TechSpot

Windows not updating due to rootkit/malware

Solved
By Big Vikz
Sep 24, 2012
  1. Hi I have done research into why my windows updates arent working and I have come to the conclusion that I have a rootkit. I am using GMER and found two unknown files.. Can someone please help me remove these and get my windows working normally again, as it is being slow and always loading something.

    Thank you

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-09-24 18:40:22
    Windows 6.1.7601 Service Pack 1
    Running: chicken dipper.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)
  2. Broni

    Broni Malware Annihilator Posts: 46,805   +254

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. Big Vikz

    Big Vikz TS Rookie Topic Starter Posts: 29

    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.25.10

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Vikesh :: VIKESH-PC [administrator]

    Protection: Disabled

    25/09/2012 18:44:06
    mbam-log-2012-09-25 (18-44-06).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 225767
    Time elapsed: 3 minute(s), 35 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-09-25 19:29:24
    Windows 6.1.7601 Service Pack 1
    Running: chicken dipper.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----
  4. Big Vikz

    Big Vikz TS Rookie Topic Starter Posts: 29

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Vikesh at 19:30:19 on 2012-09-25
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4008.1117 [GMT 1:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\FBAgent.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\taskeng.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
    C:\Windows\system32\RunDll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\notepad.exe
    C:\Users\Vikesh\Downloads\chicken dipper.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://www.google.co.uk/
    uDefault_Page_URL = hxxp://asus.msn.com
    mStart Page = hxxp://asus.msn.com
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = isa:8080
    mWinlogon: Userinit=userinit.exe
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1AP582Q005PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
    mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
    mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
    mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\Vikesh\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\system32\RunDll32.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    TCP: DhcpNameServer = 10.0.8.2 139.184.32.26 139.184.32.27
    TCP: Interfaces\{14788C89-2AE4-40BE-B731-F346B717DC8E} : DhcpNameServer = 10.0.8.2 139.184.32.26 139.184.32.27
    TCP: Interfaces\{1B6FE27D-6EF8-4FA5-BB1C-7A7F150007D8} : DhcpNameServer = 192.168.0.1 192.168.0.2 192.168.0.3
    TCP: Interfaces\{1B6FE27D-6EF8-4FA5-BB1C-7A7F150007D8}\244584572633D253D43415 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{1B6FE27D-6EF8-4FA5-BB1C-7A7F150007D8}\2456C6B696E6F5E4F575962756C6563737F5032353440353 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{1B6FE27D-6EF8-4FA5-BB1C-7A7F150007D8}\4514C4B44514C4B4D2436354136324 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{1B6FE27D-6EF8-4FA5-BB1C-7A7F150007D8}\4727F6C6C65697 : DhcpNameServer = 172.16.8.148 172.16.8.47
    TCP: Interfaces\{1B6FE27D-6EF8-4FA5-BB1C-7A7F150007D8}\546434D264275656 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{1B6FE27D-6EF8-4FA5-BB1C-7A7F150007D8}\8456D616 : DhcpNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
    mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
    mRun-x64: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Vikesh\AppData\Roaming\Mozilla\Firefox\Profiles\321tpfu5.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-9-23 44808]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-23 399432]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-6 2009704]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-23 676936]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 250288]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-23 114144]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
    S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2012-09-25 17:39:24 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9EBD8834-4477-4F2B-816A-FF0DC404A603}\offreg.dll
    2012-09-25 15:07:54 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9EBD8834-4477-4F2B-816A-FF0DC404A603}\mpengine.dll
    2012-09-24 12:07:09 39184 ----a-w- C:\Windows\System32\Partizan.exe
    2012-09-24 12:05:51 -------- d-----w- C:\ProgramData\RegRun
    2012-09-24 12:05:46 2 --shatr- C:\Windows\winstart.bat
    2012-09-24 12:05:31 -------- d-----w- C:\Program Files (x86)\UnHackMe
    2012-09-23 09:01:36 -------- d-----w- C:\Windows\CheckSur
    2012-09-23 02:19:34 -------- d-----w- C:\Users\Vikesh\AppData\Roaming\SUPERAntiSpyware.com
    2012-09-23 02:09:39 -------- d-----w- C:\ProgramData\HitmanPro
    2012-09-23 00:08:31 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-09-23 00:08:26 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-09-23 00:08:26 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-09-23 00:07:54 41224 ----a-w- C:\Windows\avastSS.scr
    2012-09-22 23:38:09 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-22 22:07:37 -------- d-----w- C:\Users\Vikesh\AppData\Roaming\AVG
    2012-09-22 22:06:53 -------- d-----w- C:\ProgramData\AVG
    2012-09-22 22:06:43 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2012-09-21 22:15:50 -------- d-----w- C:\Users\Vikesh\AppData\Roaming\Malwarebytes
    2012-09-21 22:15:28 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-09-21 22:15:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-12 20:51:45 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-09-12 20:51:45 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
    2012-09-12 20:51:44 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-09-12 20:51:44 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2012-09-12 20:51:43 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-09-12 20:51:42 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-09-12 20:51:42 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-09-07 19:53:44 766824 ------w- C:\Windows\System32\HPDiscoPMa011.dll
    2012-09-07 19:52:56 -------- d-----w- C:\Program Files (x86)\HP
    2012-09-07 19:52:53 -------- d-----w- C:\Program Files\HP
    2012-09-07 19:52:38 -------- d-----w- C:\Users\Vikesh\AppData\Local\HP
    2012-09-07 19:34:45 -------- d-----w- C:\Users\Vikesh\AppData\Local\ElevatedDiagnostics
    2012-09-04 22:36:30 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-09-04 22:27:05 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
    2012-09-04 21:37:45 956928 ----a-w- C:\Windows\System32\localspl.dll
    2012-09-04 21:27:38 -------- d-----w- C:\ProgramData\AVAST Software
    2012-09-04 21:27:38 -------- d-----w- C:\Program Files\AVAST Software
    .
    ==================== Find3M ====================
    .
    2012-09-25 15:01:06 45056 ----a-w- C:\Windows\System32\acovcnt.exe
    2012-09-22 23:09:40 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-22 23:09:40 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-07-21 16:21:00 476976 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-07-21 16:21:00 472880 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-07-16 22:23:00 282472 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-07-16 22:23:00 282472 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-07-16 22:17:25 282472 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-07-14 17:53:19 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-07-14 17:49:21 674600 ----a-w- C:\Windows\SysWow64\pbsvc.exe
    .
    ============= FINISH: 19:30:59.00 ===============
  5. Big Vikz

