also @ TechSpot: Intel says Haswell will improve battery life by 50 percent

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Trojan

Discussion in 'Virus and Malware Removal' started by JuiceBox, Sep 11, 2012.

Post New Reply

Page 4 of 5

JuiceBox Newcomer, in training Posts: 92

And here's an updated Results.txt if you want:
ListParts by Farbar Version: 17-09-2012
Ran by SYSTEM (administrator) on 21-09-2012 at 20:30:30
Windows 7 (X64)
Running From: F:\
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 8%
Total physical RAM: 8174.63 MB
Available physical RAM: 7470.57 MB
Total Pagefile: 8172.78 MB
Available Pagefile: 7452.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:919.21 GB) (Free:666.13 GB) NTFS
2 Drive e: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
3 Drive f: (KINGSTON) (Removable) (Total:3.6 GB) (Free:2.25 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 13 MB
Disk 1 Online 3695 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 12 GB 40 MB
Partition 3 Primary 919 GB 12 GB
======================================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 12 GB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 919 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3694 MB 31 KB
======================================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F KINGSTON FAT32 Removable 3694 MB Healthy
======================================================================================================
****** End Of Log ******

JuiceBox, Sep 21, 2012

#61
Broni Malware Annihilator Posts: 39,405 +177

Excellent!
I'll deliver good news to my colleague and we'll go from there

Broni, Sep 21, 2012

#62
Broni Malware Annihilator Posts: 39,405 +177
Very well.
Let's re-run some scans....

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

=================================

Download RogueKiller on the desktop

Close all the running programs

Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

===================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

===================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
Broni, Sep 22, 2012

#63
JuiceBox Newcomer, in training Posts: 92

Yeah, I mean the scans are going all good, so I'll post them tommorow or whatever (Malwarebytes and aswMBR take forever to scan) But I find it sort of weird how I can't seem to access anything on the C drive other than a select few things. Like, all the old icons on the desktop are missing, and when I search up programs on the search bar, nothing comes up, despite being clearly shown on by Malwarebytes to exist. Is it something to do with the fix you gave me previously? Did it sort of mess around with the partitions on my hard drive a little? Just curious

JuiceBox, Sep 22, 2012

#64
Broni Malware Annihilator Posts: 39,405 +177

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

Broni, Sep 22, 2012

#65

JuiceBox Newcomer, in training Posts: 92

1. UnHide worked, so thanks for that, and two, here's the TDSS results log, part 1:
10:47:57.0856 4732 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
10:47:57.0856 4732 ============================================================
10:47:57.0856 4732 Current date / time: 2012/09/22 10:47:57.0856
10:47:57.0856 4732 SystemInfo:
10:47:57.0856 4732
10:47:57.0856 4732 OS Version: 6.1.7601 ServicePack: 1.0
10:47:57.0856 4732 Product type: Workstation
10:47:57.0856 4732 ComputerName: NEWDELL
10:47:57.0856 4732 UserName: Landie
10:47:57.0856 4732 Windows directory: C:\Windows
10:47:57.0856 4732 System windows directory: C:\Windows
10:47:57.0856 4732 Running under WOW64
10:47:57.0856 4732 Processor architecture: Intel x64
10:47:57.0856 4732 Number of processors: 8
10:47:57.0856 4732 Page size: 0x1000
10:47:57.0856 4732 Boot type: Normal boot
10:47:57.0856 4732 ============================================================
10:47:59.0244 4732 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:47:59.0276 4732 Drive \Device\Harddisk5\DR5 - Size: 0xE6F4B800 (3.61 Gb), SectorSize: 0x200, Cylinders: 0x1D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:47:59.0276 4732 ============================================================
10:47:59.0276 4732 \Device\Harddisk0\DR0:
10:47:59.0276 4732 MBR partitions:
10:47:59.0276 4732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x187F000
10:47:59.0276 4732 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1893000, BlocksNum 0x72E6C5B0
10:47:59.0276 4732 \Device\Harddisk5\DR5:
10:47:59.0276 4732 MBR partitions:
10:47:59.0276 4732 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x7372A1
10:47:59.0276 4732 ============================================================
10:47:59.0354 4732 C: <-> \Device\Harddisk0\DR0\Partition2
10:47:59.0354 4732 ============================================================
10:47:59.0354 4732 Initialize success
10:47:59.0354 4732 ============================================================
10:48:05.0765 2372 ============================================================
10:48:05.0765 2372 Scan started
10:48:05.0765 2372 Mode: Manual;
10:48:05.0765 2372 ============================================================
10:48:05.0984 2372 ================ Scan system memory ========================
10:48:05.0984 2372 System memory - ok
10:48:05.0984 2372 ================ Scan services =============================
10:48:06.0296 2372 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:48:06.0342 2372 1394ohci - ok
10:48:06.0514 2372 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:48:06.0514 2372 ACPI - ok
10:48:06.0857 2372 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:48:06.0857 2372 AcpiPmi - ok
10:48:06.0982 2372 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:48:07.0013 2372 adp94xx - ok
10:48:07.0263 2372 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:48:07.0528 2372 adpahci - ok
10:48:07.0668 2372 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:48:07.0684 2372 adpu320 - ok
10:48:07.0731 2372 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:48:07.0731 2372 AeLookupSvc - ok
10:48:07.0918 2372 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:48:08.0058 2372 AFD - ok
10:48:08.0152 2372 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:48:08.0168 2372 agp440 - ok
10:48:08.0246 2372 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:48:08.0246 2372 ALG - ok
10:48:08.0370 2372 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:48:08.0464 2372 aliide - ok
10:48:08.0667 2372 [ F0E61CF2C0FDA5B011CD1CB2E2353C9A ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:48:08.0714 2372 AMD External Events Utility - ok
10:48:08.0776 2372 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:48:08.0792 2372 amdide - ok
10:48:08.0838 2372 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:48:08.0854 2372 AmdK8 - ok
10:48:08.0994 2372 [ CF3DB4D8B2CE0B282AB39C9D846ECA74 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:48:09.0166 2372 amdkmdag - ok
10:48:09.0197 2372 [ 7D07DB26F6D3A16A6C8D34CE6C09FD01 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:48:09.0213 2372 amdkmdap - ok
10:48:09.0306 2372 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:48:09.0306 2372 AmdPPM - ok
10:48:09.0369 2372 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:48:09.0369 2372 amdsata - ok
10:48:09.0431 2372 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:48:09.0447 2372 amdsbs - ok
10:48:09.0462 2372 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:48:09.0462 2372 amdxata - ok
10:48:09.0525 2372 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:48:09.0540 2372 AppID - ok
10:48:09.0556 2372 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:48:09.0572 2372 AppIDSvc - ok
10:48:09.0634 2372 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:48:09.0665 2372 Appinfo - ok
10:48:09.0821 2372 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:48:09.0821 2372 Apple Mobile Device - ok
10:48:09.0884 2372 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:48:09.0899 2372 arc - ok
10:48:09.0915 2372 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:48:09.0915 2372 arcsas - ok
10:48:09.0962 2372 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:48:09.0977 2372 AsyncMac - ok
10:48:10.0024 2372 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:48:10.0040 2372 atapi - ok
10:48:10.0102 2372 [ 6C342CE58E8F4A847E407833D6536CE3 ] athrusb C:\Windows\system32\DRIVERS\athrxusb.sys
10:48:10.0164 2372 athrusb - ok
10:48:10.0227 2372 [ AEC505976EF01BBD8F57CBA912F39259 ] athrusb6 C:\Windows\system32\DRIVERS\athrxu6.sys
10:48:10.0289 2372 athrusb6 - ok
10:48:10.0352 2372 [ 637E0753BD6DEB8EA5314A5C357EC1A0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
10:48:10.0367 2372 AtiHdmiService - ok
10:48:10.0445 2372 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:48:10.0492 2372 AudioEndpointBuilder - ok
10:48:10.0508 2372 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:48:10.0508 2372 AudioSrv - ok
10:48:10.0586 2372 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:48:10.0617 2372 AxInstSV - ok
10:48:10.0679 2372 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:48:10.0710 2372 b06bdrv - ok
10:48:10.0757 2372 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:48:10.0788 2372 b57nd60a - ok
10:48:10.0835 2372 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:48:10.0851 2372 BDESVC - ok
10:48:10.0898 2372 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:48:10.0898 2372 Beep - ok
10:48:10.0976 2372 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:48:11.0038 2372 BFE - ok
10:48:11.0116 2372 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
10:48:11.0178 2372 BITS - ok
10:48:11.0225 2372 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:48:11.0241 2372 blbdrive - ok
10:48:11.0350 2372 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:48:11.0350 2372 Bonjour Service - ok
10:48:11.0428 2372 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:48:11.0444 2372 bowser - ok
10:48:11.0459 2372 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:48:11.0459 2372 BrFiltLo - ok
10:48:11.0475 2372 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:48:11.0490 2372 BrFiltUp - ok
10:48:11.0537 2372 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:48:11.0553 2372 BridgeMP - ok
10:48:11.0584 2372 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:48:11.0631 2372 Browser - ok
10:48:11.0646 2372 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:48:11.0646 2372 Brserid - ok
10:48:11.0662 2372 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:48:11.0678 2372 BrSerWdm - ok
10:48:11.0678 2372 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:48:11.0693 2372 BrUsbMdm - ok
10:48:11.0693 2372 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:48:11.0693 2372 BrUsbSer - ok
10:48:11.0709 2372 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:48:11.0724 2372 BTHMODEM - ok
10:48:11.0740 2372 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:48:11.0756 2372 bthserv - ok
10:48:11.0771 2372 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:48:11.0787 2372 cdfs - ok
10:48:11.0834 2372 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
10:48:11.0865 2372 cdrom - ok
10:48:11.0912 2372 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:48:11.0943 2372 CertPropSvc - ok
10:48:11.0990 2372 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:48:12.0005 2372 circlass - ok
10:48:12.0021 2372 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:48:12.0021 2372 CLFS - ok
10:48:12.0083 2372 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:48:12.0146 2372 clr_optimization_v2.0.50727_32 - ok
10:48:12.0192 2372 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:48:12.0208 2372 clr_optimization_v2.0.50727_64 - ok
10:48:12.0317 2372 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:48:12.0380 2372 clr_optimization_v4.0.30319_32 - ok
10:48:12.0395 2372 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:48:12.0426 2372 clr_optimization_v4.0.30319_64 - ok
10:48:12.0458 2372 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:48:12.0473 2372 CmBatt - ok
10:48:12.0504 2372 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:48:12.0504 2372 cmdide - ok
10:48:12.0567 2372 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:48:12.0567 2372 CNG - ok
10:48:12.0614 2372 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:48:12.0614 2372 Compbatt - ok
10:48:12.0660 2372 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:48:12.0660 2372 CompositeBus - ok
10:48:12.0660 2372 COMSysApp - ok
10:48:12.0676 2372 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:48:12.0692 2372 crcdisk - ok
10:48:12.0738 2372 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:48:12.0738 2372 CryptSvc - ok
10:48:12.0770 2372 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:48:12.0785 2372 DcomLaunch - ok
10:48:12.0816 2372 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:48:12.0832 2372 defragsvc - ok
10:48:12.0879 2372 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:48:12.0894 2372 DfsC - ok
10:48:12.0941 2372 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:48:12.0988 2372 Dhcp - ok
10:48:13.0019 2372 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:48:13.0035 2372 discache - ok
10:48:13.0066 2372 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:48:13.0066 2372 Disk - ok
10:48:13.0097 2372 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:48:13.0160 2372 Dnscache - ok
10:48:13.0206 2372 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:48:13.0253 2372 dot3svc - ok
10:48:13.0300 2372 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:48:13.0300 2372 DPS - ok
10:48:13.0347 2372 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:48:13.0347 2372 drmkaud - ok
10:48:13.0394 2372 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:48:13.0425 2372 DXGKrnl - ok
10:48:13.0472 2372 EagleX64 - ok
10:48:13.0503 2372 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:48:13.0518 2372 EapHost - ok
10:48:13.0596 2372 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:48:13.0706 2372 ebdrv - ok
10:48:13.0737 2372 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:48:13.0752 2372 EFS - ok
10:48:13.0830 2372 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:48:13.0877 2372 ehRecvr - ok
10:48:13.0908 2372 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:48:13.0940 2372 ehSched - ok
10:48:13.0971 2372 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:48:14.0018 2372 elxstor - ok
10:48:14.0064 2372 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:48:14.0080 2372 ErrDev - ok
10:48:14.0127 2372 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:48:14.0127 2372 EventSystem - ok
10:48:14.0174 2372 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:48:14.0189 2372 exfat - ok
10:48:14.0205 2372 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:48:14.0205 2372 fastfat - ok
10:48:14.0236 2372 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:48:14.0252 2372 Fax - ok
10:48:14.0314 2372 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:48:14.0330 2372 fdc - ok
10:48:14.0345 2372 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:48:14.0361 2372 fdPHost - ok
10:48:14.0361 2372 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:48:14.0376 2372 FDResPub - ok
10:48:14.0423 2372 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:48:14.0423 2372 FileInfo - ok
10:48:14.0423 2372 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:48:14.0454 2372 Filetrace - ok
10:48:14.0517 2372 [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:48:14.0642 2372 FLEXnet Licensing Service - ok
10:48:14.0673 2372 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:48:14.0673 2372 flpydisk - ok
10:48:14.0704 2372 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:48:14.0704 2372 FltMgr - ok
10:48:14.0751 2372 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:48:14.0766 2372 FontCache - ok
10:48:14.0860 2372 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:48:14.0876 2372 FontCache3.0.0.0 - ok
10:48:14.0876 2372 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:48:14.0891 2372 FsDepends - ok
10:48:14.0922 2372 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:48:14.0922 2372 Fs_Rec - ok
10:48:14.0954 2372 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:48:14.0954 2372 fvevol - ok
10:48:14.0969 2372 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:48:14.0985 2372 gagp30kx - ok
10:48:15.0032 2372 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:48:15.0047 2372 GEARAspiWDM - ok
10:48:15.0094 2372 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:48:15.0141 2372 gpsvc - ok
10:48:15.0141 2372 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:48:15.0141 2372 hcw85cir - ok
10:48:15.0219 2372 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:48:15.0234 2372 HDAudBus - ok
10:48:15.0234 2372 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:48:15.0250 2372 HidBatt - ok
10:48:15.0266 2372 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:48:15.0266 2372 HidBth - ok
10:48:15.0281 2372 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:48:15.0281 2372 HidIr - ok
10:48:15.0297 2372 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:48:15.0312 2372 hidserv - ok
10:48:15.0344 2372 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:48:15.0359 2372 HidUsb - ok
10:48:15.0453 2372 [ 5A457C3D00C1C701230A12AA1580114D ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
10:48:15.0453 2372 HiPatchService - ok
10:48:15.0484 2372 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:48:15.0515 2372 hkmsvc - ok
10:48:15.0562 2372 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:48:15.0593 2372 HomeGroupListener - ok
10:48:15.0624 2372 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:48:15.0624 2372 HomeGroupProvider - ok
10:48:15.0640 2372 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:48:15.0656 2372 HpSAMD - ok
10:48:15.0734 2372 [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
10:48:15.0843 2372 HPSLPSVC - ok
10:48:15.0890 2372 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:48:15.0921 2372 HTTP - ok
10:48:15.0952 2372 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:48:15.0952 2372 hwpolicy - ok
10:48:15.0983 2372 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:48:15.0999 2372 i8042prt - ok
10:48:16.0014 2372 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:48:16.0014 2372 iaStor - ok
10:48:16.0092 2372 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:48:16.0108 2372 IAStorDataMgrSvc - ok
10:48:16.0170 2372 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:48:16.0202 2372 iaStorV - ok
10:48:16.0280 2372 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:48:16.0311 2372 IDriverT - ok
10:48:16.0358 2372 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:48:16.0389 2372 idsvc - ok
10:48:16.0404 2372 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:48:16.0420 2372 iirsp - ok
10:48:16.0482 2372 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:48:16.0482 2372 IKEEXT - ok
10:48:16.0529 2372 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
10:48:16.0560 2372 Impcd - ok
10:48:16.0638 2372 [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:48:16.0670 2372 IntcAzAudAddService - ok
10:48:16.0716 2372 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
10:48:16.0716 2372 IntcDAud - ok
10:48:16.0732 2372 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:48:16.0748 2372 intelide - ok
10:48:16.0748 2372 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:48:16.0748 2372 intelppm - ok
10:48:16.0779 2372 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:48:16.0794 2372 IPBusEnum - ok
10:48:16.0826 2372 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:48:16.0841 2372 IpFilterDriver - ok
10:48:16.0919 2372 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:48:16.0919 2372 iphlpsvc - ok
10:48:16.0935 2372 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:48:16.0935 2372 IPMIDRV - ok
10:48:16.0950 2372 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:48:16.0950 2372 IPNAT - ok
10:48:17.0013 2372 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:48:17.0028 2372 iPod Service - ok
10:48:17.0044 2372 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:48:17.0044 2372 IRENUM - ok
10:48:17.0060 2372 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:48:17.0075 2372 isapnp - ok
10:48:17.0091 2372 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:48:17.0106 2372 iScsiPrt - ok
10:48:17.0169 2372 [ 12E27942DBB7C91880163634B0D8A776 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
10:48:17.0184 2372 k57nd60a - ok
10:48:17.0200 2372 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:48:17.0216 2372 kbdclass - ok
10:48:17.0231 2372 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:48:17.0247 2372 kbdhid - ok
10:48:17.0262 2372 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:48:17.0262 2372 KeyIso - ok
10:48:17.0294 2372 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:48:17.0294 2372 KSecDD - ok
10:48:17.0325 2372 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:48:17.0325 2372 KSecPkg - ok
10:48:17.0340 2372 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:48:17.0340 2372 ksthunk - ok
10:48:17.0372 2372 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:48:17.0387 2372 KtmRm - ok
10:48:17.0434 2372 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:48:17.0465 2372 LanmanServer - ok
10:48:17.0528 2372 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:48:17.0543 2372 LanmanWorkstation - ok
10:48:17.0590 2372 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:48:17.0606 2372 lltdio - ok
10:48:17.0621 2372 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:48:17.0652 2372 lltdsvc - ok
10:48:17.0699 2372 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:48:17.0715 2372 lmhosts - ok
10:48:17.0746 2372 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:48:17.0762 2372 LSI_FC - ok
10:48:17.0777 2372 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:48:17.0793 2372 LSI_SAS - ok
10:48:17.0808 2372 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:48:17.0824 2372 LSI_SAS2 - ok
10:48:17.0840 2372 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:48:17.0855 2372 LSI_SCSI - ok
10:48:17.0871 2372 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:48:17.0886 2372 luafv - ok
10:48:17.0949 2372 [ 1F02B554DDC4086D786537A3BF6488F1 ] lxecCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe
10:48:17.0964 2372 lxecCATSCustConnectService - ok
10:48:17.0996 2372 lxec_device - ok
10:48:18.0042 2372 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
10:48:18.0058 2372 mcdbus - ok
10:48:18.0089 2372 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:48:18.0105 2372 Mcx2Svc - ok
10:48:18.0105 2372 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:48:18.0120 2372 megasas - ok
10:48:18.0136 2372 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:48:18.0152 2372 MegaSR - ok
10:48:18.0198 2372 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:48:18.0214 2372 MEIx64 - ok
10:48:18.0245 2372 Microsoft SharePoint Workspace Audit Service - ok
10:48:18.0245 2372 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:48:18.0261 2372 MMCSS - ok
10:48:18.0261 2372 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:48:18.0276 2372 Modem - ok
10:48:18.0276 2372 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:48:18.0292 2372 monitor - ok
10:48:18.0339 2372 [ FC44AD48746FFA5FD640EF1260AB5EC2 ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
10:48:18.0370 2372 MotioninJoyXFilter - ok
10:48:18.0401 2372 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:48:18.0417 2372 mouclass - ok
10:48:18.0448 2372 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:48:18.0448 2372 mouhid - ok
10:48:18.0495 2372 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:48:18.0495 2372 mountmgr - ok
10:48:18.0542 2372 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
10:48:18.0542 2372 MpFilter - ok
10:48:18.0588 2372 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:48:18.0588 2372 mpio - ok
10:48:18.0604 2372 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:48:18.0620 2372 mpsdrv - ok
10:48:18.0682 2372 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:48:18.0729 2372 MpsSvc - ok
10:48:18.0744 2372 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:48:18.0776 2372 MRxDAV - ok
10:48:18.0807 2372 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:48:18.0838 2372 mrxsmb - ok
10:48:18.0869 2372 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:48:18.0885 2372 mrxsmb10 - ok
10:48:18.0900 2372 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:48:18.0916 2372 mrxsmb20 - ok
10:48:18.0932 2372 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:48:18.0947 2372 msahci - ok
10:48:19.0010 2372 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
10:48:19.0010 2372 MSCamSvc - ok
10:48:19.0056 2372 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:48:19.0072 2372 msdsm - ok
10:48:19.0088 2372 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:48:19.0119 2372 MSDTC - ok
10:48:19.0134 2372 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:48:19.0150 2372 Msfs - ok
10:48:19.0181 2372 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:48:19.0197 2372 mshidkmdf - ok
10:48:19.0259 2372 [ 55218F924E55FD2786ED40EDF4ED79C3 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
10:48:19.0275 2372 MSHUSBVideo - ok
10:48:19.0275 2372 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:48:19.0275 2372 msisadrv - ok
10:48:19.0306 2372 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:48:19.0337 2372 MSiSCSI - ok
10:48:19.0337 2372 msiserver - ok
10:48:19.0384 2372 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:48:19.0384 2372 MSKSSRV - ok
10:48:19.0446 2372 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:48:19.0446 2372 MsMpSvc - ok
10:48:19.0493 2372 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:48:19.0493 2372 MSPCLOCK - ok
10:48:19.0493 2372 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:48:19.0509 2372 MSPQM - ok
10:48:19.0556 2372 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:48:19.0556 2372 MsRPC - ok
10:48:19.0571 2372 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:48:19.0587 2372 mssmbios - ok
10:48:19.0696 2372 MSSQL$NR2007 - ok
10:48:19.0790 2372 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
10:48:19.0805 2372 MSSQLServerADHelper - ok
10:48:19.0821 2372 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:48:19.0821 2372 MSTEE - ok
10:48:19.0836 2372 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:48:19.0836 2372 MTConfig - ok
10:48:19.0852 2372 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:48:19.0852 2372 Mup - ok
10:48:19.0899 2372 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:48:19.0930 2372 napagent - ok
10:48:19.0961 2372 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:48:19.0992 2372 NativeWifiP - ok
10:48:20.0055 2372 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
10:48:20.0055 2372 NDIS - ok
10:48:20.0102 2372 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ]

