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
    FF - prefs.js..extensions.enabledAddons: {E6C93316-271E-4b3d-8D7E-FE11B4350AEB}:2.1.25
    FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
    FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.21
    FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0
    FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.118
    FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.2.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
    FF - prefs.js..extensions.enabledItems: {60c4696a-e4eb-4d2d-9060-38928dd0b6a2}:2.7.2.0
    FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
    FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: survey-remover@gmx.com:2.0.2
    FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@raidcall.com/RCplugin: C:\Users\Fenixink\AppData\LocalLow\raidcall\plugins\webplugin.dll (Raidcall)
    FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Fenixink\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
    FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll ()
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fenixink\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fenixink\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Fenixink\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Fenixink\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll (Electronic Arts)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/14 07:15:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/16 20:59:48 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/14 07:15:35 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/16 20:59:48 | 000,000,000 | ---D | M]

    [2010/01/29 22:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fenixink\AppData\Roaming\Mozilla\Extensions
    [2012/10/14 08:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\extensions
    [2010/06/23 14:34:37 | 000,000,000 | ---D | M] () -- C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
    [2012/05/29 06:50:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/08/04 09:24:32 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2012/10/13 17:39:34 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\extensions\anttoolbar@ant.com
    [2012/05/17 21:17:47 | 001,335,949 | ---- | M] () (No name found) -- C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\extensions\firebug@software.joehewitt.com.xpi
    [2011/10/09 09:47:29 | 000,051,395 | ---- | M] () (No name found) -- C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\extensions\survey-remover@gmx.com.xpi
    [2012/07/10 17:22:47 | 000,032,829 | ---- | M] () (No name found) -- C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\extensions\{b442f4c0-c292-4998-aabe-48608a73ba75}.xpi
    [2012/09/05 07:24:06 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
    [2012/06/03 20:39:38 | 000,009,489 | ---- | M] () (No name found) -- C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi
    [2011/01/14 12:03:57 | 000,002,059 | ---- | M] () -- C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\searchplugins\daemon-search.xml
    [2012/02/07 01:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/10/14 07:15:35 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/04/15 05:20:18 | 001,034,544 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
    [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/10/14 07:15:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2010/10/07 16:43:27 | 000,001,836 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Goofullsearch.xml
    [2012/10/14 07:15:25 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Fenixink\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Fenixink\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fenixink\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Fenixink\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files (x86)\Download Manager\npfpdlm.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\Fenixink\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Fenixink\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Fenixink\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll
    CHR - plugin: Free Realms Installer (Enabled) = C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - Extension: Flash Video Download = C:\Users\Fenixink\AppData\Local\Google\Chrome\User Data\Default\Extensions\anadfmbemnidomdljfcdgdoomhghoclk\1.3.14_0\
    CHR - Extension: YouTube = C:\Users\Fenixink\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Fenixink\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Edit This Cookie = C:\Users\Fenixink\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\1.1.23_0\
    CHR - Extension: Edit This Cookie = C:\Users\Fenixink\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\1.1.24_0\
    CHR - Extension: Gmail = C:\Users\Fenixink\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/10/14 14:05:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3:64bit: - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
    O3 - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [MagicTuneEngine] C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe ()
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
    O4 - HKLM..\Run: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe ()
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
    O4 - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000..\Run: [Spotify Web Helper] C:\Users\Fenixink\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
    O4 - Startup: C:\Users\Fenixink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Psi.lnk = C:\Program Files (x86)\Psi\Psi.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
    O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
    O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\..Trusted Ranges: Range1 ([http] in Trusted sites)
    O15 - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\..Trusted Ranges: Range1 ([https] in Trusted sites)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.4.0)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57B72277-21FC-4840-86B7-DC7AF27F66B0}: DhcpNameServer = 7.254.254.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD4BA26B-2CF6-4576-AEC6-5F18A50A9EF0}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/09/21 22:40:26 | 000,000,000 | ---D | M] - D:\AutoPlay -- [ CDFS ]
    O32 - AutoRun File - [2011/02/24 06:02:11 | 002,834,432 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2009/04/10 10:32:30 | 000,000,046 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O32 - AutoRun File - [2011/09/06 00:15:22 | 000,000,051 | R--- | M] () - G:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  16. Fenixink