    Big Vikz TS Rookie Topic Starter Posts: 29

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 20/11/2011 16:41:19
    System Uptime: 25/09/2012 16:23:10 (3 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | K53SJ
    Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 186 GiB total, 79.355 GiB free.
    D: is FIXED (NTFS) - 254 GiB total, 254.349 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP119: 22/09/2012 23:28:17 - avast! Free Antivirus Setup
    RP120: 22/09/2012 23:31:50 - Removed AVG 2012
    RP121: 22/09/2012 23:33:16 - Removed AVG 2012
    RP122: 22/09/2012 23:34:10 - Removed AVG PC TuneUp
    RP123: 22/09/2012 23:34:59 - Removed AVG PC TuneUp Language Pack (en-US)
    RP124: 23/09/2012 00:56:30 - avast! Free Antivirus Setup
    RP125: 23/09/2012 00:57:00 - Removed AVG 2012
    RP126: 23/09/2012 00:57:26 - avast! Free Antivirus Setup
    RP127: 23/09/2012 01:07:09 - avast! Free Antivirus Setup
    RP128: 23/09/2012 03:00:58 - Windows Update
    RP129: 23/09/2012 08:45:23 - Windows Update
    RP130: 23/09/2012 08:51:32 - Windows Update
    RP131: 23/09/2012 10:01:20 - Windows Update
    RP132: 23/09/2012 10:26:46 - Windows Update
    RP133: 23/09/2012 10:27:30 - Windows Update
    RP134: 23/09/2012 10:28:13 - Windows Update
    RP135: 23/09/2012 10:35:41 - Windows Update
    RP136: 23/09/2012 20:14:19 - Windows Update
    RP137: 23/09/2012 21:31:40 - Windows Update
    RP138: 23/09/2012 21:36:55 - Installed Microsoft Fix it 50123
    RP139: 23/09/2012 21:38:21 - Windows Update
    RP140: 23/09/2012 21:39:29 - Windows Update
    RP141: 23/09/2012 21:47:49 - Windows Update
    RP142: 23/09/2012 21:48:41 - Windows Update
    RP143: 24/09/2012 09:50:31 - Windows Update
    RP144: 24/09/2012 13:01:05 - Windows Update
    RP145: 24/09/2012 13:30:51 - Windows Update
    RP146: 24/09/2012 17:46:34 - Windows Update
    RP147: 24/09/2012 19:47:06 - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    ???? ??? Windows Live
    ???? Windows Live
    ????? Windows Live
    ?????? ??????? ?? Windows Live
    ???????? ?????????? Windows Live
    ?????????? Windows Live
    Adobe After Effects CS4
    Adobe After Effects CS4 Presets
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe CMaps CS4
    Adobe Community Help
    Adobe Default Language CS4
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit CS4
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS5.1
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe XMP Panels CS4
    Apple Application Support
    Apple Software Update
    ASUS AI Recovery
    ASUS FancyStart
    ASUS K3 Series ScreenSaver
    ASUS LifeFrame3
    ASUS Live Update
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS Virtual Camera
    ASUS WebStorage
    AsusVibe2.0
    ATK Package
    avast! Free Antivirus
    Bing Bar
    Bookworm Deluxe
    Call of Duty 4: Modern Warfare
    Controlo ActiveX do Windows Live Mesh para Ligações Remotas
    Cooking Dash
    CyberLink LabelPrint
    CyberLink Power2Go
    D3DX10
    Galeria de Fotografias do Windows Live
    Galerie de photos Windows Live
    Galería fotográfica de Windows Live
    Game Park Console
    Governor of Poker
    Hotel Dash Suite Success
    HP Deskjet 3050A J611 series Help
    Intel PROSet Wireless
    Intel(R) Control Center
    Intel(R) Processor Graphics
    Jewel Quest 3
    Junk Mail filter update
    Luxor 3
    Mahjongg dimensions
    Malwarebytes Anti-Malware version 1.65.0.1400
    Mesh Runtime
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    Nuance PDF Reader
    PDF Settings CS5
    Photoshop Camera Raw
    Plants vs Zombies
    PunkBuster Services
    QuickTime
    Raccolta foto di Windows Live
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Reader Driver
    S?????? f?t???af??? t?? Windows Live
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skype™ 5.10
    Sonic Focus
    Steam
    Suite Shared Configuration CS4