JuiceBox, Sep 23, 2012

#66

JuiceBox Newcomer, in training Posts: 92

TDSS part 2:
NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:48:20.0117 2372 NdisCap - ok
10:48:20.0117 2372 NdisCap - ok
10:48:20.0148 2372 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:48:20.0164 2372 NdisTapi - ok
10:48:20.0226 2372 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:48:20.0226 2372 Ndisuio - ok
10:48:20.0258 2372 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:48:20.0289 2372 NdisWan - ok
10:48:20.0320 2372 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:48:20.0336 2372 NDProxy - ok
10:48:20.0414 2372 [ 22DEAB64123609EBE33F51CB2778B13D ] NeatWorksDatabaseController C:\Program Files (x86)\NeatWorks\exec\NeatWorksDatabaseController.exe
10:48:20.0414 2372 NeatWorksDatabaseController - ok
10:48:20.0476 2372 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:48:20.0476 2372 Net Driver HPZ12 - ok
10:48:20.0523 2372 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:48:20.0523 2372 NetBIOS - ok
10:48:20.0570 2372 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:48:20.0585 2372 NetBT - ok
10:48:20.0601 2372 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:48:20.0601 2372 Netlogon - ok
10:48:20.0648 2372 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:48:20.0663 2372 Netman - ok
10:48:20.0694 2372 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:48:20.0694 2372 netprofm - ok
10:48:20.0710 2372 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:48:20.0741 2372 NetTcpPortSharing - ok
10:48:20.0788 2372 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:48:20.0788 2372 nfrd960 - ok
10:48:20.0850 2372 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:48:20.0866 2372 NisDrv - ok
10:48:20.0913 2372 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
10:48:20.0944 2372 NisSrv - ok
10:48:21.0006 2372 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:48:21.0006 2372 NlaSvc - ok
10:48:21.0022 2372 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:48:21.0038 2372 Npfs - ok
10:48:21.0038 2372 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:48:21.0053 2372 nsi - ok
10:48:21.0053 2372 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:48:21.0053 2372 nsiproxy - ok
10:48:21.0116 2372 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:48:21.0116 2372 Ntfs - ok
10:48:21.0131 2372 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:48:21.0147 2372 Null - ok
10:48:21.0194 2372 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:48:21.0209 2372 nvraid - ok
10:48:21.0256 2372 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:48:21.0272 2372 nvstor - ok
10:48:21.0303 2372 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:48:21.0334 2372 nv_agp - ok
10:48:21.0365 2372 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:48:21.0381 2372 ohci1394 - ok
10:48:21.0459 2372 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:48:21.0506 2372 ose64 - ok
10:48:21.0615 2372 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:48:21.0880 2372 osppsvc - ok
10:48:21.0896 2372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:48:21.0927 2372 p2pimsvc - ok
10:48:21.0942 2372 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:48:21.0974 2372 p2psvc - ok
10:48:21.0989 2372 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:48:21.0989 2372 Parport - ok
10:48:22.0036 2372 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:48:22.0036 2372 partmgr - ok
10:48:22.0052 2372 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:48:22.0052 2372 PcaSvc - ok
10:48:22.0067 2372 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:48:22.0067 2372 pci - ok
10:48:22.0067 2372 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:48:22.0083 2372 pciide - ok
10:48:22.0098 2372 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:48:22.0098 2372 pcmcia - ok
10:48:22.0114 2372 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:48:22.0114 2372 pcw - ok
10:48:22.0130 2372 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:48:22.0145 2372 PEAUTH - ok
10:48:22.0239 2372 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:48:22.0254 2372 PerfHost - ok
10:48:22.0301 2372 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:48:22.0348 2372 pla - ok
10:48:22.0395 2372 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:48:22.0426 2372 PlugPlay - ok
10:48:22.0488 2372 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:48:22.0488 2372 Pml Driver HPZ12 - ok
10:48:22.0504 2372 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:48:22.0535 2372 PNRPAutoReg - ok
10:48:22.0551 2372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:48:22.0566 2372 PNRPsvc - ok
10:48:22.0582 2372 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:48:22.0598 2372 PolicyAgent - ok
10:48:22.0629 2372 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:48:22.0644 2372 Power - ok
10:48:22.0691 2372 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:48:22.0691 2372 PptpMiniport - ok
10:48:22.0707 2372 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:48:22.0722 2372 Processor - ok
10:48:22.0754 2372 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:48:22.0785 2372 ProfSvc - ok
10:48:22.0785 2372 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:48:22.0785 2372 ProtectedStorage - ok
10:48:22.0847 2372 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:48:22.0863 2372 Psched - ok
10:48:22.0925 2372 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
10:48:22.0925 2372 PxHlpa64 - ok
10:48:23.0003 2372 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:48:23.0034 2372 ql2300 - ok
10:48:23.0050 2372 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:48:23.0081 2372 ql40xx - ok
10:48:23.0097 2372 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:48:23.0112 2372 QWAVE - ok
10:48:23.0128 2372 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:48:23.0128 2372 QWAVEdrv - ok
10:48:23.0144 2372 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:48:23.0144 2372 RasAcd - ok
10:48:23.0159 2372 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:48:23.0159 2372 RasAgileVpn - ok
10:48:23.0159 2372 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:48:23.0175 2372 RasAuto - ok
10:48:23.0206 2372 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:48:23.0222 2372 Rasl2tp - ok
10:48:23.0284 2372 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:48:23.0300 2372 RasMan - ok
10:48:23.0315 2372 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:48:23.0331 2372 RasPppoe - ok
10:48:23.0346 2372 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:48:23.0362 2372 RasSstp - ok
10:48:23.0378 2372 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:48:23.0409 2372 rdbss - ok
10:48:23.0424 2372 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:48:23.0424 2372 rdpbus - ok
10:48:23.0440 2372 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:48:23.0440 2372 RDPCDD - ok
10:48:23.0487 2372 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:48:23.0502 2372 RDPENCDD - ok
10:48:23.0502 2372 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:48:23.0518 2372 RDPREFMP - ok
10:48:23.0549 2372 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:48:23.0565 2372 RDPWD - ok
10:48:23.0612 2372 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:48:23.0612 2372 rdyboost - ok
10:48:23.0643 2372 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:48:23.0658 2372 RemoteAccess - ok
10:48:23.0674 2372 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:48:23.0690 2372 RemoteRegistry - ok
10:48:23.0783 2372 [ BDDC447AB46625A54619808575D5CB46 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
10:48:23.0799 2372 RoxMediaDB12OEM - ok
10:48:23.0830 2372 [ CE203243ADF512540249DF9C264F12DD ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
10:48:23.0877 2372 RoxWatch12 - ok
10:48:23.0892 2372 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:48:23.0892 2372 RpcEptMapper - ok
10:48:23.0924 2372 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:48:23.0924 2372 RpcLocator - ok
10:48:23.0970 2372 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:48:23.0970 2372 RpcSs - ok
10:48:23.0986 2372 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:48:24.0002 2372 rspndr - ok
10:48:24.0002 2372 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:48:24.0002 2372 SamSs - ok
10:48:24.0033 2372 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:48:24.0048 2372 sbp2port - ok
10:48:24.0064 2372 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:48:24.0095 2372 SCardSvr - ok
10:48:24.0111 2372 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:48:24.0126 2372 scfilter - ok
10:48:24.0173 2372 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:48:24.0220 2372 Schedule - ok
10:48:24.0251 2372 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:48:24.0251 2372 SCPolicySvc - ok
10:48:24.0282 2372 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:48:24.0329 2372 SDRSVC - ok
10:48:24.0360 2372 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:48:24.0360 2372 secdrv - ok
10:48:24.0376 2372 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:48:24.0376 2372 seclogon - ok
10:48:24.0392 2372 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
10:48:24.0423 2372 SENS - ok
10:48:24.0423 2372 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:48:24.0438 2372 SensrSvc - ok
10:48:24.0485 2372 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:48:24.0485 2372 Serenum - ok
10:48:24.0532 2372 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:48:24.0548 2372 Serial - ok
10:48:24.0594 2372 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:48:24.0610 2372 sermouse - ok
10:48:24.0626 2372 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:48:24.0641 2372 SessionEnv - ok
10:48:24.0672 2372 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:48:24.0688 2372 sffdisk - ok
10:48:24.0688 2372 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:48:24.0704 2372 sffp_mmc - ok
10:48:24.0704 2372 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:48:24.0704 2372 sffp_sd - ok
10:48:24.0719 2372 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:48:24.0719 2372 sfloppy - ok
10:48:24.0782 2372 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:48:24.0782 2372 SharedAccess - ok
10:48:24.0828 2372 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:48:24.0860 2372 ShellHWDetection - ok
10:48:24.0875 2372 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:48:24.0875 2372 SiSRaid2 - ok
10:48:24.0891 2372 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:48:24.0906 2372 SiSRaid4 - ok
10:48:24.0922 2372 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:48:24.0938 2372 Smb - ok
10:48:24.0984 2372 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:48:25.0000 2372 SNMPTRAP - ok
10:48:25.0000 2372 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:48:25.0000 2372 spldr - ok
10:48:25.0047 2372 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:48:25.0062 2372 Spooler - ok
10:48:25.0156 2372 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:48:25.0265 2372 sppsvc - ok
10:48:25.0281 2372 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:48:25.0281 2372 sppuinotify - ok
10:48:25.0343 2372 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
10:48:25.0343 2372 SQLBrowser - ok
10:48:25.0406 2372 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:48:25.0406 2372 SQLWriter - ok
10:48:25.0452 2372 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:48:25.0484 2372 srv - ok
10:48:25.0515 2372 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:48:25.0546 2372 srv2 - ok
10:48:25.0546 2372 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:48:25.0577 2372 srvnet - ok
10:48:25.0608 2372 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:48:25.0624 2372 SSDPSRV - ok
10:48:25.0624 2372 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:48:25.0624 2372 SstpSvc - ok
10:48:25.0686 2372 Steam Client Service - ok
10:48:25.0686 2372 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:48:25.0702 2372 stexstor - ok
10:48:25.0733 2372 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:48:25.0749 2372 stisvc - ok
10:48:25.0780 2372 [ 9E182DD94496550A22A392CC1A8E0F52 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
10:48:25.0811 2372 stllssvr - ok
10:48:25.0842 2372 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:48:25.0858 2372 swenum - ok
10:48:25.0983 2372 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:48:25.0983 2372 SwitchBoard - ok
10:48:25.0998 2372 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:48:26.0030 2372 swprv - ok
10:48:26.0092 2372 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:48:26.0123 2372 SysMain - ok
10:48:26.0170 2372 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:48:26.0186 2372 TabletInputService - ok
10:48:26.0217 2372 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:48:26.0232 2372 TapiSrv - ok
10:48:26.0248 2372 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:48:26.0264 2372 TBS - ok
10:48:26.0310 2372 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:48:26.0310 2372 Tcpip - ok
10:48:26.0373 2372 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:48:26.0388 2372 TCPIP6 - ok
10:48:26.0420 2372 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:48:26.0420 2372 tcpipreg - ok
10:48:26.0435 2372 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:48:26.0435 2372 TDPIPE - ok
10:48:26.0482 2372 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:48:26.0482 2372 TDTCP - ok
10:48:26.0513 2372 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:48:26.0529 2372 tdx - ok
10:48:26.0529 2372 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:48:26.0544 2372 TermDD - ok
10:48:26.0576 2372 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:48:26.0607 2372 TermService - ok
10:48:26.0622 2372 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:48:26.0638 2372 Themes - ok
10:48:26.0669 2372 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:48:26.0669 2372 THREADORDER - ok
10:48:26.0669 2372 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:48:26.0669 2372 TrkWks - ok
10:48:26.0732 2372 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:48:26.0763 2372 TrustedInstaller - ok
10:48:26.0794 2372 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:48:26.0794 2372 tssecsrv - ok
10:48:26.0872 2372 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:48:26.0888 2372 TsUsbFlt - ok
10:48:26.0934 2372 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:48:26.0950 2372 tunnel - ok
10:48:26.0966 2372 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:48:26.0966 2372 uagp35 - ok
10:48:26.0997 2372 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:48:27.0012 2372 udfs - ok
10:48:27.0028 2372 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:48:27.0059 2372 UI0Detect - ok
10:48:27.0090 2372 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:48:27.0106 2372 uliagpkx - ok
10:48:27.0137 2372 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
10:48:27.0153 2372 umbus - ok
10:48:27.0184 2372 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:48:27.0200 2372 UmPass - ok
10:48:27.0215 2372 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:48:27.0215 2372 upnphost - ok
10:48:27.0278 2372 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:48:27.0293 2372 USBAAPL64 - ok
10:48:27.0356 2372 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:48:27.0371 2372 usbaudio - ok
10:48:27.0418 2372 [ 5FCC71487888589A9244AF54CFEFAB29 ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys
10:48:27.0434 2372 usbbus - ok
10:48:27.0496 2372 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:48:27.0512 2372 usbccgp - ok
10:48:27.0543 2372 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:48:27.0558 2372 usbcir - ok
10:48:27.0605 2372 [ 3FB6E423F7567C92C32EA786F5FD0C69 ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys
10:48:27.0621 2372 UsbDiag - ok
10:48:27.0636 2372 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:48:27.0652 2372 usbehci - ok
10:48:27.0668 2372 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:48:27.0683 2372 usbhub - ok
10:48:27.0730 2372 [ 78D551F5B93488B4666F5FC8DD4815F3 ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys
10:48:27.0746 2372 USBModem - ok
10:48:27.0761 2372 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:48:27.0777 2372 usbohci - ok
10:48:27.0792 2372 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:48:27.0792 2372 usbprint - ok
10:48:27.0824 2372 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:48:27.0839 2372 usbscan - ok
10:48:27.0855 2372 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:48:27.0870 2372 USBSTOR - ok
10:48:27.0902 2372 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:48:27.0902 2372 usbuhci - ok
10:48:27.0948 2372 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
10:48:27.0964 2372 usbvideo - ok
10:48:27.0980 2372 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:48:27.0995 2372 UxSms - ok
10:48:28.0011 2372 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:48:28.0011 2372 VaultSvc - ok
10:48:28.0073 2372 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:48:28.0073 2372 vdrvroot - ok
10:48:28.0089 2372 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:48:28.0120 2372 vds - ok
10:48:28.0136 2372 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:48:28.0151 2372 vga - ok
10:48:28.0151 2372 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:48:28.0167 2372 VgaSave - ok
10:48:28.0182 2372 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:48:28.0198 2372 vhdmp - ok
10:48:28.0229 2372 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:48:28.0229 2372 viaide - ok
10:48:28.0245 2372 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:48:28.0245 2372 volmgr - ok
10:48:28.0276 2372 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:48:28.0276 2372 volmgrx - ok
10:48:28.0292 2372 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:48:28.0292 2372 volsnap - ok
10:48:28.0338 2372 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:48:28.0354 2372 vsmraid - ok
10:48:28.0416 2372 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:48:28.0448 2372 VSS - ok
10:48:28.0463 2372 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:48:28.0463 2372 vwifibus - ok
10:48:28.0526 2372 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:48:28.0557 2372 W32Time - ok
10:48:28.0572 2372 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:48:28.0588 2372 WacomPen - ok
10:48:28.0635 2372 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:48:28.0650 2372 WANARP - ok
10:48:28.0682 2372 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:48:28.0682 2372 Wanarpv6 - ok
10:48:28.0744 2372 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:48:28.0900 2372 WatAdminSvc - ok
10:48:28.0947 2372 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:48:28.0994 2372 wbengine - ok
10:48:29.0009 2372 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:48:29.0025 2372 WbioSrvc - ok
10:48:29.0056 2372 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:48:29.0087 2372 wcncsvc - ok
10:48:29.0087 2372 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:48:29.0103 2372 WcsPlugInService - ok
10:48:29.0118 2372 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:48:29.0118 2372 Wd - ok
10:48:29.0259 2372 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:48:29.0259 2372 Wdf01000 - ok
10:48:29.0274 2372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:48:29.0274 2372 WdiServiceHost - ok
10:48:29.0290 2372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:48:29.0290 2372 WdiSystemHost - ok
10:48:29.0352 2372 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:48:29.0384 2372 WebClient - ok
10:48:29.0384 2372 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:48:29.0399 2372 Wecsvc - ok
10:48:29.0399 2372 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:48:29.0415 2372 wercplsupport - ok
10:48:29.0477 2372 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:48:29.0477 2372 WerSvc - ok
10:48:29.0493 2372 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:48:29.0508 2372 WfpLwf - ok
10:48:29.0540 2372 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:48:29.0555 2372 WIMMount - ok
10:48:29.0602 2372 WinDefend - ok
10:48:29.0602 2372 WinHttpAutoProxySvc - ok
10:48:29.0633 2372 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:48:29.0649 2372 Winmgmt - ok
10:48:30.0054 2372 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:48:30.0132 2372 WinRM - ok
10:48:30.0195 2372 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:48:30.0210 2372 WinUsb - ok
10:48:30.0242 2372 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:48:30.0288 2372 Wlansvc - ok
10:48:30.0351 2372 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:48:30.0382 2372 wlcrasvc - ok
10:48:30.0678 2372 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:48:30.0694 2372 wlidsvc - ok
10:48:30.0756 2372 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:48:30.0756 2372 WmiAcpi - ok
10:48:30.0772 2372 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:48:30.0803 2372 wmiApSrv - ok
10:48:30.0819 2372 WMPNetworkSvc - ok
10:48:30.0850 2372 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:48:30.0866 2372 WPCSvc - ok
10:48:30.0897 2372 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:48:30.0897 2372 WPDBusEnum - ok
10:48:30.0912 2372 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:48:30.0928 2372 ws2ifsl - ok
10:48:30.0944 2372 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
10:48:30.0975 2372 wscsvc - ok
10:48:30.0975 2372 WSearch - ok
10:48:31.0037 2372 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:48:31.0162 2372 wuauserv - ok
10:48:31.0162 2372 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:48:31.0178 2372 WudfPf - ok
10:48:31.0209 2372 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:48:31.0209 2372 WUDFRd - ok
10:48:31.0256 2372 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:48:31.0271 2372 wudfsvc - ok
10:48:31.0287 2372 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:48:31.0318 2372 WwanSvc - ok
10:48:31.0349 2372 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
10:48:31.0365 2372 xusb21 - ok
10:48:31.0412 2372 ================ Scan global ===============================
10:48:31.0443 2372 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:48:31.0490 2372 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:48:31.0536 2372 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:48:31.0568 2372 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:48:31.0614 2372 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:48:31.0646 2372 [Global] - ok
10:48:31.0646 2372 ================ Scan MBR ==================================
10:48:31.0677 2372 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
10:48:31.0864 2372 \Device\Harddisk0\DR0 - ok
10:48:31.0880 2372 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk5\DR5
10:48:31.0880 2372 \Device\Harddisk5\DR5 - ok
10:48:31.0880 2372 ================ Scan VBR ==================================
10:48:31.0895 2372 [ 51D66E4FD31D6BB2F8898332670A9DC5 ] \Device\Harddisk0\DR0\Partition1
10:48:31.0895 2372 \Device\Harddisk0\DR0\Partition1 - ok
10:48:31.0911 2372 [ 98508E1081DC31DC3187902584C09753 ] \Device\Harddisk0\DR0\Partition2
10:48:31.0911 2372 \Device\Harddisk0\DR0\Partition2 - ok
10:48:31.0926 2372 [ BCBCA9C7018D76DC3E1DB5E6CEA978BA ] \Device\Harddisk5\DR5\Partition1
10:48:31.0926 2372 \Device\Harddisk5\DR5\Partition1 - ok
10:48:31.0926 2372 ============================================================
10:48:31.0926 2372 Scan finished
10:48:31.0926 2372 ============================================================
10:48:31.0926 4928 Detected object count: 0
10:48:31.0926 4928 Actual detected object count: 0