    Fenixink Newcomer, in training Topic Starter Posts: 21

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/14 14:37:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fenixink\Desktop\OTL.exe
    [2012/10/14 14:08:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/10/14 13:56:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/14 13:56:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/14 13:56:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/14 13:56:06 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/14 13:55:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/14 13:53:41 | 004,980,339 | R--- | C] (Swearware) -- C:\Users\Fenixink\Desktop\ComboFix.exe
    [2012/10/14 09:48:14 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Fenixink\Desktop\aswMBR.exe
    [2012/10/14 09:41:13 | 000,000,000 | ---D | C] -- C:\Users\Fenixink\Desktop\tdsskiller
    [2012/10/14 07:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
    [2012/10/13 21:10:24 | 000,706,431 | R--- | C] (Swearware) -- C:\Users\Fenixink\Desktop\dds.com
    [2012/10/13 20:44:18 | 000,000,000 | ---D | C] -- C:\Users\Fenixink\AppData\Local\{A06FADE3-A1A1-4E0A-92EF-906A3AA60828}
    [2012/10/13 20:14:59 | 000,000,000 | ---D | C] -- C:\Users\Fenixink\Desktop\RK_Quarantine
    [2012/10/13 17:43:09 | 000,000,000 | ---D | C] -- C:\Users\Fenixink\AppData\Roaming\Malwarebytes
    [2012/10/13 17:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/13 17:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/13 17:41:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/10/13 17:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/10/13 17:24:29 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Fenixink\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/10/13 17:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/10/13 17:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/10/13 16:52:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/10/06 16:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012/10/06 16:08:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/10/06 16:06:05 | 000,000,000 | ---D | C] -- C:\Users\Fenixink\Documents\RIFT
    [2012/10/05 08:13:28 | 000,000,000 | ---D | C] -- C:\Users\Fenixink\AppData\Local\{9EEA60C4-F350-48B7-90B0-654BF02E03EE}
    [2012/10/03 20:16:23 | 000,000,000 | ---D | C] -- C:\Users\Fenixink\AppData\Local\{614328AD-62DE-46B2-9548-42EC17A8E864}
    [2012/10/03 08:16:13 | 000,000,000 | ---D | C] -- C:\Users\Fenixink\AppData\Local\{B3BDEF3B-6CAC-4EEF-BB3C-59923111467D}
    [2012/10/01 18:39:57 | 000,000,000 | ---D | C] -- C:\Users\Fenixink\AppData\Local\{F11098C4-10B3-49BC-BAA7-DC5A962F6F74}
    [2012/09/29 20:49:42 | 000,000,000 | ---D | C] -- C:\Users\Fenixink\Desktop\school
    [2012/09/27 22:29:26 | 000,000,000 | ---D | C] -- C:\Users\Fenixink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoldWave
    [2012/09/27 22:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoldWave
    [2012/09/23 11:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Curse Client
    [2012/09/23 11:45:23 | 000,000,000 | ---D | C] -- C:\Users\Fenixink\Documents\My Curse
    [2012/09/23 11:45:00 | 000,000,000 | ---D | C] -- C:\Users\Fenixink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
    [2012/09/23 11:24:08 | 000,000,000 | ---D | C] -- C:\Users\Fenixink\Desktop\TSW Mods
    [2012/09/22 20:01:36 | 000,000,000 | ---D | C] -- C:\Users\Fenixink\Desktop\jamesprophet
    [2012/09/22 19:45:31 | 000,000,000 | ---D | C] -- C:\Users\Fenixink\Desktop\TNeck_MDTs_V2
    [2012/09/22 09:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
    [2012/09/22 09:03:47 | 000,000,000 | ---D | C] -- C:\Users\Fenixink\AppData\Roaming\SendSpace
    [2012/09/22 09:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
    [2012/09/21 17:39:53 | 000,000,000 | ---D | C] -- C:\Users\Fenixink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TWC4 Fight!
    [2012/09/21 16:17:05 | 000,000,000 | ---D | C] -- C:\Users\Fenixink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrestling MPire 2008 (Management Edition)
    [2012/09/21 16:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MDickie
    [2012/09/21 13:36:52 | 000,000,000 | ---D | C] -- C:\Users\Fenixink\AppData\Local\{A02F49ED-3B63-48BD-A06E-A095E556A9DD}
    [2012/09/21 13:02:22 | 000,000,000 | ---D | C] -- C:\Users\Fenixink\PsiData
    [2012/09/21 13:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Psi
    [2012/09/21 13:02:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Psi
    [2012/09/14 20:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\REVOLT
    [2009/05/14 22:15:24 | 005,719,400 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
    [2009/05/14 22:15:24 | 004,397,928 | ---- | C] (Autodesk) -- C:\Program Files\Common Files\adlmint.dll
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/14 14:40:06 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2551055566-3378420269-3791946891-1000UA.job
    [2012/10/14 14:37:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fenixink\Desktop\OTL.exe
    [2012/10/14 14:05:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/10/14 13:58:29 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/14 13:58:29 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/14 13:53:56 | 004,980,339 | R--- | M] (Swearware) -- C:\Users\Fenixink\Desktop\ComboFix.exe
    [2012/10/14 09:48:31 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Fenixink\Desktop\aswMBR.exe
    [2012/10/14 09:40:56 | 002,193,278 | ---- | M] () -- C:\Users\Fenixink\Desktop\tdsskiller.zip
    [2012/10/14 08:56:49 | 000,044,672 | ---- | M] () -- C:\Windows\za_mv_raid.ev
    [2012/10/14 08:56:49 | 000,000,096 | ---- | M] () -- C:\Windows\za_mv_seqnum.ev
    [2012/10/14 08:56:46 | 000,000,008 | ---- | M] () -- C:\Windows\mvraidver.dat
    [2012/10/14 08:55:31 | 000,001,625 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
    [2012/10/14 08:54:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/14 08:54:27 | 3217,678,336 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/14 08:50:47 | 000,866,592 | ---- | M] () -- C:\Users\Fenixink\Desktop\Norton_Removal_Tool.exe
    [2012/10/14 07:15:39 | 000,002,048 | ---- | M] () -- C:\Users\Fenixink\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/10/14 01:40:16 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2551055566-3378420269-3791946891-1000Core.job
    [2012/10/13 21:10:28 | 000,706,431 | R--- | M] (Swearware) -- C:\Users\Fenixink\Desktop\dds.com
    [2012/10/13 20:57:38 | 000,302,592 | ---- | M] () -- C:\Users\Fenixink\Desktop\xey5tpcr.exe
    [2012/10/13 20:12:39 | 001,422,336 | ---- | M] () -- C:\Users\Fenixink\Desktop\RogueKiller.exe
    [2012/10/13 20:09:49 | 000,890,338 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/13 20:09:49 | 000,738,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/13 20:09:49 | 000,151,378 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/13 17:41:37 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/13 17:24:45 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Fenixink\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/10/13 17:22:33 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/10/13 16:47:27 | 572,770,691 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/10/06 18:31:15 | 000,000,222 | ---- | M] () -- C:\Users\Fenixink\Desktop\XCOM Enemy Unknown Demo.url
    [2012/09/27 22:29:26 | 000,000,748 | ---- | M] () -- C:\Users\Fenixink\Desktop\GoldWave.lnk
    [2012/09/26 19:41:06 | 006,289,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/09/25 19:27:42 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\The Secret World.lnk
    [2012/09/25 07:31:48 | 000,884,062 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/09/23 14:18:11 | 000,000,087 | ---- | M] () -- C:\Users\Fenixink\mm.cfg
    [2012/09/22 19:41:43 | 037,616,341 | ---- | M] () -- C:\Users\Fenixink\Desktop\TNeck_MDTs_V2.rar
    [2012/09/22 10:05:38 | 000,002,000 | ---- | M] () -- C:\Users\Fenixink\Desktop\TWC4 Fight!.lnk
    [2012/09/21 16:17:06 | 000,001,489 | ---- | M] () -- C:\Users\Fenixink\Desktop\Wrestling MPire 2008 (Management).lnk
    [2012/09/21 13:02:17 | 000,000,935 | ---- | M] () -- C:\Users\Fenixink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Psi.lnk
    [2012/09/21 13:02:16 | 000,000,923 | ---- | M] () -- C:\Users\Fenixink\Application Data\Microsoft\Internet Explorer\Quick Launch\Psi.lnk
    [2012/09/18 21:20:52 | 000,007,597 | ---- | M] () -- C:\Users\Fenixink\AppData\Local\Resmon.ResmonCfg
    [2012/09/15 11:13:48 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2012/09/15 11:13:48 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/09/14 18:39:56 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
    [2012/09/14 18:03:38 | 000,001,124 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/10/14 13:56:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/14 13:56:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/14 13:56:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/14 13:56:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/14 13:56:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/14 09:40:54 | 002,193,278 | ---- | C] () -- C:\Users\Fenixink\Desktop\tdsskiller.zip
    [2012/10/14 08:50:42 | 000,866,592 | ---- | C] () -- C:\Users\Fenixink\Desktop\Norton_Removal_Tool.exe
    [2012/10/13 20:57:31 | 000,302,592 | ---- | C] () -- C:\Users\Fenixink\Desktop\xey5tpcr.exe