    syncables desktop SE
    System Requirements Lab CYRI
    Team Fortress 2
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Visual Studio 2008 x64 Redistributables
    VLC media player 1.1.11
    Windows Live
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Fotogalerie
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinFlash
    WinRAR 4.01 (32-bit)
    Wireless Console 3
    World of Goo
    Xfire (remove only)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    25/09/2012 17:55:18, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    24/09/2012 19:47:41, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Windows 7 for x64-based Systems (KB2732500).
    24/09/2012 19:47:33, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Windows 7 for x64-based Systems (KB2647753).
    24/09/2012 19:47:29, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 for x64-based Systems (KB2705219).
    24/09/2012 18:21:34, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
    24/09/2012 18:21:34, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    23/09/2012 21:49:32, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows (KB2705219).
    23/09/2012 21:28:15, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    23/09/2012 21:26:11, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    23/09/2012 21:26:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    23/09/2012 21:26:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    23/09/2012 21:25:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    23/09/2012 21:25:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    23/09/2012 21:25:33, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
    23/09/2012 21:25:15, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi ATKWMIACPIIO discache SASDIFSV SASKUTIL spldr Wanarpv6
    23/09/2012 17:15:08, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    23/09/2012 17:14:56, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.0.17.191. The computer with the IP address 10.0.23.64 did not allow the name to be claimed by this computer.
    22/09/2012 23:40:01, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    22/09/2012 23:36:59, Error: Service Control Manager [7003] - The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed.
    22/09/2012 22:43:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx
    22/09/2012 22:42:03, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Turbo Boost Technology Monitor service to connect.
    22/09/2012 22:42:03, Error: Service Control Manager [7000] - The Intel(R) Turbo Boost Technology Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    22/09/2012 16:22:51, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80073712: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2722913).
    21/09/2012 23:01:19, Error: bowser [8003] - The master browser has received a server announcement from the computer AMEET-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1B6FE27D-6EF8-4FA5-BB1C-7A7F150007D8}. The master browser is stopping or an election is being forced.
    21/09/2012 22:15:01, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    21/09/2012 22:11:15, Error: Service Control Manager [7022] - The NVIDIA Update Service Daemon service hung on starting.
    21/09/2012 19:11:14, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    21/09/2012 18:29:48, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    21/09/2012 18:25:50, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NVSvc service.
    21/09/2012 18:24:22, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    21/09/2012 18:17:52, Error: Service Control Manager [7031] - The RPC Endpoint Mapper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    21/09/2012 18:17:52, Error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    21/09/2012 17:39:57, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
  6. Broni