JuiceBox, Sep 23, 2012

#67
JuiceBox Newcomer, in training Posts: 92

And here's the 1st part of the Rouge killer scans:
RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Landie [Admin rights]
Mode : Scan -- Date : 09/22/2012 10:51:36
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 63 ¤¤¤
[RUN][BLACKLIST DLL] HKLM\[...]\Run : RunDLLEntry_THXCfg (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64) -> FOUND
[RUN][BLACKLIST DLL] HKLM\[...]\Run : RunDLLEntry_EptMon (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64) -> FOUND
[TASK][SUSP PATH] {11B17C39-E864-40E0-B457-30CFB16F0B27} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {12C39DC7-1D80-4C7F-8483-2843928CBB10} : C:\Users\Landie\Desktop\stuff\Humble\psychonautspc-release\psychonauts\Psychonauts.exe -> FOUND
[TASK][SUSP PATH] {1AABBA32-E98F-4666-A58E-3639DC5BAA6E} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {233B8962-9F25-4D8A-800E-0B2F1F601174} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {317F257E-6BBB-4A32-9A57-F4A2F37838CC} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {325375F5-DF07-4126-B59C-BC9B30B79EDE} : C:\Users\Landie\Desktop\stuff\Humble\psychonautspc-release\psychonauts\Psychonauts.exe -> FOUND
[TASK][SUSP PATH] {3D7127CE-44FC-4271-BEF9-5D45465E000B} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {48B2C45D-B48B-4D76-89FD-70EFC384177A} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {4A8EAD99-55C6-41DF-9783-6964127300C9} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {4BDF4606-58D0-420B-8882-375AA9CA4138} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {534CA46E-C663-4A40-AB37-F9CF67B2C083} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {61856820-A554-4768-934D-CF1A95900CFE} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {62727126-6667-4BEA-A590-3EC1FD1300C0} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {63130CFD-E280-49E9-83EA-B70E6CA8296B} : C:\Users\Landie\Desktop\stuff\Humble\psychonautspc-release\psychonauts\Psychonauts.exe -> FOUND
[TASK][SUSP PATH] {65E53FD2-BAC9-445E-8845-99DF50CB8B93} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {68C09F34-7B8A-4238-AF9B-43DEE927A5C4} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {6ABACD32-38BE-4D79-8914-16336D96344E} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {78C6C6AF-4592-423A-A622-18F0B641D79A} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {87BE53AB-92DD-4632-9A66-904A45919C62} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {896A61D8-C4A5-41C1-AA0E-910B5E621E08} : C:\Users\Landie\Desktop\stuff\Humble\psychonautspc-release\psychonauts\Psychonauts.exe -> FOUND
[TASK][SUSP PATH] {8983ED2C-C4ED-4C42-A5CD-165BA0507975} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {9913D03B-13E7-409F-8BE9-4D89CA378EB1} : C:\Users\Landie\Desktop\FretsOnFire-1.3.110-win32\Frets on Fire\FretsOnFire.exe -> FOUND
[TASK][SUSP PATH] {9F7FC2E8-A42B-475A-86FC-ED88D7607545} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {A0DF463F-3CFD-427B-8B16-C59D7F3F640A} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {AB683580-8521-426E-86EB-399B88D3B198} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {B12106E0-0807-4050-8BC4-15B3426A5598} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {B5579C40-7824-4585-9A25-4AB2229D2CB7} : C:\Users\Landie\Desktop\FretsOnFire-1.3.110-win32\Frets on Fire\FretsOnFire.exe -> FOUND
[TASK][SUSP PATH] {B8E390FC-BC20-48A8-A26C-CEC070671A45} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {BACE3DE7-007C-4178-B121-862BFEA64AA6} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {CB5A0A72-575C-4EE3-8D94-A05CA91F3D1E} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {D05CD870-ECC1-46AD-95C5-3A5FCEB02240} : C:\Users\Landie\Desktop\stuff\Humble\psychonautspc-release\psychonauts\Psychonauts.exe -> FOUND
[TASK][SUSP PATH] {D3F07206-74D4-47D1-AEA0-CF284D04D9B4} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {D7657120-48A8-46B0-BF38-7F149CEC2A4F} : C:\Users\Landie\Desktop\FretsOnFire-1.3.110-win32\Frets on Fire\FretsOnFire.exe -> FOUND
[TASK][SUSP PATH] {DC2BC2E8-1B03-49B7-9568-CAA9F596221B} : C:\Users\Landie\Desktop\FretsOnFire-1.3.110-win32\Frets on Fire\FretsOnFire.exe -> FOUND
[TASK][SUSP PATH] {E87124B3-D001-43D5-9B0E-A818AF90307E} : C:\Users\Landie\Desktop\vanpri107c\vanpri107c\ヴァンガードプリンセス\ヴァンガードプリンセス.exe -> FOUND
[TASK][SUSP PATH] {EB063E74-AA89-4510-A142-B4364396E0A0} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {EE75B661-275E-469B-B547-CF12963F10D6} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD1001FAES-75W7A0 +++++
--- User ---
[MBR] 612493e7e28df08f2bbc5bca066d08a2
[BSP] 2443d7138d44605c205800f5c869ff21 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12542 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25767936 | Size: 941272 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt

JuiceBox, Sep 23, 2012

#68
JuiceBox Newcomer, in training Posts: 92

And here's the 2nd part of the Rouge killer scans:
RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Landie [Admin rights]
Mode : Remove -- Date : 09/22/2012 10:52:21
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 60 ¤¤¤
[RUN][BLACKLIST DLL] HKLM\[...]\Run : RunDLLEntry_THXCfg (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64) -> DELETED
[RUN][BLACKLIST DLL] HKLM\[...]\Run : RunDLLEntry_EptMon (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64) -> DELETED
[TASK][SUSP PATH] {11B17C39-E864-40E0-B457-30CFB16F0B27} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {12C39DC7-1D80-4C7F-8483-2843928CBB10} : C:\Users\Landie\Desktop\stuff\Humble\psychonautspc-release\psychonauts\Psychonauts.exe -> DELETED
[TASK][SUSP PATH] {1AABBA32-E98F-4666-A58E-3639DC5BAA6E} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {233B8962-9F25-4D8A-800E-0B2F1F601174} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {317F257E-6BBB-4A32-9A57-F4A2F37838CC} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {325375F5-DF07-4126-B59C-BC9B30B79EDE} : C:\Users\Landie\Desktop\stuff\Humble\psychonautspc-release\psychonauts\Psychonauts.exe -> DELETED
[TASK][SUSP PATH] {3D7127CE-44FC-4271-BEF9-5D45465E000B} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {48B2C45D-B48B-4D76-89FD-70EFC384177A} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {4A8EAD99-55C6-41DF-9783-6964127300C9} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {4BDF4606-58D0-420B-8882-375AA9CA4138} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {534CA46E-C663-4A40-AB37-F9CF67B2C083} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {61856820-A554-4768-934D-CF1A95900CFE} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {62727126-6667-4BEA-A590-3EC1FD1300C0} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {63130CFD-E280-49E9-83EA-B70E6CA8296B} : C:\Users\Landie\Desktop\stuff\Humble\psychonautspc-release\psychonauts\Psychonauts.exe -> DELETED
[TASK][SUSP PATH] {65E53FD2-BAC9-445E-8845-99DF50CB8B93} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {68C09F34-7B8A-4238-AF9B-43DEE927A5C4} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {6ABACD32-38BE-4D79-8914-16336D96344E} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {78C6C6AF-4592-423A-A622-18F0B641D79A} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {87BE53AB-92DD-4632-9A66-904A45919C62} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {896A61D8-C4A5-41C1-AA0E-910B5E621E08} : C:\Users\Landie\Desktop\stuff\Humble\psychonautspc-release\psychonauts\Psychonauts.exe -> DELETED
[TASK][SUSP PATH] {8983ED2C-C4ED-4C42-A5CD-165BA0507975} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {9913D03B-13E7-409F-8BE9-4D89CA378EB1} : C:\Users\Landie\Desktop\FretsOnFire-1.3.110-win32\Frets on Fire\FretsOnFire.exe -> DELETED
[TASK][SUSP PATH] {9F7FC2E8-A42B-475A-86FC-ED88D7607545} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {A0DF463F-3CFD-427B-8B16-C59D7F3F640A} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {AB683580-8521-426E-86EB-399B88D3B198} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {B12106E0-0807-4050-8BC4-15B3426A5598} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {B5579C40-7824-4585-9A25-4AB2229D2CB7} : C:\Users\Landie\Desktop\FretsOnFire-1.3.110-win32\Frets on Fire\FretsOnFire.exe -> DELETED
[TASK][SUSP PATH] {B8E390FC-BC20-48A8-A26C-CEC070671A45} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {BACE3DE7-007C-4178-B121-862BFEA64AA6} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {CB5A0A72-575C-4EE3-8D94-A05CA91F3D1E} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {D05CD870-ECC1-46AD-95C5-3A5FCEB02240} : C:\Users\Landie\Desktop\stuff\Humble\psychonautspc-release\psychonauts\Psychonauts.exe -> DELETED
[TASK][SUSP PATH] {D3F07206-74D4-47D1-AEA0-CF284D04D9B4} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {D7657120-48A8-46B0-BF38-7F149CEC2A4F} : C:\Users\Landie\Desktop\FretsOnFire-1.3.110-win32\Frets on Fire\FretsOnFire.exe -> DELETED
[TASK][SUSP PATH] {DC2BC2E8-1B03-49B7-9568-CAA9F596221B} : C:\Users\Landie\Desktop\FretsOnFire-1.3.110-win32\Frets on Fire\FretsOnFire.exe -> DELETED
[TASK][SUSP PATH] {E87124B3-D001-43D5-9B0E-A818AF90307E} : C:\Users\Landie\Desktop\vanpri107c\vanpri107c\ヴァンガードプリンセス\ヴァンガードプリンセス.exe -> DELETED
[TASK][SUSP PATH] {EB063E74-AA89-4510-A142-B4364396E0A0} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {EE75B661-275E-469B-B547-CF12963F10D6} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD1001FAES-75W7A0 +++++
--- User ---
[MBR] 612493e7e28df08f2bbc5bca066d08a2
[BSP] 2443d7138d44605c205800f5c869ff21 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12542 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25767936 | Size: 941272 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

JuiceBox, Sep 23, 2012

#69
JuiceBox Newcomer, in training Posts: 92

And here's the Malwarebytes log:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.22.05
Windows 7 Service Pack 1 x64 FAT32
Internet Explorer 9.0.8112.16421
Landie :: NEWDELL [administrator]
22/09/2012 11:04:01 AM
mbam-log-2012-09-22 (11-04-01).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 490459
Time elapsed: 1 hour(s), 24 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\FRST\Quarantine\ApNnQdomYXNfVQU.exe (Backdoor.Agent.RCGen) -> Quarantined and deleted successfully.
(end)