    [2012/10/13 20:12:37 | 001,422,336 | ---- | C] () -- C:\Users\Fenixink\Desktop\RogueKiller.exe
    [2012/10/13 17:41:37 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/13 17:22:33 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/10/13 17:22:28 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/10/06 18:31:15 | 000,000,222 | ---- | C] () -- C:\Users\Fenixink\Desktop\XCOM Enemy Unknown Demo.url
    [2012/09/27 22:29:25 | 000,000,748 | ---- | C] () -- C:\Users\Fenixink\Desktop\GoldWave.lnk
    [2012/09/22 19:41:10 | 037,616,341 | ---- | C] () -- C:\Users\Fenixink\Desktop\TNeck_MDTs_V2.rar
    [2012/09/21 17:39:55 | 000,002,000 | ---- | C] () -- C:\Users\Fenixink\Desktop\TWC4 Fight!.lnk
    [2012/09/21 16:17:05 | 000,001,489 | ---- | C] () -- C:\Users\Fenixink\Desktop\Wrestling MPire 2008 (Management).lnk
    [2012/09/21 13:02:16 | 000,000,935 | ---- | C] () -- C:\Users\Fenixink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Psi.lnk
    [2012/09/21 13:02:15 | 000,000,923 | ---- | C] () -- C:\Users\Fenixink\Application Data\Microsoft\Internet Explorer\Quick Launch\Psi.lnk
    [2012/08/12 14:19:42 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
    [2012/06/30 15:33:54 | 000,000,213 | ---- | C] () -- C:\Windows\PCWGXDRV.INI
    [2012/06/30 15:33:54 | 000,000,020 | ---- | C] () -- C:\Windows\LOGINPUT.INI
    [2012/04/05 18:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/04/05 18:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2012/03/01 23:38:32 | 000,000,037 | ---- | C] () -- C:\Windows\SWFConverter.INI
    [2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/08/19 21:52:13 | 000,000,298 | ---- | C] () -- C:\Windows\vtmb.ini
    [2011/06/23 11:19:00 | 000,224,448 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011/06/08 19:57:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2011/05/18 14:22:06 | 000,001,940 | ---- | C] () -- C:\Users\Fenixink\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/03/27 00:58:03 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011/03/27 00:57:53 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2011/03/04 16:54:33 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
    [2011/03/03 00:37:12 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2011/03/03 00:37:12 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2010/12/10 18:25:25 | 000,004,608 | ---- | C] () -- C:\Users\Fenixink\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/19 19:58:12 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/09/27 18:28:00 | 000,780,662 | ---- | C] () -- C:\Users\Fenixink\AppData\Roaming\Fallen Earth_2.49.4.4_2010-09-28-01-28.dmp
    [2010/09/02 01:38:43 | 000,424,586 | ---- | C] () -- C:\Users\Fenixink\AppData\Roaming\Fallen Earth_2.49.2.0_2010-09-02-08-38.dmp
    [2010/08/27 12:44:27 | 000,343,439 | ---- | C] () -- C:\Users\Fenixink\AppData\Roaming\Fallen Earth_2.49.2.0_2010-08-27-19-44.dmp
    [2010/08/21 15:52:53 | 000,007,597 | ---- | C] () -- C:\Users\Fenixink\AppData\Local\Resmon.ResmonCfg
    [2010/08/15 12:31:03 | 000,060,968 | ---- | C] () -- C:\Users\Fenixink\AppData\Roaming\icarus-dxdiag.xml
    [2010/06/29 10:07:03 | 000,000,087 | ---- | C] () -- C:\Users\Fenixink\mm.cfg
    [2010/06/10 22:20:56 | 000,000,096 | ---- | C] () -- C:\Users\Fenixink\AppData\Local\fusioncache.dat
    [2010/05/19 16:42:30 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2010/01/30 01:18:29 | 000,000,600 | ---- | C] () -- C:\Users\Fenixink\AppData\Local\PUTTY.RND

    ========== ZeroAccess Check ==========

    [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/09/23 11:45:38 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\.minecraft
    [2011/02/01 12:42:15 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\7stacks
    [2010/03/17 17:57:49 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\AbsoluteTelnet
    [2012/02/08 01:01:35 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\AnvSoft
    [2010/08/31 20:57:49 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Aquarius Soft
    [2010/06/25 09:28:13 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Autodesk
    [2012/02/11 18:23:49 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\BigHugeEngine
    [2010/11/09 19:12:32 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Bioshock
    [2011/08/23 21:18:29 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\BitComet
    [2010/02/26 18:57:38 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/06/03 18:12:48 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\DAEMON Tools Lite
    [2010/11/12 13:24:46 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Datel
    [2011/05/02 01:08:21 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\DAZ 3D
    [2010/06/22 16:18:53 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Design Science
    [2011/11/10 19:51:55 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Dev-Cpp
    [2011/03/18 11:30:04 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Dropbox
    [2011/10/22 12:54:45 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Echo Software
    [2010/10/23 09:29:14 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Electronic Arts
    [2012/03/27 18:38:41 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\EveHQ
    [2012/06/22 17:41:04 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\EVEIPH v2
    [2012/06/27 23:44:50 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\EVEMon
    [2012/06/08 22:13:35 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\EveNexus
    [2012/10/07 09:39:16 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\FileZilla
    [2010/10/09 19:43:16 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\FOG Downloader
    [2012/05/28 16:55:32 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\GameFly
    [2011/11/15 21:28:41 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\GetRightToGo
    [2011/01/17 15:12:00 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\GOL_byHasbro
    [2010/01/31 10:33:59 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\HorizonWimba
    [2012/02/07 01:27:56 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\ID Vault
    [2011/09/18 14:06:28 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Indicium Technologies
    [2010/07/09 12:53:30 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Leadertech
    [2011/05/23 23:07:50 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\LolClient
    [2011/02/23 18:00:24 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Magic Set Editor
    [2010/02/12 20:28:11 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\MotioninJoy
    [2011/05/03 22:16:04 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Mount&Blade With Fire and Sword
    [2010/05/21 14:00:15 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\NCH Swift Sound
    [2012/09/07 22:53:56 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Notepad++
    [2011/04/22 20:29:58 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\OGC
    [2010/02/06 03:10:34 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\OpenOffice.org
    [2012/02/11 18:02:45 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Origin
    [2012/03/31 16:53:15 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Petroglyph
    [2011/11/16 20:34:31 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\PFStaticIP
    [2010/10/07 16:37:49 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\PlayerPlug
    [2011/03/27 00:57:52 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\PunkBuster
    [2012/08/13 19:42:59 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\raidcall
    [2011/02/02 08:35:31 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Razer
    [2012/08/20 19:10:08 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Red Kawa
    [2012/09/24 07:26:27 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\RIFT
    [2012/09/02 11:12:03 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\runic games
    [2012/08/12 14:13:56 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\ScripterRon
    [2012/09/22 09:03:47 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\SendSpace
    [2010/03/14 18:04:24 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\SPORE
    [2011/02/16 11:27:01 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\SporeCreatureCreator
    [2012/09/24 08:01:29 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Spotify
    [2011/06/27 12:05:07 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Stardock
    [2010/08/13 16:17:13 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\SystemRequirementsLab
    [2012/09/28 21:37:38 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\TS3Client
    [2012/03/12 18:43:01 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\ts3overlay
    [2012/10/13 17:39:34 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Tunngle
    [2010/06/10 22:21:14 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Turbine
    [2011/02/19 01:22:17 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Unity
    [2012/09/14 20:32:20 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\uTorrent
    [2010/12/23 12:33:54 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Windows Live Writer
    [2010/02/26 00:15:43 | 000,000,000 | ---D | M] -- C:\Users\Fenixink\AppData\Roaming\Wizards of the Coast
    [2010/09/22 16:39:18 | 000,000,000 | -HSD | M] -- C:\Users\Fenixink\AppData\Roaming\wyUpdate AU