    Broni Malware Annihilator Posts: 46,805   +254

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ===============================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  7. Big Vikz

    Big Vikz TS Rookie Topic Starter Posts: 29

    22:02:48.0217 10212 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    22:02:48.0373 10212 ============================================================
    22:02:48.0373 10212 Current date / time: 2012/09/25 22:02:48.0373
    22:02:48.0373 10212 SystemInfo:
    22:02:48.0373 10212
    22:02:48.0373 10212 OS Version: 6.1.7601 ServicePack: 1.0
    22:02:48.0373 10212 Product type: Workstation
    22:02:48.0373 10212 ComputerName: VIKESH-PC
    22:02:48.0373 10212 UserName: Vikesh
    22:02:48.0373 10212 Windows directory: C:\Windows
    22:02:48.0373 10212 System windows directory: C:\Windows
    22:02:48.0373 10212 Running under WOW64
    22:02:48.0373 10212 Processor architecture: Intel x64
    22:02:48.0373 10212 Number of processors: 8
    22:02:48.0373 10212 Page size: 0x1000
    22:02:48.0373 10212 Boot type: Normal boot
    22:02:48.0373 10212 ============================================================
    22:02:48.0903 10212 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:02:48.0903 10212 ============================================================
    22:02:48.0903 10212 \Device\Harddisk0\DR0:
    22:02:48.0903 10212 MBR partitions:
    22:02:48.0903 10212 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000
    22:02:48.0934 10212 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1FCE8800
    22:02:48.0934 10212 ============================================================
    22:02:48.0997 10212 C: <-> \Device\Harddisk0\DR0\Partition1
    22:02:49.0059 10212 D: <-> \Device\Harddisk0\DR0\Partition2
    22:02:49.0059 10212 ============================================================
    22:02:49.0059 10212 Initialize success
    22:02:49.0059 10212 ============================================================
    22:03:01.0539 8052 ============================================================
    22:03:01.0539 8052 Scan started
    22:03:01.0539 8052 Mode: Manual;
    22:03:01.0539 8052 ============================================================
    22:03:04.0207 8052 ================ Scan system memory ========================
    22:03:04.0207 8052 System memory - ok
    22:03:04.0207 8052 ================ Scan services =============================
    22:03:04.0394 8052 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    22:03:04.0394 8052 1394ohci - ok
    22:03:04.0425 8052 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    22:03:04.0441 8052 ACPI - ok
    22:03:04.0472 8052 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    22:03:04.0472 8052 AcpiPmi - ok
    22:03:04.0659 8052 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    22:03:04.0659 8052 Adobe LM Service - ok
    22:03:04.0831 8052 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    22:03:04.0831 8052 AdobeFlashPlayerUpdateSvc - ok
    22:03:04.0893 8052 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    22:03:04.0893 8052 adp94xx - ok
    22:03:04.0924 8052 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    22:03:04.0940 8052 adpahci - ok
    22:03:04.0971 8052 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    22:03:05.0002 8052 adpu320 - ok
    22:03:05.0033 8052 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    22:03:05.0033 8052 AeLookupSvc - ok
    22:03:05.0080 8052 [ 69FD46FAC0D9C4A8ECD522AC6A7481F5 ] AFBAgent C:\Windows\system32\FBAgent.exe
    22:03:05.0080 8052 AFBAgent - ok
    22:03:05.0143 8052 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    22:03:05.0143 8052 AFD - ok
    22:03:05.0189 8052 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    22:03:05.0189 8052 agp440 - ok
    22:03:05.0221 8052 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    22:03:05.0221 8052 ALG - ok
    22:03:05.0252 8052 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    22:03:05.0252 8052 aliide - ok
    22:03:05.0252 8052 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    22:03:05.0252 8052 amdide - ok
    22:03:05.0252 8052 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    22:03:05.0252 8052 AmdK8 - ok
    22:03:05.0267 8052 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    22:03:05.0267 8052 AmdPPM - ok
    22:03:05.0314 8052 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    22:03:05.0314 8052 amdsata - ok
    22:03:05.0345 8052 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    22:03:05.0345 8052 amdsbs - ok
    22:03:05.0377 8052 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    22:03:05.0377 8052 amdxata - ok
    22:03:05.0423 8052 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    22:03:05.0423 8052 AppID - ok
    22:03:05.0439 8052 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    22:03:05.0439 8052 AppIDSvc - ok
    22:03:05.0470 8052 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    22:03:05.0470 8052 Appinfo - ok
    22:03:05.0657 8052 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    22:03:05.0657 8052 Apple Mobile Device - ok
    22:03:05.0704 8052 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    22:03:05.0704 8052 arc - ok
    22:03:05.0751 8052 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    22:03:05.0751 8052 arcsas - ok
    22:03:05.0860 8052 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    22:03:05.0860 8052 ASLDRService - ok
    22:03:05.0876 8052 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
    22:03:05.0876 8052 ASMMAP64 - ok
    22:03:05.0938 8052 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
    22:03:05.0938 8052 aswFsBlk - ok
    22:03:06.0016 8052 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    22:03:06.0016 8052 aswMonFlt - ok
    22:03:06.0063 8052 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
    22:03:06.0063 8052 aswRdr - ok
    22:03:06.0125 8052 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    22:03:06.0172 8052 aswSnx - ok
    22:03:06.0203 8052 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
    22:03:06.0203 8052 aswSP - ok
    22:03:06.0235 8052 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
    22:03:06.0250 8052 aswTdi - ok
    22:03:06.0266 8052 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    22:03:06.0266 8052 AsyncMac - ok