JuiceBox, Sep 23, 2012

#70
JuiceBox Newcomer, in training Posts: 92

And here's the aswMBR Stuff:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-22 12:35:48
-----------------------------
12:35:48.452 OS Version: Windows x64 6.1.7601 Service Pack 1
12:35:48.452 Number of processors: 8 586 0x2A07
12:35:48.452 ComputerName: NEWDELL UserName: Landie
12:35:49.856 Initialize success
12:36:41.368 AVAST engine defs: 12092200
12:37:11.164 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:37:11.164 Disk 0 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3
12:37:11.179 Disk 0 MBR read successfully
12:37:11.179 Disk 0 MBR scan
12:37:11.210 Disk 0 Windows VISTA default MBR code
12:37:11.210 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:37:11.242 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12542 MB offset 81920
12:37:11.288 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 941272 MB offset 25767936
12:37:11.335 Disk 0 scanning C:\Windows\system32\drivers
12:37:24.112 Service scanning
12:37:53.533 Modules scanning
12:37:53.533 Disk 0 trace - called modules:
12:37:53.549 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:37:54.064 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800934e790]
12:37:54.064 3 CLASSPNP.SYS[fffff88001bac43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007897050]
12:37:55.624 AVAST engine scan C:\Windows
12:38:02.503 AVAST engine scan C:\Windows\system32
12:43:42.802 AVAST engine scan C:\Windows\system32\drivers
12:44:12.006 AVAST engine scan C:\Users\Landie
12:58:25.222 AVAST engine scan C:\ProgramData
13:02:00.643 Scan finished successfully
14:17:20.972 Disk 0 MBR has been saved successfully to "J:\MBR.dat"
14:17:20.988 The log file has been saved successfully to "J:\aswMBR.txt"

JuiceBox, Sep 23, 2012

#71
Broni Malware Annihilator Posts: 39,405 +177
Good

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

=====================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If restarting doesn't help use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
Broni, Sep 23, 2012

#72
JuiceBox Newcomer, in training Posts: 92

Okay, here's the combofix log:
ComboFix 12-09-24.02 - Landie 24/09/2012 16:39:52.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8175.6559 [GMT -7:00]
Running from: J:\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\202BF8F35A.sys
c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-24 to 2012-09-24 )))))))))))))))))))))))))))))))
.
.
2074-05-19 01:44 . 2008-03-21 22:46 607296 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2012-09-24 23:43 . 2012-09-24 23:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-24 23:43 . 2012-09-24 23:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-22 17:59 . 2012-09-22 17:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-22 17:59 . 2012-09-08 00:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-22 03:33 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE9F0886-53D6-4ED2-9BF8-03F2B346FCD6}\mpengine.dll
2012-09-13 23:22 . 2012-09-13 23:22 -------- d-----w- C:\found.001
2012-09-08 19:34 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 05:02 . 2011-03-29 18:06 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-03 03:15 . 2011-07-21 21:15 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-08-03 03:14 . 2011-07-21 21:15 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-08-03 03:14 . 2011-07-21 21:15 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-08-03 03:14 . 2011-07-21 21:15 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-07-18 18:15 . 2012-08-15 22:28 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 18:19 . 2011-07-04 03:29 848 --sha-w- c:\programdata\KGyGaAvL.sys
2012-07-04 22:16 . 2012-08-15 22:28 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 22:28 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 22:28 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 22:28 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-29 18:48 . 2012-07-03 15:22 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-29 18:48 . 2012-07-03 15:22 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8CC0318F-C061-4728-B871-9AF05DE98031}\gapaengine.dll
2012-06-29 04:55 . 2012-08-16 05:04 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-16 05:04 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-16 05:04 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-16 05:04 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-16 05:04 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-16 05:04 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-16 05:04 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-16 05:04 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-16 05:04 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-16 05:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-16 05:04 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-16 05:04 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-16 05:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-16 05:04 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-16 05:04 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-16 05:04 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-16 05:04 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-16 05:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-16 05:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
"DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2011-01-01 110352]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-17 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Lexmark Pro800-Pro900 Series"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\fm3032.exe" [2009-10-01 316072]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-09-03 518640]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
.
c:\users\Landie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-2-27 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-14 45736]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [2007-03-28 1021440]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athrxu6.sys [2007-07-05 1041920]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 97040]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 36720]
R3 MSSQL$NR2007;SQL Server (NR2007);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-27 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-18 203264]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-04-05 8704]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-14 1052328]
S2 NeatWorksDatabaseController;NeatWorks Database Controller;c:\program files (x86)\NeatWorks\exec\NeatWorksDatabaseController.exe [2008-12-23 351352]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-18 6853632]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-18 263680]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2344966874-3736381344-1801091321-1000Core.job
- c:\users\Landie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-22 22:29]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2344966874-3736381344-1801091321-1000UA.job
- c:\users\Landie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-22 22:29]
.
2012-06-22 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2011-07-08 13:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2011-01-24 148280]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2011-01-24 770728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{01BACE2F-DB10-425E-87C5-2477C46B5374}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.4.4
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Completion time: 2012-09-24 16:50:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-24 23:50
.
Pre-Run: 726,496,575,488 bytes free
Post-Run: 726,715,781,120 bytes free
.
- - End Of File - - 8FB129F95EC243DA1C80D0D7A84FB77E

JuiceBox, Sep 24, 2012

#73
JuiceBox Newcomer, in training Posts: 92

And I ran Rkill just because I could. Here's the log:
Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 09/24/2012 04:53:29 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 09/24/2012 04:53:38 PM
Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)

JuiceBox, Sep 24, 2012

#74
Broni Malware Annihilator Posts: 39,405 +177
Looks good

Any current issues?

=====================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Sep 24, 2012

#75
JuiceBox Newcomer, in training Posts: 92

No, nothing seems supremely wrong right now. Here's the first part of the OTL.txt:
5/2012 3:59:08 PM - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Landie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.98 Gb Total Physical Memory | 6.81 Gb Available Physical Memory | 85.35% Memory free
15.96 Gb Paging File | 13.99 Gb Available in Paging File | 87.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.21 Gb Total Space | 674.56 Gb Free Space | 73.38% Space Free | Partition Type: NTFS
Drive J: | 3.60 Gb Total Space | 2.22 Gb Free Space | 61.70% Space Free | Partition Type: FAT32

Computer Name: NEWDELL | User Name: Landie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/25 15:57:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Landie\Desktop\OTL.exe
PRC - [2011/03/15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/01/23 17:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
PRC - [2011/01/23 17:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
PRC - [2010/09/13 17:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 17:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/09/03 00:28:54 | 000,518,640 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/03/10 15:26:30 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2008/12/23 11:47:56 | 000,351,352 | ---- | M] (The Neat Company) -- C:\Program Files (x86)\NeatWorks\exec\NeatWorksDatabaseController.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/14 07:03:37 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09557e6c5a83a1cb68c7c50a841c8064\IAStorUtil.ni.dll
MOD - [2012/06/14 07:01:49 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/14 07:01:28 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 07:01:24 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/13 13:54:09 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll
MOD - [2012/05/13 13:28:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/13 13:27:29 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/13 13:27:26 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/13 13:27:24 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/13 13:27:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/13 13:27:21 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/23 17:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
MOD - [2011/01/23 17:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
MOD - [2010/09/03 00:28:54 | 000,518,640 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/08/30 02:34:12 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/04/05 03:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epoemdll.dll
MOD - [2010/04/05 03:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll
MOD - [2010/04/05 03:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epwizres.dll
MOD - [2010/04/05 03:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epwizard.dll
MOD - [2010/04/05 03:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll
MOD - [2010/04/05 03:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epfunct.dll
MOD - [2010/04/05 03:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\eputil.dll
MOD - [2010/04/05 03:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\imagutil.dll
MOD - [2010/04/01 10:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdrs.dll
MOD - [2010/04/01 10:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll
MOD - [2009/05/27 05:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll
MOD - [2009/04/07 16:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll
MOD - [2009/03/09 22:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll
MOD - [2009/03/02 07:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/05/17 19:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/14 13:08:30 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeccoms.exe -- (lxec_device)
SRV:64bit: - [2010/04/14 13:08:23 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/07 15:51:45 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/05 12:50:06 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2011/01/28 14:31:58 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/13 17:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/09/04 00:15:22 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/09/04 00:14:26 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/04/14 13:08:23 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2010/04/14 13:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeccoms.exe -- (lxec_device)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/23 11:47:56 | 000,351,352 | ---- | M] (The Neat Company) [Auto | Running] -- C:\Program Files (x86)\NeatWorks\exec\NeatWorksDatabaseController.exe -- (NeatWorksDatabaseController)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/15 18:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 20:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/14 05:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/06/08 05:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/05/17 19:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/17 18:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/08 05:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/29 01:04:38 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/11/11 14:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 14:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 14:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2007/07/05 02:58:36 | 001,041,920 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxu6.sys -- (athrusb6)
DRV:64bit: - [2007/03/27 19:06:48 | 001,021,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3AFCB586-88DB-4248-BE0B-808D946FBB65}
IE:64bit: - HKLM\..\SearchScopes\{3AFCB586-88DB-4248-BE0B-808D946FBB65}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9AF6C5D1-63EA-4FFC-89E6-4D8E67983CA1}
IE - HKLM\..\SearchScopes\{9AF6C5D1-63EA-4FFC-89E6-4D8E67983CA1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2344966874-3736381344-1801091321-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-2344966874-3736381344-1801091321-1000\..\SearchScopes,DefaultScope = {9AF6C5D1-63EA-4FFC-89E6-4D8E67983CA1}
IE - HKU\S-1-5-21-2344966874-3736381344-1801091321-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2344966874-3736381344-1801091321-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Landie\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Landie\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

========== Chrome ==========

CHR - homepage: http://www.google.ca/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.ca/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Landie\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Landie\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Landie\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Landie\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: VStripe = C:\Users\Landie\AppData\Local\Google\Chrome\User Data\Default\Extensions\agfkmahepejjpgmckcdbllhcgfekmhph\1.0_0\
CHR - Extension: YouTube = C:\Users\Landie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Landie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Landie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/24 16:45:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxecmon.exe] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Lexmark Pro800-Pro900 Series] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\fm3032.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-2344966874-3736381344-1801091321-1000..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com)
O4 - HKU\S-1-5-21-2344966874-3736381344-1801091321-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Landie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2344966874-3736381344-1801091321-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2344966874-3736381344-1801091321-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2344966874-3736381344-1801091321-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.122.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01BACE2F-DB10-425E-87C5-2477C46B5374}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B48A33B-BD00-46C1-8317-CD77EB5032BD}: DhcpNameServer = 192.168.1.254 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C99A5B1C-6C63-4A11-BC71-F9C6A44E582F}: DhcpNameServer = 192.168.1.254 199.185.220.254
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - J:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/25 15:58:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Landie\Desktop\OTL.exe
[2012/09/24 16:45:29 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/09/24 16:39:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/24 16:39:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/24 16:39:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/24 16:35:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/23 14:24:02 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Landie\Desktop\unhide.exe
[2012/09/22 10:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/22 10:59:00 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/22 10:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/22 10:57:00 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Landie\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/22 10:51:16 | 000,000,000 | ---D | C] -- C:\Users\Landie\Desktop\RK_Quarantine
[2012/09/13 16:50:23 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Landie\Desktop\billy.exe
[2012/09/13 16:22:10 | 000,000,000 | ---D | C] -- C:\found.001
[2012/09/13 16:09:51 | 000,000,000 | ---D | C] -- C:\Users\Landie\Desktop\tdsskiller
[2012/09/13 16:09:41 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Landie\Desktop\aswMBR.exe
[2012/09/12 16:03:07 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Landie\Desktop\dds.com
[2012/08/27 12:36:20 | 000,000,000 | ---D | C] -- C:\Users\Landie\Desktop\Crazy Bass Stuff
[2010/06/02 05:22:02 | 001,801,048 | ---- | C] (Microsoft Corporation) -- C:\Users\Landie\AppData\Local\dsetup32.dll
[2010/06/02 05:22:02 | 000,089,944 | ---- | C] (Microsoft Corporation) -- C:\Users\Landie\AppData\Local\DSETUP.dll

========== Files - Modified Within 30 Days ==========

[2012/09/25 15:57:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Landie\Desktop\OTL.exe
[2012/09/25 15:56:50 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2344966874-3736381344-1801091321-1000UA.job
[2012/09/25 15:56:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/25 15:56:40 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2344966874-3736381344-1801091321-1000Core.job
[2012/09/24 17:04:48 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/24 17:04:48 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/24 16:57:43 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/09/24 16:56:50 | 2133,823,487 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/24 16:52:50 | 000,000,624 | ---- | M] () -- C:\Users\Landie\Desktop\iExplore.exe - Shortcut.lnk
[2012/09/24 16:45:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/24 16:34:41 | 000,000,624 | ---- | M] () -- C:\Users\Landie\Desktop\ComboFix.exe - Shortcut.lnk
[2012/09/23 14:23:24 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Landie\Desktop\unhide.exe
[2012/09/22 10:59:04 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/22 10:57:27 | 000,799,508 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/22 10:57:27 | 000,680,154 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/22 10:57:27 | 000,129,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/22 10:55:38 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Landie\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/22 10:44:12 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Landie\Desktop\aswMBR.exe
[2012/09/22 10:40:48 | 001,388,032 | ---- | M] () -- C:\Users\Landie\Desktop\RogueKiller.exe
[2012/09/22 10:39:40 | 002,193,278 | ---- | M] () -- C:\Users\Landie\Desktop\tdsskiller.zip
[2012/09/13 16:12:19 | 000,000,681 | ---- | M] () -- C:\Users\Landie\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk

JuiceBox, Sep 25, 2012

#76
JuiceBox Newcomer, in training Posts: 92

And the Second part of the OTL.txt:
File_Recovery.lnk
[2012/09/12 15:59:50 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Landie\Desktop\dds.com
[2012/09/12 15:57:08 | 000,302,592 | ---- | M] () -- C:\Users\Landie\Desktop\cbr8bk3o.exe
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/30 08:56:41 | 527,974,013 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2012/09/24 16:52:50 | 000,000,624 | ---- | C] () -- C:\Users\Landie\Desktop\iExplore.exe - Shortcut.lnk
[2012/09/24 16:39:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/24 16:39:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/24 16:39:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/24 16:39:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/24 16:39:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/24 16:39:20 | 000,001,166 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2012/09/24 16:39:20 | 000,000,995 | ---- | C] () -- C:\Users\Landie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/09/24 16:34:41 | 000,000,624 | ---- | C] () -- C:\Users\Landie\Desktop\ComboFix.exe - Shortcut.lnk
[2012/09/23 14:34:24 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/09/23 14:34:24 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/09/23 14:34:24 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/09/23 14:34:24 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/09/23 14:34:24 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/09/23 14:34:24 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/09/23 14:34:24 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/09/23 14:34:24 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/09/23 14:34:24 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/09/23 14:34:24 | 000,001,126 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG Maker VX.lnk
[2012/09/23 14:34:23 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/23 14:34:23 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/09/23 14:34:22 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/09/23 14:34:22 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/09/23 14:34:22 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2012/09/23 14:34:22 | 000,001,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cozi Family Calendar.lnk
[2012/09/23 14:34:22 | 000,001,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/09/23 14:34:22 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/09/23 14:34:22 | 000,000,941 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Construct 2.lnk
[2012/09/22 10:59:04 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/22 10:51:13 | 001,388,032 | ---- | C] () -- C:\Users\Landie\Desktop\RogueKiller.exe
[2012/09/13 16:12:19 | 000,000,681 | ---- | C] () -- C:\Users\Landie\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/09/13 16:12:19 | 000,000,657 | ---- | C] () -- C:\Users\Landie\Desktop\File_Recovery.lnk
[2012/09/13 16:09:37 | 002,193,278 | ---- | C] () -- C:\Users\Landie\Desktop\tdsskiller.zip
[2012/09/12 16:03:03 | 000,302,592 | ---- | C] () -- C:\Users\Landie\Desktop\cbr8bk3o.exe
[2012/07/31 13:03:12 | 000,001,148 | ---- | C] () -- C:\Windows\SysWow64\game.ini
[2012/07/31 12:54:34 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2012/05/26 07:16:28 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/03/29 21:08:40 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012/03/29 21:06:23 | 000,000,476 | ---- | C] () -- C:\Windows\eReg.dat
[2012/03/26 17:52:47 | 000,212,988 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/03/04 20:10:42 | 000,000,297 | ---- | C] () -- C:\Windows\EReg072.dat
[2011/11/07 18:42:45 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2011/11/07 18:42:20 | 000,000,016 | ---- | C] () -- C:\Windows\encore_launcher.ini
[2011/10/07 15:37:12 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll
[2011/10/07 15:37:12 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXECinst.dll
[2011/10/07 15:37:11 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll
[2011/10/07 15:37:11 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll
[2011/10/07 15:37:11 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll
[2011/10/07 15:37:11 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll
[2011/10/07 15:37:10 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll
[2011/10/07 15:37:10 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll
[2011/10/07 15:37:10 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll
[2011/10/07 15:37:10 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll
[2011/10/07 15:37:10 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll
[2011/10/07 15:37:10 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll
[2011/10/07 15:37:09 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll
[2011/10/07 15:37:09 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll
[2011/10/07 15:37:08 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll
[2011/10/07 15:37:08 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll
[2011/10/07 15:37:08 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe
[2011/10/07 15:37:07 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll
[2011/10/07 15:37:07 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe
[2011/10/07 15:37:07 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll
[2011/10/07 15:37:06 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe
[2011/10/07 15:35:53 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXECsm.dll
[2011/10/07 15:35:53 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXECsmr.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/10 14:58:00 | 000,000,120 | ---- | C] () -- C:\Users\Landie\AppData\Local\Ewaqi.dat
[2011/09/10 14:58:00 | 000,000,000 | ---- | C] () -- C:\Users\Landie\AppData\Local\Fxeyaponadu.bin
[2011/07/26 13:12:13 | 000,005,632 | ---- | C] () -- C:\Users\Landie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/18 12:33:44 | 000,000,244 | ---- | C] () -- C:\Users\Landie\appMobiToolkit.props
[2011/07/03 20:29:40 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/05/30 23:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/05/30 23:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/04/19 17:29:31 | 000,001,159 | ---- | C] () -- C:\Windows\hpomdl42.dat.temp
[2011/04/09 10:45:30 | 000,175,831 | ---- | C] () -- C:\Windows\hpoins42.dat
[2011/04/09 10:45:30 | 000,001,159 | ---- | C] () -- C:\Windows\hpomdl42.dat
[2011/03/20 20:30:46 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2011/03/07 16:46:37 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2011/02/07 20:32:40 | 000,804,910 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/28 16:22:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/01/28 16:05:53 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/28 14:32:21 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/01/28 14:32:21 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/01/28 14:32:21 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/01/28 14:32:19 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/01/28 14:32:19 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/06/02 05:22:54 | 001,412,902 | ---- | C] () -- C:\Users\Landie\AppData\Local\OCT2006_d3dx9_31_x64.cab
[2010/06/02 05:22:54 | 001,127,217 | ---- | C] () -- C:\Users\Landie\AppData\Local\OCT2006_d3dx9_31_x86.cab
[2010/06/02 05:22:54 | 000,273,960 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2008_XAudio_x64.cab
[2010/06/02 05:22:54 | 000,272,611 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2008_XAudio_x86.cab
[2010/06/02 05:22:54 | 000,182,361 | ---- | C] () -- C:\Users\Landie\AppData\Local\OCT2006_XACT_x64.cab
[2010/06/02 05:22:54 | 000,138,017 | ---- | C] () -- C:\Users\Landie\AppData\Local\OCT2006_XACT_x86.cab
[2010/06/02 05:22:54 | 000,086,037 | ---- | C] () -- C:\Users\Landie\AppData\Local\Oct2005_xinput_x64.cab
[2010/06/02 05:22:54 | 000,045,359 | ---- | C] () -- C:\Users\Landie\AppData\Local\Oct2005_xinput_x86.cab
[2010/06/02 05:22:52 | 001,906,878 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2008_d3dx9_40_x64.cab
[2010/06/02 05:22:52 | 001,550,796 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2008_d3dx9_40_x86.cab
[2010/06/02 05:22:52 | 000,965,421 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2008_d3dx10_40_x86.cab
[2010/06/02 05:22:52 | 000,121,794 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2008_XACT_x64.cab
[2010/06/02 05:22:52 | 000,092,684 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2008_XACT_x86.cab
[2010/06/02 05:22:52 | 000,054,522 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2008_X3DAudio_x64.cab
[2010/06/02 05:22:52 | 000,021,851 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2008_X3DAudio_x86.cab
[2010/06/02 05:22:50 | 000,994,154 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2008_d3dx10_40_x64.cab
[2010/06/02 05:22:50 | 000,196,762 | ---- | C] () -- C:\Users\Landie\AppData\Local\NOV2007_XACT_x64.cab
[2010/06/02 05:22:50 | 000,148,264 | ---- | C] () -- C:\Users\Landie\AppData\Local\NOV2007_XACT_x86.cab
[2010/06/02 05:22:50 | 000,046,144 | ---- | C] () -- C:\Users\Landie\AppData\Local\NOV2007_X3DAudio_x64.cab
[2010/06/02 05:22:50 | 000,018,496 | ---- | C] () -- C:\Users\Landie\AppData\Local\NOV2007_X3DAudio_x86.cab
[2010/06/02 05:22:48 | 001,802,058 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2007_d3dx9_36_x64.cab
[2010/06/02 05:22:48 | 001,709,360 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2007_d3dx9_36_x86.cab
[2010/06/02 05:22:48 | 000,864,600 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2007_d3dx10_36_x64.cab
[2010/06/02 05:22:48 | 000,803,884 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2007_d3dx10_36_x86.cab
[2010/06/02 05:22:48 | 000,273,018 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2009_XAudio_x86.cab
[2010/06/02 05:22:46 | 000,275,044 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2009_XAudio_x64.cab
[2010/06/02 05:22:46 | 000,121,506 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2009_XACT_x64.cab
[2010/06/02 05:22:46 | 000,092,740 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2009_XACT_x86.cab
[2010/06/02 05:22:38 | 000,054,600 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2009_X3DAudio_x64.cab
[2010/06/02 05:22:38 | 000,021,298 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2009_X3DAudio_x86.cab
[2010/06/02 05:22:36 | 001,973,702 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2009_d3dx9_41_x64.cab
[2010/06/02 05:22:36 | 001,612,446 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2009_d3dx9_41_x86.cab
[2010/06/02 05:22:36 | 001,067,160 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2009_d3dx10_41_x64.cab
[2010/06/02 05:22:36 | 001,040,745 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2009_d3dx10_41_x86.cab
[2010/06/02 05:22:36 | 000,251,194 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2008_XAudio_x64.cab
[2010/06/02 05:22:36 | 000,226,250 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2008_XAudio_x86.cab
[2010/06/02 05:22:36 | 000,122,336 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2008_XACT_x64.cab
[2010/06/02 05:22:36 | 000,093,734 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2008_XACT_x86.cab
[2010/06/02 05:22:34 | 001,769,862 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2008_d3dx9_37_x64.cab
[2010/06/02 05:22:34 | 001,443,282 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2008_d3dx9_37_x86.cab
[2010/06/02 05:22:34 | 000,818,260 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2008_d3dx10_37_x86.cab
[2010/06/02 05:22:34 | 000,055,058 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2008_X3DAudio_x64.cab
[2010/06/02 05:22:34 | 000,021,867 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2008_X3DAudio_x86.cab