    ========== Purity Check ==========



    < End of report >
  17. Fenixink

    Fenixink Newcomer, in training Topic Starter Posts: 21

    Extras.txt
    OTL Extras logfile created on: 10/14/2012 2:38:53 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fenixink\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 29.59% Memory free
    7.99 Gb Paging File | 5.03 Gb Available in Paging File | 62.98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 698.54 Gb Total Space | 119.64 Gb Free Space | 17.13% Space Free | Partition Type: NTFS
    Drive D: | 437.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive G: | 5.49 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: FENIXINK-PC | User Name: Fenixink | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2551055566-3378420269-3791946891-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0B460AAC-0FCD-40FF-8A27-3AF0D1D5DB51}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{115B2867-56B7-4D34-9761-C2A79DE34C7E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{115CB7E0-F60E-4E8A-B3A2-1518D2866092}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
    "{1227B702-C2B1-4B3C-85CD-79F9EEFE2512}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{127EA87B-F30D-47BB-843D-F4A69BFEF55F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{19A0F88A-12B5-45EB-B81A-DF5412FC38FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{1D3B8B37-7636-4020-93C1-5CC1E9818FA4}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{1E33E12F-301C-4AB2-B6CE-67AA3A4156C3}" = rport=445 | protocol=6 | dir=out | app=system |
    "{26117411-F8EE-4D62-9380-DAE9D047822C}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{2BC501C9-FE93-4D6B-8965-826255FDD9FD}" = lport=57540 | protocol=6 | dir=in | name=pando media booster |
    "{2D210C61-6CB0-44C0-B0F9-B84F8661113A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{31B32EB1-4C29-44E3-99C9-84353B653FE1}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{324A8A1D-A49F-422F-A526-210FF25F49FF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{35C62180-AA08-492E-AB0B-64B0D29D4849}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
    "{35CA88FA-5EA2-4E7E-AC06-1814AA50E16A}" = lport=58052 | protocol=17 | dir=in | name=pando media booster |
    "{366BC535-18FB-42F8-82BB-86B1D1F4AAF5}" = lport=57540 | protocol=6 | dir=in | name=pando media booster |
    "{38B2A625-6C44-4722-ADC1-3045F6B6DEBF}" = lport=25114 | protocol=17 | dir=in | name=bitcomet 25114 udp |
    "{3C533F7D-E14F-49CD-800D-16EFB2444A3D}" = lport=56502 | protocol=6 | dir=in | name=pando media booster |
    "{3CEA92E5-0FD5-4AF9-99B7-A22FE52786D3}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{3EBBA967-D03D-4F01-9A90-8AF1C3463770}" = lport=56502 | protocol=17 | dir=in | name=pando media booster |
    "{4236A459-F5CD-48DD-B66A-623C3F0CC2FE}" = rport=137 | protocol=17 | dir=out | app=system |
    "{446A5911-508F-4BD5-9303-DB62E294D9A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{499167DC-25C2-4BE5-8543-202C3EC06C11}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
    "{4BBA7F9B-1F4F-4482-98C3-C84D10EFDF4F}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{4E76B20B-A445-439F-A064-D89B238F2A0B}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
    "{5196C5A6-BA47-46C0-A21D-55D7B64759F1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{553D1E91-FD8F-4A89-8DB5-86F4B144368F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{5CBF227A-2C1E-4AE9-815D-7E3F76E94D0A}" = lport=58052 | protocol=6 | dir=in | name=pando media booster |
    "{5E892201-8E35-41D9-B483-76D086714EE1}" = lport=57540 | protocol=17 | dir=in | name=pando media booster |
    "{62042E9A-4293-433D-AD13-9EEBFD3E0940}" = rport=138 | protocol=17 | dir=out | app=system |
    "{6486A827-2924-49AE-9629-B6816D51E818}" = lport=138 | protocol=17 | dir=in | app=system |
    "{6C8499C9-5CA8-47B7-A1D5-7F40605F2BD4}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{6D716827-5F6B-4B44-B315-A5A9C75A39AB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6F9B0F43-21CF-46C2-89DF-0C73A4288C97}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{72D62949-0936-4661-8ABA-7BB4BBCAD518}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{72F425DA-E9B0-48BD-B90F-F0C33656D3CC}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{7CE2DED5-B402-4B90-BA8A-56A13B3FB887}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{7D77D6E1-D667-4BD8-9822-1194CB6F24ED}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{7DDB3023-0B29-4ACA-A9F6-A3E3883E24FD}" = lport=58052 | protocol=6 | dir=in | name=pando media booster |
    "{7FE695E7-A96C-4325-9DBD-DE23E2B80A5D}" = lport=57013 | protocol=6 | dir=in | name=pando media booster |
    "{82C8C271-2871-428E-8244-C42DF49B422C}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
    "{8528D40D-726B-4D37-9AF1-8734149CAE43}" = lport=137 | protocol=17 | dir=in | app=system |
    "{8A2E26A8-ABF6-43B2-A65B-6CFDC35ED18C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8DBEC881-3011-4041-8D88-F2DCF305103B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{92FED0AC-40F7-4D8F-A071-2EC58ED6339F}" = lport=25114 | protocol=6 | dir=in | name=bitcomet 25114 tcp |
    "{9B075113-0528-4669-9A3E-0FFB05F6FC2A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9B7A39DA-D2A0-440F-AA2B-2AFA87C90827}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{9D0D2C4A-5D1C-47AD-A38A-53D5120BB180}" = lport=58052 | protocol=17 | dir=in | name=pando media booster |
    "{9D6428B3-E331-45B3-98BD-96C48CF6D258}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{A04B2648-E8C5-4CFD-B299-89B4AE398C03}" = lport=57540 | protocol=17 | dir=in | name=pando media booster |
    "{A119ABDB-6783-4124-A64E-1E1B051791A5}" = lport=56502 | protocol=6 | dir=in | name=pando media booster |
    "{A66F7927-1D58-4649-B996-085DB257AC5C}" = lport=139 | protocol=6 | dir=in | app=system |
    "{A81B76F9-F5FC-4E8F-8A40-C16606F00C5E}" = lport=57013 | protocol=17 | dir=in | name=pando media booster |
    "{A99F40A1-2822-4157-B508-8B9C320E7D27}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{AA73F35E-E49C-46BE-A8B5-9F41C541DA59}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{BA3F1360-A334-485C-B15C-12D99CCE4A5C}" = rport=139 | protocol=6 | dir=out | app=system |
    "{BE4CF0A4-AD8A-48F7-ACB5-A4430E6754F0}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{C01D5FF5-4539-40EB-A475-0D2FC20BF872}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{C4306FD2-FF9E-43F9-89EB-874BCC47C5A1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{C63AB4C3-2D8E-4E65-AF64-B0CF1688135C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CB6ED38C-903E-47CF-8CD7-52D4150C367D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CE5CD314-5CF2-45F5-82B5-47E7A1BC6087}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{D28C5D74-3EC8-42BF-873F-49FE74FEA535}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{D3B5CCC7-E1CB-4BED-A63E-71E6A229FD87}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D6A46215-35FA-4C57-AE62-3632D77A253E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{DCB9C9F4-BB67-4D99-86A0-ED3887814F71}" = lport=57013 | protocol=17 | dir=in | name=pando media booster |
    "{E33CDF23-64C6-49DB-A66E-9B7C9EA55E16}" = lport=445 | protocol=6 | dir=in | app=system |
    "{ED7DBE5A-E8B0-4E9B-AE0B-30711344D90B}" = lport=56502 | protocol=17 | dir=in | name=pando media booster |
    "{F2488EA3-2249-4A61-A219-F8F1FCC6890F}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F3375514-7A14-433F-A01B-8D6E60F3B338}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F6DFCD06-5022-483C-BA4F-D0A24C2459DE}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{F72179E5-A405-45E2-994F-FA83E05DDD38}" = lport=57013 | protocol=6 | dir=in | name=pando media booster |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{006835EE-44C5-475D-B582-24BD77E98AAD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
    "{00B4B11F-3775-4215-8304-7B59A86B4245}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{02E3ED7F-2076-462D-BF45-4ABA59375226}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
    "{054563D4-928E-4C73-A36A-9CCC19316170}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{066EAB51-7768-4A91-8AA4-BDF3AFE13B8B}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
    "{06BE89D0-0700-4652-9CCE-672D53D04D92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{071E2EB4-E683-4F7B-BA8F-ED3B86365C55}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{079A74E0-99BC-44B7-879D-AE8C4376072C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{07FC3CDC-C2BD-44C6-85F9-65EB81517CEE}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "{0AB817BA-E204-4462-A917-FD4A4AE0672A}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
    "{0B45EF13-1FEF-4A43-A329-EC3A57EE900F}" = protocol=6 | dir=in | app=c:\program files (x86)\halite\halite.exe |
    "{0C7A6BDD-D9A3-49BC-B4FD-7B8126481DBF}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
    "{0D89C223-2D8E-4D0F-A1AD-46B13D5C2C5D}" = protocol=6 | dir=in | app=c:\users\fenixink\appdata\roaming\spotify\spotify.exe |
    "{0DFA9B86-F1E8-437F-8500-6295A0BF9015}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
    "{0E88F717-721B-4C84-BD0D-E17110B7422F}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{11A4AEAB-9324-471B-9B6B-4554663D28DE}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
    "{123D31D7-79F2-46EA-B7C5-F60C0CD2EEB0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
    "{12AB5438-CC57-46AC-A07C-84B8A323A084}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
    "{155FF16F-E26A-42A3-B5BB-ED87751E6C61}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
    "{15B4D182-46F3-4CB4-B20D-ECFC63F087D9}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{160D2CFC-B461-4720-87AE-526D26C94A26}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
    "{16472CB2-E34B-473B-84B8-976EA8165645}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{18A172B9-5AA4-4221-8DA4-A99827BA3130}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{18B20224-C49B-4924-9AA1-5B0822182012}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{1E59A91D-9492-481C-8588-37239967A117}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe |
    "{2242EA5F-3938-459B-976E-D531504CDEA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{23D8BB3E-2D9A-4F92-999B-B1ED6FEA0BE9}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
    "{24553650-2676-42A8-9B8C-1131F92A90FB}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
    "{2617F074-BE96-44CC-86BF-FA0650593743}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe |
    "{2674CB2C-F3CA-4710-A738-EAE250B4CCFD}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{2713D59A-C0DA-493B-9564-1FC4B4F57B14}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "{294D8883-E935-47E8-AAD4-3D0E882CE1F1}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe |
    "{298A18BF-927E-4155-8743-1474480AE6E4}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{298C936F-DCBF-47B6-9E3C-CC2AE85FAC3C}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
    "{29F79D87-BE97-42DB-9B3A-1A037041855F}" = protocol=17 | dir=in | app=c:\users\fenixink\appdata\roaming\dropbox\bin\dropbox.exe |
    "{30801069-0437-4EA3-9EEC-7CF82F65B78B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{314FE432-49D7-429C-BC65-B14466B29BAB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{31C95731-F37C-4F2A-B4B3-5B6EA1CDE6E7}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
    "{3207900E-B8A8-4B6C-AD31-29473BEFD459}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
    "{32448613-225A-4241-A041-DC4FC521DE2D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{32A622E6-00F9-4B67-9125-AEC85F7E5332}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{3382A681-8749-4134-8381-C46177E04219}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
    "{342D3509-B54C-4A50-BA88-A45378285620}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
    "{35112739-76C4-46CE-958F-DAEE05BD7C03}" = protocol=6 | dir=in | app=c:\users\public\games\starcraft ii beta\starcraft ii.exe |
    "{35936C76-8EC3-4173-BEEC-4AC2F28D55D9}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{35D0CD16-2A34-407E-B649-5C316EE68403}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
    "{35F44AED-5B96-4F06-B267-E05A8A77ED9D}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
    "{374E9C04-594D-4005-9DA9-E89940ADF8E1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{3A8EDB7F-B8E9-4F67-9D1D-7F086F871C14}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{3BE006F2-DB8D-4CA3-B70E-B9D3AA54AFD2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
    "{3C16BCBC-2004-4678-9D30-252135119A88}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{3C419437-BA55-4682-8ED1-359D6EAB6FB9}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
    "{3C522E41-9E0F-42AB-A345-872ABA9A9C68}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe |
    "{3C7A8C83-CF80-49FD-9E5B-2E08BBDFE5C8}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