    22:03:06.0297 8052 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    22:03:06.0297 8052 atapi - ok
    22:03:06.0344 8052 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
    22:03:06.0375 8052 athr - ok
    22:03:06.0391 8052 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    22:03:06.0391 8052 ATKGFNEXSrv - ok
    22:03:06.0469 8052 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
    22:03:06.0469 8052 ATKWMIACPIIO - ok
    22:03:06.0515 8052 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    22:03:06.0547 8052 AudioEndpointBuilder - ok
    22:03:06.0562 8052 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    22:03:06.0562 8052 AudioSrv - ok
    22:03:06.0937 8052 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    22:03:06.0937 8052 avast! Antivirus - ok
    22:03:07.0030 8052 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    22:03:07.0030 8052 AxInstSV - ok
    22:03:07.0093 8052 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    22:03:07.0108 8052 b06bdrv - ok
    22:03:07.0155 8052 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    22:03:07.0171 8052 b57nd60a - ok
    22:03:07.0249 8052 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    22:03:07.0264 8052 BBSvc - ok
    22:03:07.0280 8052 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    22:03:07.0280 8052 BDESVC - ok
    22:03:07.0342 8052 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    22:03:07.0342 8052 Beep - ok
    22:03:07.0405 8052 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    22:03:07.0420 8052 BFE - ok
    22:03:07.0467 8052 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    22:03:07.0498 8052 BITS - ok
    22:03:07.0576 8052 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    22:03:07.0576 8052 blbdrive - ok
    22:03:07.0654 8052 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    22:03:07.0685 8052 Bonjour Service - ok
    22:03:07.0732 8052 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    22:03:07.0748 8052 bowser - ok
    22:03:07.0779 8052 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    22:03:07.0779 8052 BrFiltLo - ok
    22:03:07.0795 8052 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    22:03:07.0795 8052 BrFiltUp - ok
    22:03:07.0826 8052 [ 5C2F352A4E961D72518261257AAE204B ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
    22:03:07.0826 8052 Bridge - ok
    22:03:07.0841 8052 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    22:03:07.0841 8052 BridgeMP - ok
    22:03:07.0873 8052 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
    22:03:07.0888 8052 Browser - ok
    22:03:07.0904 8052 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    22:03:07.0919 8052 Brserid - ok
    22:03:07.0919 8052 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    22:03:07.0919 8052 BrSerWdm - ok
    22:03:07.0919 8052 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    22:03:07.0919 8052 BrUsbMdm - ok
    22:03:07.0919 8052 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    22:03:07.0919 8052 BrUsbSer - ok
    22:03:08.0013 8052 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
    22:03:08.0013 8052 BthEnum - ok
    22:03:08.0029 8052 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    22:03:08.0029 8052 BTHMODEM - ok
    22:03:08.0075 8052 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    22:03:08.0075 8052 BthPan - ok
    22:03:08.0138 8052 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
    22:03:08.0153 8052 BTHPORT - ok
    22:03:08.0200 8052 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    22:03:08.0200 8052 bthserv - ok
    22:03:08.0231 8052 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
    22:03:08.0247 8052 BTHUSB - ok
    22:03:08.0278 8052 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    22:03:08.0278 8052 cdfs - ok
    22:03:08.0325 8052 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    22:03:08.0325 8052 cdrom - ok
    22:03:08.0387 8052 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    22:03:08.0387 8052 CertPropSvc - ok
    22:03:08.0419 8052 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
    22:03:08.0450 8052 circlass - ok
    22:03:08.0465 8052 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    22:03:08.0481 8052 CLFS - ok
    22:03:08.0575 8052 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:03:08.0575 8052 clr_optimization_v2.0.50727_32 - ok
    22:03:08.0653 8052 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    22:03:08.0668 8052 clr_optimization_v2.0.50727_64 - ok
    22:03:08.0746 8052 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:03:08.0746 8052 clr_optimization_v4.0.30319_32 - ok
    22:03:08.0777 8052 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    22:03:08.0777 8052 clr_optimization_v4.0.30319_64 - ok
    22:03:08.0824 8052 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    22:03:08.0840 8052 CmBatt - ok
    22:03:08.0840 8052 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    22:03:08.0840 8052 cmdide - ok
    22:03:08.0871 8052 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    22:03:08.0887 8052 CNG - ok
    22:03:08.0918 8052 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    22:03:08.0918 8052 Compbatt - ok
    22:03:08.0933 8052 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    22:03:08.0933 8052 CompositeBus - ok
    22:03:08.0949 8052 COMSysApp - ok
    22:03:08.0980 8052 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    22:03:08.0980 8052 crcdisk - ok
    22:03:09.0011 8052 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    22:03:09.0011 8052 CryptSvc - ok
    22:03:09.0058 8052 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    22:03:09.0074 8052 DcomLaunch - ok
    22:03:09.0105 8052 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    22:03:09.0105 8052 defragsvc - ok
    22:03:09.0136 8052 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    22:03:09.0136 8052 DfsC - ok
    22:03:09.0167 8052 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    22:03:09.0167 8052 Dhcp - ok
    22:03:09.0183 8052 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    22:03:09.0183 8052 discache - ok
    22:03:09.0245 8052 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    22:03:09.0245 8052 Disk - ok