[2010/06/02 05:22:32 | 000,937,246 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_d3dx9_43_x64.cab
[2010/06/02 05:22:32 | 000,844,884 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2008_d3dx10_37_x64.cab
[2010/06/02 05:22:32 | 000,768,036 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_d3dx9_43_x86.cab
[2010/06/02 05:22:32 | 000,278,060 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_XAudio_x86.cab
[2010/06/02 05:22:32 | 000,277,338 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_XAudio_x64.cab
[2010/06/02 05:22:32 | 000,124,596 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_XACT_x64.cab
[2010/06/02 05:22:32 | 000,093,686 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_XACT_x86.cab
[2010/06/02 05:22:30 | 000,762,188 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_d3dcsx_43_x86.cab
[2010/06/02 05:22:30 | 000,235,955 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_d3dx10_43_x64.cab
[2010/06/02 05:22:30 | 000,197,283 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_d3dx10_43_x86.cab
[2010/06/02 05:22:30 | 000,138,205 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_d3dx11_43_x64.cab
[2010/06/02 05:22:30 | 000,109,445 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_d3dx11_43_x86.cab
[2010/06/02 05:22:28 | 000,944,460 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_D3DCompiler_43_x64.cab
[2010/06/02 05:22:28 | 000,931,471 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_D3DCompiler_43_x86.cab
[2010/06/02 05:22:28 | 000,752,783 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_d3dcsx_43_x64.cab
[2010/06/02 05:22:20 | 000,269,024 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2008_XAudio_x86.cab
[2010/06/02 05:22:18 | 001,792,608 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2008_d3dx9_38_x64.cab
[2010/06/02 05:22:18 | 001,463,878 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2008_d3dx9_38_x86.cab
[2010/06/02 05:22:18 | 000,867,828 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2008_d3dx10_38_x64.cab
[2010/06/02 05:22:18 | 000,849,919 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2008_d3dx10_38_x86.cab
[2010/06/02 05:22:18 | 000,269,628 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2008_XAudio_x64.cab
[2010/06/02 05:22:18 | 000,152,909 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2007_XACT_x86.cab
[2010/06/02 05:22:18 | 000,121,054 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2008_XACT_x64.cab
[2010/06/02 05:22:18 | 000,093,128 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2008_XACT_x86.cab
[2010/06/02 05:22:18 | 000,055,154 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2008_X3DAudio_x64.cab
[2010/06/02 05:22:18 | 000,021,905 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2008_X3DAudio_x86.cab
[2010/06/02 05:22:16 | 001,607,774 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2007_d3dx9_34_x64.cab
[2010/06/02 05:22:16 | 001,607,286 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2007_d3dx9_34_x86.cab
[2010/06/02 05:22:16 | 001,064,925 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2005_d3dx9_26_x86.cab
[2010/06/02 05:22:16 | 000,699,044 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2007_d3dx10_34_x64.cab
[2010/06/02 05:22:16 | 000,698,472 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2007_d3dx10_34_x86.cab
[2010/06/02 05:22:16 | 000,197,122 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2007_XACT_x64.cab
[2010/06/02 05:22:16 | 000,180,785 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2006_XACT_x64.cab
[2010/06/02 05:22:16 | 000,133,671 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2006_XACT_x86.cab
[2010/06/02 05:22:14 | 001,336,002 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2005_d3dx9_26_x64.cab
[2010/06/02 05:22:14 | 000,277,191 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2010_XAudio_x86.cab
[2010/06/02 05:22:14 | 000,276,960 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2010_XAudio_x64.cab
[2010/06/02 05:22:14 | 000,122,446 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2010_XACT_x64.cab
[2010/06/02 05:22:14 | 000,093,180 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2010_XACT_x86.cab
[2010/06/02 05:22:12 | 000,194,675 | ---- | C] () -- C:\Users\Landie\AppData\Local\FEB2007_XACT_x64.cab
[2010/06/02 05:22:12 | 000,147,983 | ---- | C] () -- C:\Users\Landie\AppData\Local\FEB2007_XACT_x86.cab
[2010/06/02 05:22:12 | 000,054,678 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2010_X3DAudio_x64.cab
[2010/06/02 05:22:12 | 000,020,713 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2010_X3DAudio_x86.cab
[2010/06/02 05:22:10 | 000,178,359 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2006_XACT_x64.cab
[2010/06/02 05:22:10 | 000,132,409 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2006_XACT_x86.cab
[2010/06/02 05:22:04 | 001,084,720 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2006_d3dx9_29_x86.cab
[2010/06/02 05:22:02 | 001,574,376 | ---- | C] () -- C:\Users\Landie\AppData\Local\DEC2006_d3dx9_32_x86.cab
[2010/06/02 05:22:02 | 001,362,796 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2006_d3dx9_29_x64.cab
[2010/06/02 05:22:02 | 001,247,499 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2005_d3dx9_24_x64.cab
[2010/06/02 05:22:02 | 001,013,225 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2005_d3dx9_24_x86.cab
[2010/06/02 05:22:02 | 000,192,475 | ---- | C] () -- C:\Users\Landie\AppData\Local\DEC2006_XACT_x64.cab
[2010/06/02 05:22:02 | 000,145,599 | ---- | C] () -- C:\Users\Landie\AppData\Local\DEC2006_XACT_x86.cab
[2010/06/02 05:22:02 | 000,094,011 | ---- | C] () -- C:\Users\Landie\AppData\Local\dxupdate.cab
[2010/06/02 05:22:02 | 000,042,410 | ---- | C] () -- C:\Users\Landie\AppData\Local\dxdllreg_x86.cab
[2010/06/02 05:22:00 | 001,571,154 | ---- | C] () -- C:\Users\Landie\AppData\Local\DEC2006_d3dx9_32_x64.cab
[2010/06/02 05:22:00 | 001,357,976 | ---- | C] () -- C:\Users\Landie\AppData\Local\Dec2005_d3dx9_28_x64.cab
[2010/06/02 05:22:00 | 001,079,456 | ---- | C] () -- C:\Users\Landie\AppData\Local\Dec2005_d3dx9_28_x86.cab
[2010/06/02 05:22:00 | 000,273,264 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_XAudio_x64.cab
[2010/06/02 05:22:00 | 000,272,642 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_XAudio_x86.cab
[2010/06/02 05:22:00 | 000,212,807 | ---- | C] () -- C:\Users\Landie\AppData\Local\DEC2006_d3dx10_00_x64.cab
[2010/06/02 05:22:00 | 000,191,720 | ---- | C] () -- C:\Users\Landie\AppData\Local\DEC2006_d3dx10_00_x86.cab
[2010/06/02 05:22:00 | 000,122,408 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_XACT_x64.cab
[2010/06/02 05:22:00 | 000,093,106 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_XACT_x86.cab
[2010/06/02 05:21:58 | 000,930,116 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_d3dx9_42_x64.cab
[2010/06/02 05:21:58 | 000,728,456 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_d3dx9_42_x86.cab
[2010/06/02 05:21:58 | 000,232,635 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_d3dx10_42_x64.cab
[2010/06/02 05:21:58 | 000,192,131 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_d3dx10_42_x86.cab
[2010/06/02 05:21:58 | 000,136,301 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_d3dx11_42_x64.cab
[2010/06/02 05:21:58 | 000,105,044 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_d3dx11_42_x86.cab
[2010/06/02 05:21:56 | 003,319,740 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_d3dcsx_42_x86.cab
[2010/06/02 05:21:56 | 003,112,111 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_d3dcsx_42_x64.cab
[2010/06/02 05:21:56 | 000,900,598 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_D3DCompiler_42_x86.cab
[2010/06/02 05:21:46 | 000,919,044 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_D3DCompiler_42_x64.cab
[2010/06/02 05:21:46 | 000,271,412 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2008_XAudio_x64.cab
[2010/06/02 05:21:46 | 000,271,038 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2008_XAudio_x86.cab
[2010/06/02 05:21:44 | 001,794,084 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2008_d3dx9_39_x64.cab
[2010/06/02 05:21:44 | 001,464,672 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2008_d3dx9_39_x86.cab
[2010/06/02 05:21:44 | 000,849,167 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2008_d3dx10_39_x86.cab
[2010/06/02 05:21:44 | 000,198,096 | ---- | C] () -- C:\Users\Landie\AppData\Local\AUG2007_XACT_x64.cab
[2010/06/02 05:21:44 | 000,153,012 | ---- | C] () -- C:\Users\Landie\AppData\Local\AUG2007_XACT_x86.cab
[2010/06/02 05:21:44 | 000,121,772 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2008_XACT_x64.cab
[2010/06/02 05:21:44 | 000,092,996 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2008_XACT_x86.cab
[2010/06/02 05:21:42 | 001,800,160 | ---- | C] () -- C:\Users\Landie\AppData\Local\AUG2007_d3dx9_35_x64.cab
[2010/06/02 05:21:42 | 001,708,152 | ---- | C] () -- C:\Users\Landie\AppData\Local\AUG2007_d3dx9_35_x86.cab
[2010/06/02 05:21:42 | 000,867,612 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2008_d3dx10_39_x64.cab
[2010/06/02 05:21:42 | 000,852,286 | ---- | C] () -- C:\Users\Landie\AppData\Local\AUG2007_d3dx10_35_x64.cab
[2010/06/02 05:21:42 | 000,796,867 | ---- | C] () -- C:\Users\Landie\AppData\Local\AUG2007_d3dx10_35_x86.cab
[2010/06/02 05:21:40 | 001,350,542 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2005_d3dx9_27_x64.cab
[2010/06/02 05:21:40 | 001,077,644 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2005_d3dx9_27_x86.cab
[2010/06/02 05:21:40 | 000,182,903 | ---- | C] () -- C:\Users\Landie\AppData\Local\AUG2006_XACT_x64.cab
[2010/06/02 05:21:40 | 000,137,235 | ---- | C] () -- C:\Users\Landie\AppData\Local\AUG2006_XACT_x86.cab
[2010/06/02 05:21:40 | 000,087,142 | ---- | C] () -- C:\Users\Landie\AppData\Local\AUG2006_xinput_x64.cab
[2010/06/02 05:21:40 | 000,053,302 | ---- | C] () -- C:\Users\Landie\AppData\Local\APR2007_xinput_x86.cab
[2010/06/02 05:21:40 | 000,046,058 | ---- | C] () -- C:\Users\Landie\AppData\Local\AUG2006_xinput_x86.cab
[2010/06/02 05:21:38 | 001,606,039 | ---- | C] () -- C:\Users\Landie\AppData\Local\APR2007_d3dx9_33_x86.cab
[2010/06/02 05:21:38 | 000,195,766 | ---- | C] () -- C:\Users\Landie\AppData\Local\APR2007_XACT_x64.cab
[2010/06/02 05:21:38 | 000,151,225 | ---- | C] () -- C:\Users\Landie\AppData\Local\APR2007_XACT_x86.cab
[2010/06/02 05:21:38 | 000,096,817 | ---- | C] () -- C:\Users\Landie\AppData\Local\APR2007_xinput_x64.cab
[2010/06/02 05:21:36 | 001,607,358 | ---- | C] () -- C:\Users\Landie\AppData\Local\APR2007_d3dx9_33_x64.cab
[2010/06/02 05:21:36 | 000,698,612 | ---- | C] () -- C:\Users\Landie\AppData\Local\APR2007_d3dx10_33_x64.cab
[2010/06/02 05:21:36 | 000,695,865 | ---- | C] () -- C:\Users\Landie\AppData\Local\APR2007_d3dx10_33_x86.cab
[2010/06/02 05:21:34 | 000,046,010 | ---- | C] () -- C:\Users\Landie\AppData\Local\Apr2006_xinput_x86.cab
[2010/06/02 05:21:20 | 000,087,101 | ---- | C] () -- C:\Users\Landie\AppData\Local\Apr2006_xinput_x64.cab
[2010/06/02 05:21:18 | 004,162,630 | ---- | C] () -- C:\Users\Landie\AppData\Local\Apr2006_MDX1_x86_Archive.cab
[2010/06/02 05:21:18 | 000,916,430 | ---- | C] () -- C:\Users\Landie\AppData\Local\Apr2006_MDX1_x86.cab
[2010/06/02 05:21:18 | 000,179,133 | ---- | C] () -- C:\Users\Landie\AppData\Local\Apr2006_XACT_x64.cab
[2010/06/02 05:21:18 | 000,133,103 | ---- | C] () -- C:\Users\Landie\AppData\Local\Apr2006_XACT_x86.cab
[2010/06/02 05:21:16 | 001,397,830 | ---- | C] () -- C:\Users\Landie\AppData\Local\Apr2006_d3dx9_30_x64.cab
[2010/06/02 05:21:16 | 001,347,354 | ---- | C] () -- C:\Users\Landie\AppData\Local\Apr2005_d3dx9_25_x64.cab
[2010/06/02 05:21:16 | 001,115,221 | ---- | C] () -- C:\Users\Landie\AppData\Local\Apr2006_d3dx9_30_x86.cab
[2010/06/02 05:21:16 | 001,078,962 | ---- | C] () -- C:\Users\Landie\AppData\Local\Apr2005_d3dx9_25_x86.cab