    "{3E13D8EB-6801-44CF-A169-D4120E092EDC}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |
    "{3EA6FDB3-83B8-4864-9DF4-0D36592924DB}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
    "{41AD819E-64C7-496B-80B0-62ED84D18DCE}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
    "{46DB2945-FEB4-4C09-82B2-006216A18551}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet_x64.exe |
    "{47F372A7-49F5-4704-A617-A5997E3CA39E}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe |
    "{4821F078-2423-4115-A56E-2FEBBC2F5D18}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
    "{4EEC719E-7D34-4061-ACB5-E4D0D67AF64A}" = protocol=17 | dir=in | app=c:\users\fenixink\appdata\roaming\spotify\spotify.exe |
    "{514645EB-1D18-40B1-823C-68628D816CC4}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
    "{5C29C7FB-6709-4F38-94B7-24975723A457}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{5F054C79-EC93-47DB-A89A-8CA9FC4DD699}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
    "{618DD935-DAC4-4943-BDAA-2EDF623C37D6}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
    "{61F75942-F60A-46B1-AE03-5C7C1A318AA8}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\prototype\prototypef.exe |
    "{6342746F-08D4-4CC5-8A62-989CC86DC775}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{645C14C2-9B26-4B43-81FC-D54A2C32F07D}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet_x64.exe |
    "{64BA5764-D8BE-4767-8BE8-4FCB8B5E3BF2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
    "{66BFE126-6FD5-42BA-848A-3BF27D9D638C}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "{66FBE1F1-9757-4C94-BE7D-F113339BE8AE}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{68387BE6-2685-4764-B4D7-D360453A9473}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{692F60A6-3B3F-4053-A84D-12242A5A9362}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
    "{6B445DE0-C72A-4A63-A868-B54A32AD93B3}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{6F5BBA7C-0C16-4D15-9C94-0D89B445FC55}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe |
    "{7524A72D-4DB4-4CC1-AEFF-DD1A87998A7F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{7553DD85-28EB-45CC-9230-0AF8775351DB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{75AA217D-83F8-4EBF-A26C-11D3A5B270EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown-demo\binaries\win32\xcomgame.exe |
    "{76285619-C9F7-4B56-AEFA-79EADD3DFDAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\game of thrones\binaries\win32\shippingpc-agotgame.exe |
    "{7632B2DA-E886-478F-8012-D2759164D9A3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{78AF4EA6-3E6B-4467-AD2E-EBCE1DFE67C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
    "{7ABEA8AF-5881-420D-B454-FBF5388827FE}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
    "{7ACF8D23-E5C1-4151-88C6-B99516961727}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
    "{7B6147BB-BD95-4103-AA9D-A9F6C864C8DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |
    "{7B8712B2-5AF1-4E24-8D46-8E8518F00BAF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{7C2C51E6-F61B-4DBF-96A0-1EBBC4C26982}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe |
    "{7F32ADCF-663E-4480-AEC7-EA0CADDB39BE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{851383BA-0B81-4585-9CAB-2F50C3DBAE8A}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{85B8388F-896A-4F62-B976-C54B6453BD4C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{86B4B13E-E07D-4054-89EC-E40D61DF479D}" = protocol=6 | dir=in | app=c:\users\fenixink\appdata\local\apps\2.0\n0c7w7w6.ht2\gkwm0t1o.6h3\curs..tion_9e9e83ddf3ed3ead_0005.0001_161f1f0e4761792c\curseclient.exe |
    "{86B88283-C833-4530-B709-BE9DEB106DC3}" = protocol=17 | dir=in | app=c:\users\fenixink\appdata\local\apps\2.0\n0c7w7w6.ht2\gkwm0t1o.6h3\curs..tion_9e9e83ddf3ed3ead_0005.0001_161f1f0e4761792c\curseclient.exe |
    "{8B614207-273E-486B-A33E-0571F3F4E1A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
    "{8D685494-6724-44DC-BE38-53E815253EB2}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{8DB16222-2C83-40A5-B1FF-0001777A58E2}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
    "{9127FD89-9D51-4569-ACAC-0991F3F4C828}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{91FA15C1-5191-4A8F-8E22-34DF0F93001A}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe |
    "{93886E6A-08DE-4C01-8628-D03B961E72E3}" = protocol=6 | dir=in | app=c:\users\fenixink\appdata\roaming\dropbox\bin\dropbox.exe |
    "{9701AC79-4E9B-430A-9C4C-FBD9797837B0}" = protocol=17 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe |
    "{9773E828-D225-4487-AF1C-B96B77AC1DE4}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
    "{97CB932F-715C-453C-A01A-40A18A9B31C7}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
    "{9A7AA61A-2165-41F7-A6A2-F9D1086C8771}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\prototype\prototypef.exe |
    "{9EB48F73-5DF5-4C37-ACF7-C4D3C144ED9A}" = dir=in | app=%userprofile%\appdata\local\google\chrome\application\chrome.exe |
    "{A32BFD7B-BD87-45C3-BA2D-05DDDB26903B}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
    "{A3D43626-3364-4459-BAE0-C019874EC9CA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{A50A60FA-3C74-4BCF-BBCA-23059B6EF1EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A65EBEFD-C601-4638-B6C8-98600556BBFA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
    "{AAAEA933-B706-4F7E-AE0E-F9E5664BDFBE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
    "{AB030E0F-1B93-48EC-A6CC-328099B1B375}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{AB83A4AC-5B79-46E1-A45A-7C1C72B0107A}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
    "{ABB08B57-E974-4282-B354-1CA58C060662}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{ABBADF5F-7820-4791-B65D-E6BB933CB5F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{ACAF0AFC-168C-4694-8833-2EF2514759BC}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
    "{AFE26AC2-C3B0-4F39-BAEB-431C9E89C65D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{B10B4344-5C66-4713-A89D-96EE64617767}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "{B2A9D87F-9AEB-4A60-8AA6-15BAE0AF25B1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
    "{B35B1834-3FB1-42B1-B5F7-2CCC4C2F5A93}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{B3935ADD-5A70-472A-8979-AF42363F229F}" = protocol=6 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe |
    "{B51DA02A-E179-46B1-8F3E-D0D02BE89830}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{B657F19D-89B1-4BE1-983B-7F410EBE85DC}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{B7EC9D98-020C-416F-AFD2-B3CFDC4169DF}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{B9060529-825F-4C77-AB2D-E0CF2A987D7E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{B98E71FC-440C-4182-8C19-C67EA8B84F2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{B9E3C551-F504-4D22-AFB9-A340AD09CDEC}" = protocol=6 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe |
    "{B9E6ACBC-A207-4B63-935F-951EF4314364}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |
    "{BA51AF0D-7DBF-49D7-9A25-60B1C826D415}" = protocol=17 | dir=in | app=c:\users\fenixink\appdata\local\temp\7zs418d.tmp\symnrt.exe |
    "{BB6B7C29-2EA4-43FE-85D4-F8B2C9B7DD76}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{BEA38D74-BFAF-4555-9C37-F7DC395FA1CC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BF7CD6B2-E24B-4211-BA75-98D34C979007}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{C018DF71-F922-4871-9712-537677C9C153}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
    "{C1C35E9E-17B2-45AE-9F01-995E06055E01}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
    "{C36A65A3-D6EF-4407-9587-2C912203C933}" = protocol=6 | dir=out | app=system |
    "{C4ACD334-FEDD-43C7-A49D-5A0C00BCD9E8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown-demo\binaries\win32\xcomgame.exe |
    "{C5EBA08C-A77A-4FD2-8B2F-8F3A898B3322}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
    "{C79ED269-90EE-4DF4-AD7B-ED204CF813C6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{C7F2B970-5D64-4155-B914-27D97BDA8747}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{C8C2D291-BE1D-4CEF-B5C3-084B3A141744}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{CB3736FE-85B4-4EFF-AF11-71D88EC7ACD3}" = protocol=17 | dir=in | app=c:\users\public\games\starcraft ii beta\starcraft ii.exe |
    "{CD394641-A3F7-45FD-9F1B-F65365F6D15B}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
    "{CD9EDA0C-8F9D-4978-9B1E-F7CC07054F00}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{CDF9B5BD-787B-43B7-99AB-C6C4A1068214}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{CF9625BE-6EA6-4575-8B7F-4A134953D654}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{D1920236-0FAC-46B3-81E1-F8589DDA4FD8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{D20DF40F-F1CF-4DEF-8CFE-0C37C645B763}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{D2563392-F411-4D55-9E41-E1E72EC12E43}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
    "{D2946871-0F6F-4FEC-9F86-D11B66A3AA4D}" = protocol=17 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe |
    "{D316C411-9B96-40DA-86DD-B9D5DDBCABE7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{D34BB748-9DA2-4CB2-9FBD-32300A305BB3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
    "{D5240E5E-4C1E-474B-AB69-F75EADDEEC43}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{D6E8AC1B-DC35-44CE-8EEE-67A189F9F05B}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
    "{D9146540-3BCC-40BD-93FE-737E2F88E460}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{D96F05D1-EA02-44D0-A86C-8A4CC876E197}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\game of thrones\binaries\win32\shippingpc-agotgame.exe |
    "{DA4F464F-BBC9-4FC0-9DBF-B5AB62FB95FB}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
    "{DD019FCE-60BE-4E26-B7F9-6B19D4AFA49E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{DEC3B3D6-927D-4F01-B2E5-15755B8EED4F}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{E03CC6AB-FE68-44A3-98FA-E4CCB3D91C6E}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe |
    "{E1DC779E-77CD-44E0-B176-BBD928D7C72B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
    "{E20168C5-337B-414F-BC32-74669E1C8DCE}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
    "{E2ECFFE2-D84B-4057-B36D-F124B89FCEFB}" = protocol=6 | dir=in | app=c:\users\fenixink\appdata\local\temp\7zs418d.tmp\symnrt.exe |
    "{E307D443-7ED2-45E1-887A-57DF961AE324}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{E4F6AB3E-DAC3-4334-B186-59E78AE92267}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe |
    "{E5B60EA5-B673-477A-81FC-2B8876512A70}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
    "{E76EFEDB-78AB-4A18-BC97-6B91E74FDF0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |
    "{E8509274-FC18-483F-97D5-729EC30E2032}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E9FC4C38-FE49-4884-87F7-6A8D97A2A603}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
    "{EBB5CEB3-B98E-4424-8BA6-7CF21C166529}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{ECBFE75F-68BD-4AC2-8882-6A2660E851BA}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{ECE2F2F1-99D8-47C6-9F6B-FFED2BCD5E64}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{F1076FF0-6FDA-4688-BD53-1255F91ED757}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
    "{F3B6A8B0-8816-453F-B0F8-C2FF884C2E62}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{F80A588D-8E1A-477F-9C6B-67728583AC40}" = protocol=17 | dir=in | app=c:\program files (x86)\halite\halite.exe |
    "{FBA1977F-1638-4959-A9C7-203D2424596B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{FFE19A6D-747B-427C-A2C8-2B77F1D9BBA0}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
    "TCP Query User{B559119A-49C1-4FDB-99CF-7446DBF71389}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
    "TCP Query User{BB7CAAF4-9905-43C1-93BE-58DF1FEA8B9C}C:\program files (x86)\psi\psi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\psi\psi.exe |
    "TCP Query User{D3E61E7C-21D1-4B3A-ACDC-2FC3908BDC94}C:\program files\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files\magictune premium\magictune.exe |
    "TCP Query User{E8B2979B-D914-4BFC-BBC7-09674125298E}C:\program files (x86)\psi\psi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\psi\psi.exe |
    "UDP Query User{0F9A044B-D93E-4E89-8045-FA919FC455BB}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
    "UDP Query User{1AA79C9F-CD49-47BF-9E92-9D8A435AACF3}C:\program files (x86)\psi\psi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\psi\psi.exe |
    "UDP Query User{CA4EB6E8-DE79-4E8B-B994-188408F9EED7}C:\program files (x86)\psi\psi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\psi\psi.exe |
    "UDP Query User{DAD2FAC4-F601-42CC-AE0B-A5FA23A10DF4}C:\program files\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files\magictune premium\magictune.exe |
  18. Fenixink