    22:03:09.0277 8052 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    22:03:09.0277 8052 Dnscache - ok
    22:03:09.0308 8052 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    22:03:09.0308 8052 dot3svc - ok
    22:03:09.0323 8052 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    22:03:09.0339 8052 DPS - ok
    22:03:09.0386 8052 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    22:03:09.0386 8052 drmkaud - ok
    22:03:09.0448 8052 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    22:03:09.0464 8052 DXGKrnl - ok
    22:03:09.0526 8052 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    22:03:09.0542 8052 EapHost - ok
    22:03:09.0635 8052 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    22:03:09.0713 8052 ebdrv - ok
    22:03:09.0760 8052 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    22:03:09.0760 8052 EFS - ok
    22:03:09.0854 8052 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    22:03:09.0869 8052 ehRecvr - ok
    22:03:09.0885 8052 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    22:03:09.0885 8052 ehSched - ok
    22:03:09.0947 8052 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    22:03:09.0963 8052 elxstor - ok
    22:03:09.0963 8052 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    22:03:09.0963 8052 ErrDev - ok
    22:03:09.0994 8052 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    22:03:09.0994 8052 EventSystem - ok
    22:03:10.0103 8052 [ 54FC81B0162478A72A93DBBEAFB35671 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    22:03:10.0135 8052 EvtEng - ok
    22:03:10.0150 8052 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    22:03:10.0150 8052 exfat - ok
    22:03:10.0181 8052 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    22:03:10.0181 8052 fastfat - ok
    22:03:10.0259 8052 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    22:03:10.0275 8052 Fax - ok
    22:03:10.0306 8052 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    22:03:10.0306 8052 fdc - ok
    22:03:10.0337 8052 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    22:03:10.0337 8052 fdPHost - ok
    22:03:10.0353 8052 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    22:03:10.0353 8052 FDResPub - ok
    22:03:10.0400 8052 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    22:03:10.0400 8052 FileInfo - ok
    22:03:10.0415 8052 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    22:03:10.0415 8052 Filetrace - ok
    22:03:10.0509 8052 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    22:03:10.0540 8052 FLEXnet Licensing Service - ok
    22:03:10.0571 8052 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    22:03:10.0571 8052 flpydisk - ok
    22:03:10.0603 8052 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    22:03:10.0603 8052 FltMgr - ok
    22:03:10.0649 8052 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    22:03:10.0696 8052 FontCache - ok
    22:03:10.0759 8052 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:03:10.0774 8052 FontCache3.0.0.0 - ok
    22:03:10.0790 8052 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    22:03:10.0790 8052 FsDepends - ok
    22:03:10.0837 8052 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
    22:03:10.0852 8052 fssfltr - ok
    22:03:10.0930 8052 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    22:03:10.0977 8052 fsssvc - ok
    22:03:10.0993 8052 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    22:03:10.0993 8052 Fs_Rec - ok
    22:03:11.0039 8052 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    22:03:11.0055 8052 fvevol - ok
    22:03:11.0055 8052 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    22:03:11.0071 8052 gagp30kx - ok
    22:03:11.0086 8052 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    22:03:11.0086 8052 GEARAspiWDM - ok
    22:03:11.0133 8052 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    22:03:11.0149 8052 gpsvc - ok
    22:03:11.0164 8052 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    22:03:11.0164 8052 hcw85cir - ok
    22:03:11.0211 8052 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    22:03:11.0227 8052 HdAudAddService - ok
    22:03:11.0258 8052 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    22:03:11.0258 8052 HDAudBus - ok
    22:03:11.0258 8052 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    22:03:11.0273 8052 HidBatt - ok
    22:03:11.0289 8052 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    22:03:11.0289 8052 HidBth - ok
    22:03:11.0320 8052 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    22:03:11.0320 8052 HidIr - ok
    22:03:11.0336 8052 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    22:03:11.0351 8052 hidserv - ok
    22:03:11.0367 8052 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    22:03:11.0367 8052 HidUsb - ok
    22:03:11.0398 8052 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    22:03:11.0398 8052 hkmsvc - ok
    22:03:11.0414 8052 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    22:03:11.0429 8052 HomeGroupListener - ok
    22:03:11.0445 8052 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    22:03:11.0445 8052 HomeGroupProvider - ok
    22:03:11.0476 8052 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    22:03:11.0476 8052 HpSAMD - ok
    22:03:11.0523 8052 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    22:03:11.0570 8052 HTTP - ok
    22:03:11.0585 8052 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    22:03:11.0585 8052 hwpolicy - ok
    22:03:11.0632 8052 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    22:03:11.0632 8052 i8042prt - ok
    22:03:11.0695 8052 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    22:03:11.0695 8052 iaStor - ok
    22:03:11.0757 8052 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    22:03:11.0757 8052 iaStorV - ok
    22:03:11.0851 8052 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    22:03:11.0882 8052 idsvc - ok
    22:03:12.0709 8052 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    22:03:12.0974 8052 igfx - ok
    22:03:13.0036 8052 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    22:03:13.0036 8052 iirsp - ok
    22:03:13.0083 8052 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    22:03:13.0114 8052 IKEEXT - ok
    22:03:13.0301 8052 [ 9F573C952961F444F400489E81ECA381 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    22:03:13.0364 8052 IntcAzAudAddService - ok