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2012/06/21 21:54:16 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\.minecraft
[2012/06/21 21:54:16 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\2K Sports
[2012/06/01 06:53:24 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\capy
[2012/06/21 21:54:16 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\Coby
[2011/07/18 12:06:57 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\Coby Media Manager
[2011/07/09 12:44:11 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/02/10 21:10:16 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\digipen
[2011/10/11 07:07:40 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\Fingertapps
[2012/06/21 21:54:16 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\FirstClass
[2011/11/21 21:29:25 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\fretsonfire
[2011/07/30 18:55:03 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\Hi-Rez Studios
[2012/06/21 21:54:17 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\MotioninJoy
[2012/06/09 16:48:36 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\Mount&Blade
[2012/06/11 20:49:17 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\Mount&Blade Warband
[2012/07/30 07:45:35 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\Mount&Blade With Fire and Sword
[2012/06/21 21:54:17 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\PCDr
[2011/04/11 19:21:50 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\Petroglyph
[2011/12/07 09:56:48 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\Pro800-Pro900 Series
[2012/03/22 16:35:51 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\pymclevel
[2011/05/21 11:01:49 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\ScanSoft
[2011/07/08 15:16:33 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\Scirra
[2012/06/21 21:54:17 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\SoftGrid Client
[2011/09/11 14:28:32 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\supertuxkart
[2011/02/07 20:33:04 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\TP
[2011/12/19 17:41:02 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\Trine2

========== Purity Check ==========

< End of report >

JuiceBox, Sep 25, 2012

#77
JuiceBox Newcomer, in training Posts: 92

And here's the Extras.txt:
OTL Extras logfile created on: 9/25/2012 3:59:08 PM - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Landie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.98 Gb Total Physical Memory | 6.81 Gb Available Physical Memory | 85.35% Memory free
15.96 Gb Paging File | 13.99 Gb Available in Paging File | 87.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.21 Gb Total Space | 674.56 Gb Free Space | 73.38% Space Free | Partition Type: NTFS
Drive J: | 3.60 Gb Total Space | 2.22 Gb Free Space | 61.70% Space Free | Partition Type: FAT32