    Fenixink Newcomer, in training Topic Starter Posts: 21

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
    "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
    "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
    "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
    "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
    "{1314D90A-A77D-4635-BB8C-840FBB466BE3}" = Autodesk MatchMover 2010 (64-bit)
    "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    "{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
    "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
    "{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
    "{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}" = Microsoft SQL Server 2008 Native Client
    "{284B452E-075E-4C7B-B8EE-E4A798CC3772}" = Maya 2010 (64-bit)
    "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
    "{2B80C356-CA93-433D-814C-BF4CBF3195C2}" = Maya 2010 (64-bit) Documentation (en_US)
    "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
    "{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
    "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{3ABFAF33-D6EE-9348-CE96-AF51E9D6D2FF}" = AMD Drag and Drop Transcoding
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
    "{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6292D514-17A4-403F-98F9-E150F10C043D}" = Microsoft SQL Server 2008 Setup Support Files
    "{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
    "{64A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23 (64-bit)
    "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
    "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{82D52DEB-4262-2846-07E5-2D5A6C3C9A01}" = ATI AVIVO64 Codecs
    "{82ED9FB2-55AF-4A61-A6F3-506CEE112779}" = Motorola Mobile Drivers Installation 4.7.1
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{833B98DC-A851-43D3-B22C-9C7B815520E3}" = Autodesk DirectConnect 2010 (64-bit)
    "{8424B163-D1E0-48B7-88A2-C7A61767B3D7}" = Microsoft SQL Server Compact 4.0 x64 ENU
    "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    "{866FADAA-D878-8B7A-738D-E6659493108D}" = ATI Problem Report Wizard
    "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
    "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
    "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
    "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
    "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
    "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
    "{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
    "{B2C5B378-546F-75A7-7757-C1EAAFAF9E33}" = ccc-utility64
    "{B3012F41-D8C7-5ABD-05D1-3EF39D9ACC22}" = WMV9/VC-1 Video Playback
    "{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
    "{B7FEA90D-9620-455F-9B15-652D4FA80B0A}" = Autodesk Toxik 2010 (64-bit)
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    "{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
    "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
    "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
    "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
    "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
    "{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1
    "{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
    "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1" = Deus Ex - Human Revolution version 1.0
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
    "{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
    "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
    "{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
    "{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
    "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
    "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
    "{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}_is1" = Fallout New Vegas
    "{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
    "{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
    "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
    "{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
    "{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
    "{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{3668FC44-564C-E2B3-83C8-1C966610B50C}" = GameFly
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1.3
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
    "{3F5FA47E-B4DE-45B4-85E3-11CD5E4974A3}_is1" = The Witcher 2 Assassins of Kings version 1.0
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
    "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
    "{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
    "{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
    "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
    "{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
    "{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
    "{4EBACA39-E7D8-4CFD-84D0-6062241A62A5}" = Wasteland Cartographer
    "{50AAEE64-5FFF-456C-8B6D-97ED6C39C4F4}" = EveNexus
    "{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1" = Programmer's Notepad
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
    "{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
    "{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
    "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    "{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
    "{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
    "{61A1A5A8-2835-46CD-9429-A8F4CFEE6657}" = EVE Isk per Hour 2.1
    "{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
    "{664D6E1D-2A6C-D54D-31A5-B6BC30CEB0C6}" = CCC Help English
    "{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
    "{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium
    "{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
    "{7B9F5775-8C8C-2A4E-0CAB-74EA7AF5CB09}" = ccc-core-static
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
    "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
    "{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
    "{8B7IL77L-LKS1-AC3-BATAC-18CD6E6334R1}_is1" = Batman Arkham City version 1.0
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
    "{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
    "{8F885F2B-3B2C-4BE1-80AE-6DC1B35E0424}" = FastPictureViewer WIC Codec Pack 1.65
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
    "{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire
    "{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
    "{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
    "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
    "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
    "{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
    "{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
    "{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA945C94-285E-DE48-A30F-70105C6580DE}" = Catalyst Control Center Graphics Previews Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
    "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
    "{AC76BA86-1033-F400-7760-000000000004}_933" = Adobe Acrobat 9.3.3 - CPSID_83708
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{AD80F06B-0F21-4EEE-934D-BEF0D21E6383}" = Temple of Elemental Evil
    "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
    "{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
    "{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
    "{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    "{C0B4FE9F-1CA2-48EE-9664-3E6E1D202785}" = ActiveState Komodo Edit 6.0.3
    "{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC29B835-95A5-3CD9-087B-F94D7B9ECC9B}" = Catalyst Control Center InstallProxy
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
    "{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
    "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
    "{D8A8894A-B875-8206-E820-B27BCD72C5A0}" = HydraVision
    "{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0AF5EFE-5971-4A54-A69F-D2D95E9E5363}" = Halite
    "{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EF6E933E-760B-40EA-8E00-E6DE3482F472}_is1" = 7stacks 1.5 beta 1
    "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
    "{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
    "{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.11.00.812
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
    "Age of Conan_is1" = Age of Conan - Hyborian Adventures
    "Alan Wake_is1" = Alan Wake
    "Any Video Converter_is1" = Any Video Converter 3.3.3
    "APB Reloaded" = APB Reloaded
    "Aquarius Soft PC PC Checklists" = Aquarius Soft PC Checklists
    "Araneae_is1" = Araneae 5.0.0
    "AviSynth" = AviSynth 2.5
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "BlueJ_is1" = BlueJ 3.0.4
    "CDCE6956-DD16-4F82-ACA0-E4C7BAD6B26A_is1" = Divinity II - DKS
    "Clue: Accusations and Alibis" = Clue: Accusations and Alibis
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "CwGet_is1" = CwGet V2.26
    "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
    "DiscJuggler" = DiscJuggler
    "DSMT6" = MathType 6
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EVEMon" = EVEMon
    "Fallout New Vegas_is1" = Fallout New Vegas
    "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
    "FileZilla Client" = FileZilla Client 3.3.2.1
    "FlashDevelop" = FlashDevelop 3.2.1
    "Fraps" = Fraps (remove only)
    "GameFly" = GameFly
    "GamersFirst Fallen Earth" = Fallen Earth
    "GamersFirst LIVE!" = GamersFirst LIVE!
    "GoldWave v5.67" = GoldWave v5.67
    "Hitman - Blood Money" = Hitman - Blood Money
    "ImTOO DVD Ripper Ultimate 5" = ImTOO DVD Ripper Ultimate
    "InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
    "InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
    "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "KeyTweak" = KeyTweak - Keyboard Remapper (remove only)
    "Mafia II_is1" = Mafia II
    "Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.0
    "Magic Set Editor 2_is1" = Magic Set Editor 2.0.0
    "Magic Workstation_is1" = Magic Workstation 0.94f
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
    "Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
    "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "Monopoly by Parker Brothers" = Monopoly by Parker Brothers
    "MotoHelper" = MotoHelper 2.0.24 Driver 4.7.1
    "Mount&Blade With Fire and Sword" = Mount&Blade With Fire and Sword
    "Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "mv61xxMRU" = Marvell MRU V4
    "Notepad++" = Notepad++
    "Origin" = Origin
    "PFPortChecker" = PFPortChecker 1.0.32
    "Psi" = Psi (remove only)
    "PSP Video 9" = PSP Video 9 6
    "PunkBusterSvc" = PunkBuster Services
    "RaidCall" = RaidCall
    "Revo Uninstaller" = Revo Uninstaller 1.94
    "Rockstar Games Social Club" = Rockstar Games Social Club
    "Runic Games Torchlight" = Torchlight
    "Sid Meiers Pirates" = Sid Meiers Pirates
    "StarCraft II" = StarCraft II
    "Steam App 205100" = Dishonored
    "Steam App 208730" = Game of Thrones
    "Steam App 216690" = XCOM: Enemy Unknown Demo
    "Steam App 24200" = DC Universe Online
    "Switch" = Switch Sound File Converter
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "The Game Of Life by Hasbro1.0" = The Game Of Life by Hasbro
    "The Secret World_is1" = The Secret World
    "The Sith Lords Restored Content Mod_is1" = TSLRCM 1.7
    "The Walking Dead" = The Walking Dead
    "Tunngle beta_is1" = Tunngle beta
    "TWC4: Fight!" = TWC4: Fight!
    "uTorrent" = µTorrent
    "Verizon V CAST Media Manager" = Verizon V CAST Media Manager
    "Videora iPad Converter" = Videora iPad Converter 6
    "VLC media player" = VLC media player 1.1.1
    "WavePad" = WavePad Sound Editor
    "WinLiveSuite" = Windows Live Essentials
    "WMMA2" = WMMA2
    "WMMA3" = WMMA3
    "Wrestling MPire 2008 (Management Edition)" = Wrestling MPire 2008 (Management Edition)
    "Wrestling Spirit" = Wrestling Spirit
    "Wrestling Spirit 2" = Wrestling Spirit 2
    "Xfire" = Xfire (remove only)
    "Xilisoft DVD Ripper Ultimate 5" = Xilisoft DVD Ripper Ultimate
    "XPort 360_is1" = XPort 360

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2551055566-3378420269-3791946891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "09e5f34d09ff8c7d" = OCTGN
    "101a9f93b8f0bb6f" = Curse Client
    "Dropbox" = Dropbox
    "EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.0.0.18
    "Google Chrome" = Google Chrome
    "Spotify" = Spotify
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 5/19/2012 2:46:30 PM | Computer Name = Fenixink-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/19/2012 2:46:30 PM | Computer Name = Fenixink-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/19/2012 2:46:30 PM | Computer Name = Fenixink-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/19/2012 2:46:30 PM | Computer Name = Fenixink-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/19/2012 2:46:30 PM | Computer Name = Fenixink-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/19/2012 2:46:30 PM | Computer Name = Fenixink-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/19/2012 2:46:30 PM | Computer Name = Fenixink-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/19/2012 2:46:30 PM | Computer Name = Fenixink-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/19/2012 2:46:30 PM | Computer Name = Fenixink-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/19/2012 3:11:02 PM | Computer Name = Fenixink-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    [ Media Center Events ]
    Error - 2/15/2010 4:16:57 PM | Computer Name = Fenixink-PC | Source = MCUpdate | ID = 0
    Description = 12:16:53 PM - Failed to retrieve Broadband (Error: The operation has
    timed out)

    Error - 4/22/2010 4:51:09 PM | Computer Name = Fenixink-PC | Source = MCUpdate | ID = 0
    Description = 1:51:08 PM - Failed to retrieve Broadband.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 1/2/2011 4:22:50 AM | Computer Name = Fenixink-PC | Source = MCUpdate | ID = 0
    Description = 12:22:46 AM - Error connecting to the internet. 12:22:46 AM - Unable
    to contact server..

    Error - 1/2/2011 5:22:56 AM | Computer Name = Fenixink-PC | Source = MCUpdate | ID = 0
    Description = 1:22:55 AM - Error connecting to the internet. 1:22:55 AM - Unable
    to contact server..

    Error - 1/2/2011 6:24:31 AM | Computer Name = Fenixink-PC | Source = MCUpdate | ID = 0
    Description = 2:23:48 AM - Error connecting to the internet. 2:23:48 AM - Unable
    to contact server..

    Error - 1/2/2011 7:24:46 AM | Computer Name = Fenixink-PC | Source = MCUpdate | ID = 0
    Description = 3:24:43 AM - Error connecting to the internet. 3:24:43 AM - Unable
    to contact server..

    Error - 1/2/2011 4:33:36 PM | Computer Name = Fenixink-PC | Source = MCUpdate | ID = 0
    Description = 12:33:36 PM - Error connecting to the internet. 12:33:36 PM - Unable
    to contact server..

    Error - 1/2/2011 4:33:45 PM | Computer Name = Fenixink-PC | Source = MCUpdate | ID = 0
    Description = 12:33:41 PM - Error connecting to the internet. 12:33:41 PM - Unable
    to contact server..

    Error - 1/2/2011 5:33:49 PM | Computer Name = Fenixink-PC | Source = MCUpdate | ID = 0
    Description = 1:33:49 PM - Error connecting to the internet. 1:33:49 PM - Unable
    to contact server..

    Error - 1/2/2011 5:33:55 PM | Computer Name = Fenixink-PC | Source = MCUpdate | ID = 0
    Description = 1:33:54 PM - Error connecting to the internet. 1:33:54 PM - Unable
    to contact server..

    [ System Events ]
    Error - 10/14/2012 1:38:32 AM | Computer Name = Fenixink-PC | Source = Application Popup | ID = 875
    Description = Driver atksgt.sys has been blocked from loading.

    Error - 10/14/2012 1:38:32 AM | Computer Name = Fenixink-PC | Source = Service Control Manager | ID = 7000
    Description = The atksgt service failed to start due to the following error: %%1275

    Error - 10/14/2012 1:38:55 AM | Computer Name = Fenixink-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    BHDrvx64 SRTSP SymIRON

    Error - 10/14/2012 11:51:16 AM | Computer Name = Fenixink-PC | Source = Service Control Manager | ID = 7031
    Description = The Norton Security Suite service terminated unexpectedly. It has
    done this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
    Restart the service.

    Error - 10/14/2012 11:55:03 AM | Computer Name = Fenixink-PC | Source = Application Popup | ID = 875
    Description = Driver atksgt.sys has been blocked from loading.