    22:03:13.0426 8052 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    22:03:13.0426 8052 IntcDAud - ok
    22:03:13.0457 8052 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    22:03:13.0457 8052 intelide - ok
    22:03:13.0489 8052 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    22:03:13.0489 8052 intelppm - ok
    22:03:13.0551 8052 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    22:03:13.0551 8052 IPBusEnum - ok
    22:03:13.0567 8052 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:03:13.0567 8052 IpFilterDriver - ok
    22:03:13.0598 8052 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    22:03:13.0613 8052 iphlpsvc - ok
    22:03:13.0629 8052 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    22:03:13.0629 8052 IPMIDRV - ok
    22:03:13.0645 8052 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    22:03:13.0645 8052 IPNAT - ok
    22:03:13.0769 8052 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    22:03:13.0801 8052 iPod Service - ok
    22:03:13.0847 8052 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    22:03:13.0847 8052 IRENUM - ok
    22:03:13.0894 8052 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    22:03:13.0910 8052 isapnp - ok
    22:03:13.0910 8052 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    22:03:13.0925 8052 iScsiPrt - ok
    22:03:13.0957 8052 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    22:03:13.0957 8052 kbdclass - ok
    22:03:13.0972 8052 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    22:03:13.0988 8052 kbdhid - ok
    22:03:14.0035 8052 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
    22:03:14.0035 8052 kbfiltr - ok
    22:03:14.0050 8052 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    22:03:14.0050 8052 KeyIso - ok
    22:03:14.0097 8052 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    22:03:14.0097 8052 KSecDD - ok
    22:03:14.0113 8052 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    22:03:14.0113 8052 KSecPkg - ok
    22:03:14.0159 8052 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    22:03:14.0159 8052 ksthunk - ok
    22:03:14.0191 8052 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    22:03:14.0206 8052 KtmRm - ok
    22:03:14.0362 8052 [ 033B4AED2C5519072C0D81E00804D003 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
    22:03:14.0362 8052 L1C - ok
    22:03:14.0393 8052 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    22:03:14.0393 8052 LanmanServer - ok
    22:03:14.0456 8052 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    22:03:14.0456 8052 LanmanWorkstation - ok
    22:03:14.0487 8052 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    22:03:14.0487 8052 lltdio - ok
    22:03:14.0534 8052 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    22:03:14.0534 8052 lltdsvc - ok
    22:03:14.0565 8052 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    22:03:14.0581 8052 lmhosts - ok
    22:03:14.0643 8052 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    22:03:14.0643 8052 LSI_FC - ok
    22:03:14.0659 8052 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    22:03:14.0659 8052 LSI_SAS - ok
    22:03:14.0659 8052 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    22:03:14.0674 8052 LSI_SAS2 - ok
    22:03:14.0674 8052 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    22:03:14.0690 8052 LSI_SCSI - ok
    22:03:14.0705 8052 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    22:03:14.0705 8052 luafv - ok
    22:03:14.0799 8052 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    22:03:14.0799 8052 MBAMProtector - ok
    22:03:14.0893 8052 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    22:03:14.0893 8052 MBAMScheduler - ok
    22:03:15.0002 8052 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    22:03:15.0033 8052 MBAMService - ok
    22:03:15.0064 8052 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    22:03:15.0064 8052 Mcx2Svc - ok
    22:03:15.0080 8052 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
    22:03:15.0080 8052 megasas - ok
    22:03:15.0158 8052 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    22:03:15.0173 8052 MegaSR - ok
    22:03:15.0205 8052 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    22:03:15.0205 8052 MEIx64 - ok
    22:03:15.0376 8052 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    22:03:15.0376 8052 Microsoft Office Groove Audit Service - ok
    22:03:15.0407 8052 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    22:03:15.0407 8052 MMCSS - ok
    22:03:15.0423 8052 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    22:03:15.0423 8052 Modem - ok
    22:03:15.0470 8052 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    22:03:15.0470 8052 monitor - ok
    22:03:15.0470 8052 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    22:03:15.0485 8052 mouclass - ok
    22:03:15.0517 8052 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    22:03:15.0517 8052 mouhid - ok
    22:03:15.0532 8052 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    22:03:15.0532 8052 mountmgr - ok
    22:03:15.0610 8052 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    22:03:15.0610 8052 MozillaMaintenance - ok
    22:03:15.0626 8052 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    22:03:15.0626 8052 mpio - ok
    22:03:15.0641 8052 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    22:03:15.0641 8052 mpsdrv - ok
    22:03:15.0673 8052 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    22:03:15.0719 8052 MpsSvc - ok
    22:03:15.0735 8052 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    22:03:15.0735 8052 MRxDAV - ok
    22:03:15.0766 8052 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:03:15.0766 8052 mrxsmb - ok
    22:03:15.0797 8052 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:03:15.0797 8052 mrxsmb10 - ok
    22:03:15.0813 8052 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:03:15.0813 8052 mrxsmb20 - ok
    22:03:15.0829 8052 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    22:03:15.0829 8052 msahci - ok
    22:03:15.0844 8052 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    22:03:15.0844 8052 msdsm - ok
    22:03:15.0860 8052 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    22:03:15.0875 8052 MSDTC - ok