Computer Name: NEWDELL | User Name: Landie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{12841CA1-052D-4789-9326-C1F71BDF2162}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26DB245D-18EF-487A-9815-9D7D628BD1AF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0C09E7CD-A4D3-4132-9920-74424A70AB48}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{0C7ABFC2-EB77-4512-8EE2-45B61E5378DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beyond good and evil\checkapplication.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{16A72FED-ECB7-42E4-9033-ECD7E9A7C3A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beyond good and evil\checkapplication.exe |
"{2031304A-CF92-43E4-953F-0A02045E8F35}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{2CD91834-AE6F-4748-98F9-6B61FE3090CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{316C83C9-656F-493F-A4CC-9EC5E873DEF0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\drakensang\drakensang.exe |
"{3A4FAAEE-C951-4BE6-92F2-16D62443CA1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |
"{47ECBDF2-1E98-4EDF-A94A-67780159879A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\drakensang\drakensang.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{55CC1252-76B5-4A6C-BEAC-AFE19081BF1B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{64BB16F9-8607-41DB-B50E-153AD218BD3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65C6BCD4-F68A-42FB-AF2D-CAAB158F34AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe |
"{68C58E7B-6D6D-471E-BAC7-02D60B11FD14}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7E6A75F9-4623-4600-8AFA-A7881AB61721}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{83FDA624-73A5-4022-B2D9-B89C9565DDEC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\bin\sdklauncher.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D9EEC6B-6CC9-46D3-BAED-3C1567A725F3}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{9921542B-D025-4A6F-8ED4-7C0CD2DB0DD0}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{A1A4F675-DB13-4532-BC1B-D77C8173F7FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monster trucks nitro\monstertrucksnitro.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5925FB4-26E8-406B-8A0A-34140C742215}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{A91AECBB-6156-4776-9AA6-FB29C03B5397}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AEBB7ABB-16DB-43AA-809E-28534065624C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\bin\sdklauncher.exe |
"{B42FE8C3-AB65-4C59-8ADA-3F7FBF5CB5B0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{B837E56B-D375-4A32-A861-CB13AEE48FF4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{C5CFD5A6-D2BB-48D2-8A78-A7CB44CFF202}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monster trucks nitro\monstertrucksnitro.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D0D85E16-12F2-4462-B860-96312F80BEE8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D83F96B1-5AF6-4D6C-A479-E7025AE564D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{E526A696-90CC-4E5D-9B56-0B4FE0B1172A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F29216D6-1250-4842-AD7A-873EFCC0FFF0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat |
"{F3AEF775-E379-4095-8A6A-7F425CE76038}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{2803002B-8021-490A-ABB5-9B5854B917A8}C:\program files (x86)\steam\steamapps\common\nba 2k12\nba2k12.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nba 2k12\nba2k12.exe |
"TCP Query User{5AB4A5DB-7E2D-4396-93DA-B1AE07594BFA}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |
"TCP Query User{5E4405E5-3B2C-49F6-AEC2-7E86EF91F8B5}C:\program files (x86)\microsoft games\age of empires iii\age3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"TCP Query User{964ED3E2-93B1-4700-9C58-852736EF8403}C:\program files (x86)\microsoft games\age of empires iii\age3y.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |
"TCP Query User{C79BFDEB-9F4D-4FB8-96DD-CBC47EA7CBB8}C:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jamp.exe |
"UDP Query User{660E3EA2-714C-4A6C-AEFA-461BFA9B6063}C:\program files (x86)\steam\steamapps\common\nba 2k12\nba2k12.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nba 2k12\nba2k12.exe |
"UDP Query User{A37F6322-213D-4850-942D-AA58C0CAF246}C:\program files (x86)\microsoft games\age of empires iii\age3y.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |
"UDP Query User{C70C47B0-E8D8-47AC-BA3F-64D9A6E48C14}C:\program files (x86)\microsoft games\age of empires iii\age3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"UDP Query User{D18E29B8-408F-4519-80D4-D53B76E0FEE2}C:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jamp.exe |
"UDP Query User{D7F8D793-A895-4D58-AECF-34F54BBFBF43}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 (64-bit)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2222706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003
"{3EA71966-4551-1758-775B-91769B69720A}" = ccc-utility64
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4D12EB25-2908-4204-BB98-06BD9C588E28}" = HP Photosmart Prem-Web C309n-s All-in-One Driver 14.0 Rel. 6
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{64A3A4F4-B792-11D6-A78A-00B0D0170040}" = Java SE Development Kit 7 Update 4 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}" = Neat ADF Scanner Driver
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}" = Neat Mobile Scanner (Silver) Driver
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}" = Neat Mobile Scanner 2008 Driver
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Construct 2_is1" = Construct 2 r46
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E428946-8332-B93E-9C26-8ADFCEB8DDD8}" = CCC Help Spanish
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{114EA307-D8C8-C17C-4908-4A6F01EFFE1A}" = CCC Help Thai
"{15E289CE-7F02-4841-85A5-B3C6254636FC}" = PS_AIO_06_C309n-s_SW_Min
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B37E535-AEFD-A318-5424-BDCD373D7F1C}" = Catalyst Control Center Localization All
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20AE5481-1D87-5BAA-A18E-176953166A1D}" = Skins
"{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars Knights of the Old Republic
"{2AD129C1-F00C-4F99-74DC-864008611F81}" = Catalyst Control Center InstallProxy
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (NR2007)
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3643EF5F-D28D-4B25-9FA1-8859FC303710}" = Coby Media Manager
"{39D06E77-8921-4056-8901-36D0035BAECA}" = Dell Stage
"{3AEB8580-42C8-E795-F770-5149255C4632}" = CCC Help Greek
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend Open Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E89148E-8827-DB7C-57E7-7C3555DDB752}" = CCC Help Dutch
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"{4A8F48C5-6FAC-9744-55C9-38BF1F0C9425}" = CCC Help Russian
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F77DCBA-7370-CBAF-EF25-6FEB29541C84}" = CCC Help Czech
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{514D3391-F031-78C7-8939-94023AC8AB74}" = CCC Help French
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56EBA9AE-2850-425E-BD83-595FAD8B76F4}" = BIONICLE Heroes Demo
"{5A05DF12-909D-03A6-5983-C111BE26F2BF}" = CCC Help Portuguese
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{695D218A-DEF0-503B-3183-EB992A395159}" = CCC Help Norwegian
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78D56726-B120-D93F-A426-279C95001F08}" = CCC Help Finnish
"{7BD1EAE4-2E08-4087-8600-44B0ACB0C887}" = NeatWorks Core Files
"{7C0759C8-4C6C-4AD7-89B8-0842C4C44F23}" = Jeopardy! 2003
"{7D66971C-652B-4065-A6B1-B3EE313C254B}" = BlueJ
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{818FA1BB-A0A9-F553-D9C7-125C541F3A3A}" = CCC Help Italian
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8681B1E6-CD96-46EF-9065-CE0D1085ED99}" = Star Wars JK II Jedi Outcast
"{888C03E4-58E6-046B-E380-F6CB1972C398}" = CCC Help Japanese
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9060F116-D570-7033-4B42-DB0E5119DDA0}" = CCC Help Swedish
"{924AED21-D45C-3486-FE09-7DD182B35AA0}" = Catalyst Control Center Graphics Previews Common
"{929B1DC7-1201-2305-0182-6CC7655AF596}" = CCC Help English
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{99F8C520-B782-6C15-DBB7-91061BA752C5}" = CCC Help Polish
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B55759D-424F-4CB1-B84E-AAE83CC1D20A}_is1" = Nitronic Rush (2011-12-25) version 20111225.0
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7F702F8-B4AD-3EF4-5B4D-C1BB0DF9DBB6}" = CCC Help Hungarian
"{A8443959-7C6F-3ED4-7BB5-DA0E0F85B9BA}" = ccc-core-static
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AD54E087-C6D2-3439-0993-3061CE6C10F1}" = Catalyst Control Center Graphics Previews Vista
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B196519A-A2AC-443E-84D1-F336B4E8F304}" = BIONICLE
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3C9A765-F917-6C92-A32B-607751AF4C2B}" = CCC Help Turkish
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D616F4D0-6668-5E48-B8DB-5C7382410E75}" = CCC Help German
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E747B6FB-0EED-4D06-26B0-E9D44678DFC2}" = CCC Help Chinese Standard
"{E8989391-9865-473A-A107-625266D6D4BD}" = The Spirit Engine 2
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB6467CC-73B3-9ABE-7D9D-EA41EC4AEB92}" = CCC Help Danish
"{FC4464DB-66BB-44A7-6AF4-39857EBC393B}" = CCC Help Korean
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE951E3B-2001-C965-4D43-42CBBF914515}" = CCC Help Chinese Traditional
"{FF1999B5-40C5-45B3-B001-46EA2B59B484}" = Dell MusicStage
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Activision_SpaceInvadersUninstallKey" = Space Invaders
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AssaultCube_v1.1.0.4" = AssaultCube v1.1.0.4
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Construct Classic_is1" = Construct Classic r1.2
"DebugMode Wax 2.0" = DebugMode Wax 2.0
"DH Lore Invasion" = DH Lore Invasion
"Episode 104 - Abe Lincoln Must Die!" = Sam and Max - Season One - Episode 104 - Abe Lincoln Must Die!
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"InstallShield_{56EBA9AE-2850-425E-BD83-595FAD8B76F4}" = BIONICLE Heroes Demo
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"MechWarrior Mercenaries Downloadable Demo" = MechWarrior 4 Mercenaries Downloadable Trial
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mind Power(TM) Math - Trigonometry" = Mind Power(TM) Math - Trigonometry
"NeatWorks" = NeatWorks
"OpenAL" = OpenAL
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"RPGVXAce_E_is1" = RPG MAKER VX Ace
"RPGVXAce_RTP_is1" = RPG MAKER VX Ace RTP
"Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri
"Steam App 11450" = Overlord
"Steam App 12640" = Drakensang
"Steam App 12850" = FUEL - Demo
"Steam App 12900" = Audiosurf
"Steam App 15130" = Beyond Good & Evil
"Steam App 16620" = Monster Trucks Nitro
"Steam App 17020" = Global Agenda
"Steam App 218" = Source SDK Base 2007
"Steam App 22100" = Mount & Blade
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 38220" = Section 8
"Steam App 47890" = The Sims(TM) 3
"Steam App 48700" = Mount & Blade: Warband
"Steam App 48720" = Mount & Blade: With Fire and Sword
"Steam App 57400" = Batman: Arkham City™
"Steam App 6020" = Star Wars Jedi Knight: Jedi Academy
"Steam App 6060" = Star Wars - Battlefront II
"Steam App 620" = Portal 2
"Steam App 629" = Portal 2 Authoring Tools - Beta
"Steam App 630" = Alien Swarm
"Steam App 63200" = Monday Night Combat
"Steam App 8720" = GTR Evolution Demo
"Tribes 2" = Tribes 2
"Vindictus" = Vindictus
"VirtuallTek Fighter Factory Ultimate_is1" = Fighter Factory Ultimate
"Warmonger" = Warmonger
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2344966874-3736381344-1801091321-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"appMobi XDK" = appMobi XDK
"Google Chrome" = Google Chrome
"Limbo" = LIMBO
"Star Wars Movie Duels 2" = Star Wars Movie Duels 2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/13/2012 12:52:06 AM | Computer Name = NewDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4006433

Error - 9/13/2012 12:52:21 AM | Computer Name = NewDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/13/2012 12:52:21 AM | Computer Name = NewDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4022033

Error - 9/13/2012 12:52:21 AM | Computer Name = NewDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4022033

Error - 9/22/2012 4:20:22 PM | Computer Name = NewDell | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 9/23/2012 5:16:53 PM | Computer Name = NewDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/23/2012 5:16:53 PM | Computer Name = NewDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 74940166

Error - 9/23/2012 5:16:53 PM | Computer Name = NewDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 74940166

Error - 9/23/2012 6:07:54 PM | Computer Name = NewDell | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 9/24/2012 8:17:12 PM | Computer Name = NewDell | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]
Error - 9/24/2012 8:07:09 PM | Computer Name = NewDell | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.793.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 9/24/2012 8:07:09 PM | Computer Name = NewDell | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.793.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8704.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 9/24/2012 8:07:09 PM | Computer Name = NewDell | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.793.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8704.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 9/24/2012 8:07:09 PM | Computer Name = NewDell | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.793.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8704.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 9/24/2012 8:07:09 PM | Computer Name = NewDell | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.793.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8704.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 9/24/2012 8:07:09 PM | Computer Name = NewDell | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.793.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8704.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 9/24/2012 8:07:09 PM | Computer Name = NewDell | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.793.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8704.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 9/24/2012 8:07:09 PM | Computer Name = NewDell | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.793.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8704.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 9/24/2012 8:07:09 PM | Computer Name = NewDell | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.793.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8704.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 9/24/2012 8:25:53 PM | Computer Name = NewDell | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
on volume C:.

< End of report >

JuiceBox, Sep 25, 2012

#78
Broni Malware Annihilator Posts: 39,405 +177
Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\SysWow64\wbem\wbemess.dll :Commands [purity] [emptytemp] [emptyjava] [emptyflash] [Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

==================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

Double click on adwcleaner.exe to run the tool.

Click on Uninstall.

Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.
Broni, Sep 25, 2012

#79
JuiceBox Newcomer, in training Posts: 92

Okay, here's the OTLfix log:
All processes killed
========== OTL ==========
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Landie
->Temp folder emptied: 3968 bytes
->Temporary Internet Files folder emptied: 328596 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2073 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10189 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 1678240 bytes

Total Files Cleaned = 2.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Landie
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Landie
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.68.0 log created on 09262012_155635
Files\Folders moved on Reboot...
C:\Users\Landie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

JuiceBox, Sep 26, 2012

#80

Page 4 of 5

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.

Similar Topics

Trojan Virus
Jul 16, 2008
Trojan removal
Mar 5, 2008
Trojan problems
May 20, 2009
Crazy trojan
Sep 6, 2009
Virus and trojan
Jan 25, 2009
Vundo trojan
Jan 9, 2009
trojan virus
Sep 27, 2005
Trojan Zlob?
Apr 25, 2006