    Error - 10/14/2012 11:55:03 AM | Computer Name = Fenixink-PC | Source = Service Control Manager | ID = 7000
    Description = The atksgt service failed to start due to the following error: %%1275

    Error - 10/14/2012 12:46:24 PM | Computer Name = Fenixink-PC | Source = Service Control Manager | ID = 7034
    Description = The LicCtrl Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 10/14/2012 5:02:29 PM | Computer Name = Fenixink-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 10/14/2012 5:04:36 PM | Computer Name = Fenixink-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 10/14/2012 5:05:10 PM | Computer Name = Fenixink-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >
  19. Broni

    Broni Malware Annihilator Posts: 46,335   +252

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
      O3:64bit: - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
      O4 - HKLM..\Run: [] File not found
      O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
      O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
      O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
      O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
      O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
      O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
      O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
      O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
      O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
      O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
      O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
      O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
      O15 - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\..Trusted Ranges: Range1 ([http] in Trusted sites)
      O15 - HKU\S-1-5-21-2551055566-3378420269-3791946891-1000\..Trusted Ranges: Range1 ([https] in Trusted sites)
      [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  20. Fenixink

    Fenixink Newcomer, in training Topic Starter Posts: 21

    OTL Fix Log
    All processes killed
    ========== OTL ==========
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
    64bit-Registry value HKEY_USERS\S-1-5-21-2551055566-3378420269-3791946891-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &1\ deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &2\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &1\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &2\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2551055566-3378420269-3791946891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2551055566-3378420269-3791946891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2551055566-3378420269-3791946891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2551055566-3378420269-3791946891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2551055566-3378420269-3791946891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2551055566-3378420269-3791946891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\https deleted successfully.
    C:\Windows\assembly\Desktop.ini moved successfully.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Fenixink
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 24387591 bytes
    ->Java cache emptied: 17196337 bytes
    ->FireFox cache emptied: 67802694 bytes
    ->Google Chrome cache emptied: 496930214 bytes
    ->Flash cache emptied: 59070 bytes

    User: Mcx1-FENIXINK-PC
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes
    ->Flash cache emptied: 41620 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 401408 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 579.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Fenixink
    ->Java cache emptied: 0 bytes

    User: Mcx1-FENIXINK-PC

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Fenixink
    ->Flash cache emptied: 0 bytes

    User: Mcx1-FENIXINK-PC
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10142012_155131

    Files\Folders moved on Reboot...
    C:\Users\Fenixink\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  21. Fenixink

    Fenixink Newcomer, in training Topic Starter Posts: 21

    Security Check
    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.0.1400
    Java(TM) 6 Update 16
    Java(TM) 6 Update 24
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player 11.1.102.63 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox (16.0.1)
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    Google Chrome CommonDotNET.dll..
    Google Chrome IdVaultCore.dll..
    Google Chrome IdVaultCore.XmlSerializers.dll.
    Google Chrome Microsoft.mshtml.dll.
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
  22. Fenixink

    Fenixink Newcomer, in training Topic Starter Posts: 21

    Farbar Service Scanner Version: 07-10-2012
    Ran by Fenixink (administrator) on 14-10-2012 at 16:31:29
    Running from "C:\Users\Fenixink\Desktop"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll
    [2012-10-13 17:02] - [2012-06-01 22:41] - 0184320 ____A (Microsoft Corporation) 9C01375BE382E834CC26D1B7EAF2C4FE

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  23. Fenixink

    Fenixink Newcomer, in training Topic Starter Posts: 21

    # AdwCleaner v2.005 - Logfile created 10/14/2012 at 16:33:32
    # Updated 14/10/2012 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : Fenixink - FENIXINK-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Fenixink\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\searchplugins\daemon-search.xml
    Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
    Folder Deleted : C:\ProgramData\InstallMate
    Folder Deleted : C:\ProgramData\Premium
    Folder Deleted : C:\Users\Fenixink\AppData\Local\APN
    Folder Deleted : C:\Users\Fenixink\AppData\LocalLow\Toolbar4
    Folder Deleted : C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\Conduit
    Folder Deleted : C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\ConduitCommon
    Folder Deleted : C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\ConduitEngine

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = my.daemon-search.com --> hxxp://www.google.com

    -\\ Mozilla Firefox v16.0.1 (en-US)

    Profile name : default
    File : C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\prefs.js

    C:\Users\Fenixink\AppData\Roaming\Mozilla\Firefox\Profiles\s5mzssry.default\user.js ... Deleted !

    Deleted : user_pref("CT2438727..clientLogIsEnabled", false);
    Deleted : user_pref("CT2438727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Deleted : user_pref("CT2438727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Deleted : user_pref("CT2438727.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
    Deleted : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT2438727.CTID", "CT2438727");
    Deleted : user_pref("CT2438727.CommunitiesChangesLastCheckTime", "0");
    Deleted : user_pref("CT2438727.CurrentServerDate", "21-4-2012");
    Deleted : user_pref("CT2438727.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT2438727.DialogsGetterLastCheckTime", "Thu Apr 19 2012 23:50:55 GMT-0700 (Pacific Daylig[...]
    Deleted : user_pref("CT2438727.DownloadReferralCookieData", "");
    Deleted : user_pref("CT2438727.FirstServerDate", "29-1-2010");
    Deleted : user_pref("CT2438727.FirstTime", true);
    Deleted : user_pref("CT2438727.FirstTimeFF3", true);
    Deleted : user_pref("CT2438727.GroupingInvalidateCache", false);
    Deleted : user_pref("CT2438727.GroupingLastCheckTime", "0");
    Deleted : user_pref("CT2438727.GroupingLastServerUpdateTime", "0");
    Deleted : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT2438727.HasUserGlobalKeys", true);
    Deleted : user_pref("CT2438727.Initialize", true);
    Deleted : user_pref("CT2438727.InitializeCommonPrefs", true);
    Deleted : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3);
    Deleted : user_pref("CT2438727.InstallationType", "Unknown");
    Deleted : user_pref("CT2438727.InstalledDate", "Fri Jan 29 2010 09:19:19 GMT-0800 (Pacific Standard Time)");
    Deleted : user_pref("CT2438727.InvalidateCache", false);
    Deleted : user_pref("CT2438727.IsGrouping", false);
    Deleted : user_pref("CT2438727.IsMulticommunity", false);
    Deleted : user_pref("CT2438727.IsOpenThankYouPage", true);
    Deleted : user_pref("CT2438727.IsOpenUninstallPage", true);
    Deleted : user_pref("CT2438727.LanguagePackLastCheckTime", "Fri Apr 20 2012 23:50:55 GMT-0700 (Pacific Dayligh[...]
    Deleted : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT2438727.LastLogin_2.5.6.0", "Thu Apr 01 2010 16:51:05 GMT-0700 (Pacific Daylight Time)"[...]
    Deleted : user_pref("CT2438727.LastLogin_3.12.0.7", "Sat Apr 21 2012 07:58:34 GMT-0700 (Pacific Daylight Time)[...]
    Deleted : user_pref("CT2438727.LatestVersion", "3.12.0.7");
    Deleted : user_pref("CT2438727.Locale", "en");
    Deleted : user_pref("CT2438727.LoginCache", 4);
    Deleted : user_pref("CT2438727.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Deleted : user_pref("CT2438727.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT2438727.MyStuffEnabledAtInstallation", true);
    Deleted : user_pref("CT2438727.RadioLastCheckTime", "0");
    Deleted : user_pref("CT2438727.RadioLastUpdateIPServer", "0");
    Deleted : user_pref("CT2438727.RadioLastUpdateServer", "0");
    Deleted : user_pref("CT2438727.SHRINK_TOOLBAR", 1);
    Deleted : user_pref("CT2438727.SearchBoxWidth", 159);
    Deleted : user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
    Deleted : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
    Deleted : user_pref("CT2438727.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Fri Apr 20 2012 23:50:56 GMT-0700 (Pacific Dayli[...]
    Deleted : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
    Deleted : user_pref("CT2438727.SearchInNewTabUserEnabled", false);
    Deleted : user_pref("CT2438727.SearchProtectorToolbarDisabled", false);
    Deleted : user_pref("CT2438727.ServiceMapLastCheckTime", "Fri Apr 20 2012 23:50:53 GMT-0700 (Pacific Daylight [...]
    Deleted : user_pref("CT2438727.SettingsCheckIntervalMin", 120);
    Deleted : user_pref("CT2438727.SettingsLastCheckTime", "Sat Apr 21 2012 08:28:12 GMT-0700 (Pacific Daylight Ti[...]
    Deleted : user_pref("CT2438727.SettingsLastUpdate", "1326723880");
    Deleted : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
    Deleted : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Sat Mar 20 2010 14:20:17 GMT-0700 (Pacific Day[...]
    Deleted : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1268384275");
    Deleted : user_pref("CT2438727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2438727");
    Deleted : user_pref("CT2438727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
    Deleted : user_pref("CT2438727.Uninstall", true);
    Deleted : user_pref("CT2438727.UserID", "UN63185364968074888");
    Deleted : user_pref("CT2438727.ValidationData_Search", 0);
    Deleted : user_pref("CT2438727.ValidationData_Toolbar", 2);
    Deleted : user_pref("CT2438727.alertChannelId", "832836");
    Deleted : user_pref("CT2438727.clientLogIsEnabled", false);
    Deleted : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
    Deleted : user_pref("CT2438727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
    Deleted : user_pref("CT2438727.homepageProtectorEnableByLogin", true);
    Deleted : user_pref("CT2438727.initDone", true);
    Deleted : user_pref("CT2438727.myStuffEnabled", true);
    Deleted : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT2438727.revertSettingsEnabled", false);
    Deleted : user_pref("CT2438727.searchProtectorDialogDelayInSec", 10);
    Deleted : user_pref("CT2438727.searchProtectorEnableByLogin", true);
    Deleted : user_pref("CT2438727.testingCtid", "");
    Deleted : user_pref("CT2438727.toolbarAppMetaDataLastCheckTime", "Fri Apr 20 2012 23:50:56 GMT-0700 (Pacific D[...]
    Deleted : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
    Deleted : user_pref("CT2438727.usagesFlag", 2);
    Deleted : user_pref("CT2688461..clientLogIsEnabled", false);
    Deleted : user_pref("CT2688461..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Deleted : user_pref("CT2688461..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Deleted : user_pref("CT2688461.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT2688461.AppTrackingLastCheckTime", "Mon Jun 13 2011 20:30:07 GMT-0700 (Pacific Daylight[...]
    Deleted : user_pref("CT2688461.CTID", "CT2688461");
    Deleted : user_pref("CT2688461.CommunitiesChangesLastCheckTime", "0");
    Deleted : user_pref("CT2688461.CurrentServerDate", "13-6-2011");
    Deleted : user_pref("CT2688461.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT2688461.DialogsGetterLastCheckTime", "Thu May 26 2011 10:22:00 GMT-0700 (Pacific Daylig[...]
    Deleted : user_pref("CT2688461.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
    Deleted : user_pref("CT2688461.FirstServerDate", "30-9-2010");
    Deleted : user_pref("CT2688461.FirstTime", true);
    Deleted : user_pref("CT2688461.FirstTimeFF3", true);
    Deleted : user_pref("CT2688461.FirstTimeSettingsDone", true);
    Deleted : user_pref("CT2688461.FixPageNotFoundErrors", true);
    Deleted : user_pref("CT2688461.GroupingInvalidateCache", false);
    Deleted : user_pref("CT2688461.GroupingLastCheckTime", "0");
    Deleted : user_pref("CT2688461.GroupingLastServerUpdateTime", "0");
    Deleted : user_pref("CT2688461.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT2688461.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT2688461.HasUserGlobalKeys", true);
    Deleted : user_pref("CT2688461.Initialize", true);
    Deleted : user_pref("CT2688461.InitializeCommonPrefs", true);
    Deleted : user_pref("CT2688461.InstallationAndCookieDataSentCount", 3);
    Deleted : user_pref("CT2688461.InstalledDate", "Wed Sep 29 2010 14:35:41 GMT-0700 (Pacific Daylight Time)");
    Deleted : user_pref("CT2688461.InvalidateCache", false);
    Deleted : user_pref("CT2688461.IsGrouping", false);
    Deleted : user_pref("CT2688461.IsMulticommunity", false);
    Deleted : user_pref("CT2688461.IsOpenThankYouPage", true);
    Deleted : user_pref("CT2688461.IsOpenUninstallPage", true);
    Deleted : user_pref("CT2688461.LanguagePackLastCheckTime", "Mon Jun 13 2011 15:14:27 GMT-0700 (Pacific Dayligh[...]
    Deleted : user_pref("CT2688461.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT2688461.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT2688461.LastLogin_2.7.2.0", "Thu Apr 21 2011 22:13:48 GMT-0700 (Pacific Daylight Time)"[...]
    Deleted : user_pref("CT2688461.LastLogin_3.3.3.2", "Tue May 24 2011 20:30:06 GMT-0700 (Pacific Daylight Time)"[...]
    Deleted : user_pref("CT2688461.LastLogin_3.3.5.1", "Mon Jun 13 2011 08:29:55 GMT-0700 (Pacific Daylight Time)"[...]
    Deleted : user_pref("CT2688461.LatestVersion", "3.3.3.2");
    Deleted : user_pref("CT2688461.Locale", "en");
    Deleted : user_pref("CT2688461.LoginCache", 4);
    Deleted : user_pref("CT2688461.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT2688461.MCDetectTooltipShow", false);
    Deleted : user_pref("CT2688461.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Deleted : user_pref("CT2688461.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT2688461.RadioLastCheckTime", "0");
    Deleted : user_pref("CT2688461.RadioLastUpdateIPServer", "0");
    Deleted : user_pref("CT2688461.RadioLastUpdateServer", "0");
    Deleted : user_pref("CT2688461.RadioShrinked", "expanded");
    Deleted : user_pref("CT2688461.SHRINK_TOOLBAR", 1);
    Deleted : user_pref("CT2688461.SearchBoxWidth", 100);
    Deleted : user_pref("CT2688461.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
    Deleted : user_pref("CT2688461.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT2688461.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT268[...]
    Deleted : user_pref("CT2688461.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT2688461.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT2688461.SearchInNewTabLastCheckTime", "Mon Jun 13 2011 15:14:23 GMT-0700 (Pacific Dayli[...]
    Deleted : user_pref("CT2688461.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT2688461.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
    Deleted : user_pref("CT2688461.SearchInNewTabUserEnabled", false);
    Deleted : user_pref("CT2688461.ServiceMapLastCheckTime", "Mon Jun 13 2011 15:14:26 GMT-0700 (Pacific Daylight [...]
    Deleted : user_pref("CT2688461.SettingsCheckIntervalMin", 120);
    Deleted : user_pref("CT2688461.SettingsLastCheckTime", "Mon Jun 13 2011 11:45:43 GMT-0700 (Pacific Daylight Ti[...]
    Deleted : user_pref("CT2688461.SettingsLastUpdate", "1306530423");
    Deleted : user_pref("CT2688461.ThirdPartyComponentsInterval", 504);
    Deleted : user_pref("CT2688461.ThirdPartyComponentsLastCheck", "Fri Jun 03 2011 14:31:12 GMT-0700 (Pacific Day[...]
    Deleted : user_pref("CT2688461.ThirdPartyComponentsLastUpdate", "1246790578");
    Deleted : user_pref("CT2688461.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2688461");
    Deleted : user_pref("CT2688461.UserID", "UN74050849025531635");
    Deleted : user_pref("CT2688461.ValidationData_Search", 2);
    Deleted : user_pref("CT2688461.ValidationData_Toolbar", 2);
    Deleted : user_pref("CT2688461.alertChannelId", "1080867");
    Deleted : user_pref("CT2688461.clientLogIsEnabled", true);
    Deleted : user_pref("CT2688461.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
    Deleted : user_pref("CT2688461.components.129225859247515395", false);
    Deleted : user_pref("CT2688461.components.129225919379358365", false);
    Deleted : user_pref("CT2688461.components.129225965132434109", false);
    Deleted : user_pref("CT2688461.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
    Deleted : user_pref("CT2688461.globalFirstTimeInfoLastCheckTime", "Mon Jun 13 2011 20:29:56 GMT-0700 (Pacific [...]
    Deleted : user_pref("CT2688461.isAppTrackingManagerOn", true);
    Deleted : user_pref("CT2688461.myStuffEnabled", true);
    Deleted : user_pref("CT2688461.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT2688461.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT2688461.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT2688461.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT2688461.oldAppsList", "129223324274262719,129223324274262720,129225859247515395,1292259[...]
    Deleted : user_pref("CT2688461.testingCtid", "");
    Deleted : user_pref("CT2688461.toolbarAppMetaDataLastCheckTime", "Mon Jun 13 2011 15:14:27 GMT-0700 (Pacific D[...]
    Deleted : user_pref("CT2688461.toolbarContextMenuLastCheckTime", "Thu Jun 09 2011 04:45:53 GMT-0700 (Pacific D[...]
    Deleted : user_pref("CT2688461.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
    Deleted : user_pref("CT2688461.usagesFlag", 2);
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1080867/1076571/US", "\"0\"[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/832836/828639/US", "\"0\"")[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", [...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2688461", [...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2688461",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2688461/CT2688461[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/6340477175123412[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/6340477178459350[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/Blank.png", "\"2[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/images/skins/zynga/seperator.gif", "\"46[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"c46[...]
    Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
    Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2688461");
    Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}");
    Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "digitalchocolate");
    Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
    Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2688461");
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}");
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "digitalchocolate");
    Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
    Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2438727,CT2688461,ConduitEngine");
    Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727,CT2688461");
    Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Jun 09 2011 04:45:53 GMT-07[...]
    Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
    Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 28 2011 19:59:41 GMT-0700 (Pacif[...]
    Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Deleted : user_pref("CommunityToolbar.alert.locale", "en");
    Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
    Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 28 2011 19:59:33 GMT-0700 (Pacific D[...]
    Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
    Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
    Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
    Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
    Deleted : user_pref("CommunityToolbar.alert.userId", "{48d2338e-aaef-42ba-a4a6-99c6ca206f60}");
    Deleted : user_pref("CommunityToolbar.globalUserId", "963b12c6-dd8b-422a-9863-628bcd6b92fc");
    Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Fri Jun 24 2011 21:24:23 GMT-0700 (Pacific Dayl[...]
    Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Mon Jun 13 2011 13:21:33 GMT-0700 (Pacific Da[...]
    Deleted : user_pref("ConduitEngine.FirstServerDate", "04/25/2011 23");
    Deleted : user_pref("ConduitEngine.FirstTime", true);
    Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
    Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
    Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true);
    Deleted : user_pref("ConduitEngine.Initialize", true);
    Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
    Deleted : user_pref("ConduitEngine.InstalledDate", "Mon Apr 25 2011 13:30:20 GMT-0700 (Pacific Daylight Time)"[...]
    Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
    Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
    Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
    Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun Jun 12 2011 15:14:27 GMT-0700 (Pacific Day[...]
    Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue May 24 2011 20:30:05 GMT-0700 (Pacific Daylight Ti[...]
    Deleted : user_pref("ConduitEngine.LastLogin_3.3.5.1", "Mon Jun 13 2011 11:45:44 GMT-0700 (Pacific Daylight Ti[...]
    Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
    Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Jun 13 2011 11:45:44 GMT-0700 (Pacific Dayligh[...]
    Deleted : user_pref("ConduitEngine.UserID", "UN60741627787277463");
    Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
    Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun Jun 12 2011 15:14:29 GMT-0700 (Pacif[...]
    Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon Jun 13 2011 20:29:58 GMT-0700 (Paci[...]
    Deleted : user_pref("ConduitEngine.initDone", true);
    Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
    Deleted : user_pref("browser.search.defaultenginename", "Google Customized Web Search");
    Deleted : user_pref("extensions.505de2389e007.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
    Deleted : user_pref("extensions.engine@conduit.com.install-event-fired", true);

    -\\ Google Chrome v22.0.1229.94

    File : C:\Users\Fenixink\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [25939 octets] - [14/10/2012 16:33:32]

    ########## EOF - C:\AdwCleaner[S1].txt - [26000 octets] ##########
  24. Fenixink

    Fenixink Newcomer, in training Topic Starter Posts: 21

    04:08:34 ESET Completed here is the log

    C:\TDSSKiller_Quarantine\13.10.2012_16.51.03\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\13.10.2012_16.51.03\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\13.10.2012_16.51.03\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.OX trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\13.10.2012_16.51.03\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\13.10.2012_16.51.03\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\13.10.2012_16.51.03\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

    I have not closed the ESET window because it has a checkbox to delete quarantined files and I'm not sure if I should check that or not.
  25. Broni

    Broni Malware Annihilator Posts: 46,335   +252

    You can delete those.

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ===========================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ============================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==============================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    13. Please, let me know, how your computer is doing.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.