    22:03:15.0875 8052 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    22:03:15.0891 8052 Msfs - ok
    22:03:15.0922 8052 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    22:03:15.0922 8052 mshidkmdf - ok
    22:03:15.0938 8052 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    22:03:15.0938 8052 msisadrv - ok
    22:03:15.0969 8052 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    22:03:15.0969 8052 MSiSCSI - ok
    22:03:15.0969 8052 msiserver - ok
    22:03:16.0000 8052 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    22:03:16.0000 8052 MSKSSRV - ok
    22:03:16.0016 8052 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    22:03:16.0016 8052 MSPCLOCK - ok
    22:03:16.0031 8052 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    22:03:16.0047 8052 MSPQM - ok
    22:03:16.0063 8052 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    22:03:16.0063 8052 MsRPC - ok
    22:03:16.0078 8052 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    22:03:16.0078 8052 mssmbios - ok
    22:03:16.0109 8052 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    22:03:16.0109 8052 MSTEE - ok
    22:03:16.0109 8052 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    22:03:16.0109 8052 MTConfig - ok
    22:03:16.0156 8052 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    22:03:16.0156 8052 Mup - ok
    22:03:16.0219 8052 [ 4BBB9D9C4DF259FAE2D172C5BB25DDD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    22:03:16.0219 8052 MyWiFiDHCPDNS - ok
    22:03:16.0250 8052 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    22:03:16.0265 8052 napagent - ok
    22:03:16.0328 8052 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    22:03:16.0343 8052 NativeWifiP - ok
    22:03:16.0390 8052 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    22:03:16.0437 8052 NDIS - ok
    22:03:16.0468 8052 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    22:03:16.0468 8052 NdisCap - ok
    22:03:16.0499 8052 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    22:03:16.0499 8052 NdisTapi - ok
    22:03:16.0515 8052 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    22:03:16.0515 8052 Ndisuio - ok
    22:03:16.0515 8052 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    22:03:16.0531 8052 NdisWan - ok
    22:03:16.0546 8052 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    22:03:16.0546 8052 NDProxy - ok
    22:03:16.0546 8052 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    22:03:16.0546 8052 NetBIOS - ok
    22:03:16.0577 8052 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    22:03:16.0577 8052 NetBT - ok
    22:03:16.0593 8052 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    22:03:16.0593 8052 Netlogon - ok
    22:03:16.0640 8052 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    22:03:16.0655 8052 Netman - ok
    22:03:16.0671 8052 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    22:03:16.0687 8052 netprofm - ok
    22:03:16.0718 8052 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:03:16.0718 8052 NetTcpPortSharing - ok
    22:03:17.0139 8052 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
    22:03:17.0295 8052 NETwNs64 - ok
    22:03:17.0342 8052 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    22:03:17.0357 8052 nfrd960 - ok
    22:03:17.0404 8052 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    22:03:17.0404 8052 NlaSvc - ok
    22:03:17.0420 8052 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    22:03:17.0420 8052 Npfs - ok
    22:03:17.0435 8052 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    22:03:17.0451 8052 nsi - ok
    22:03:17.0467 8052 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    22:03:17.0467 8052 nsiproxy - ok
    22:03:17.0654 8052 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    22:03:17.0701 8052 Ntfs - ok
    22:03:17.0716 8052 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    22:03:17.0716 8052 Null - ok
    22:03:18.0652 8052 [ 07CA1D99512EE5EF99E954A13F3BFFA8 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    22:03:18.0917 8052 nvlddmkm - ok
    22:03:18.0949 8052 [ A8DB9EBD9887A9820DBC1878F0301EE7 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
    22:03:18.0949 8052 nvpciflt - ok
    22:03:18.0995 8052 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    22:03:19.0011 8052 nvraid - ok
    22:03:19.0027 8052 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    22:03:19.0027 8052 nvstor - ok
    22:03:19.0058 8052 [ 9007A22A1938A9EF81CA5122121ECCD8 ] NVSvc C:\Windows\system32\nvvsvc.exe
    22:03:19.0089 8052 NVSvc - ok
    22:03:19.0183 8052 [ 00572C26C6DCF99362068FB7283B7126 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    22:03:19.0214 8052 nvUpdatusService - ok
    22:03:19.0261 8052 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    22:03:19.0276 8052 nv_agp - ok
    22:03:19.0417 8052 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    22:03:19.0448 8052 odserv - ok
    22:03:19.0479 8052 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    22:03:19.0479 8052 ohci1394 - ok
    22:03:19.0557 8052 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:03:19.0557 8052 ose - ok
    22:03:19.0588 8052 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    22:03:19.0604 8052 p2pimsvc - ok
    22:03:19.0619 8052 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    22:03:19.0619 8052 p2psvc - ok
    22:03:19.0651 8052 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
    22:03:19.0651 8052 Parport - ok
    22:03:19.0682 8052 Partizan - ok
    22:03:19.0697 8052 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    22:03:19.0697 8052 partmgr - ok
    22:03:19.0713 8052 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    22:03:19.0729 8052 PcaSvc - ok
    22:03:19.0744 8052 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    22:03:19.0744 8052 pci - ok
    22:03:19.0760 8052 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    22:03:19.0760 8052 pciide - ok
    22:03:19.0775 8052 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    22:03:19.0791 8052 pcmcia - ok
    22:03:19.0791 8052 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    22:03:19.0807 8052 pcw - ok
    22:03:19.0822 8052 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    22:03:19.0822 8052 PEAUTH - ok
    22:03:20.0587 8052 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    22:03:20.0587 8052 PerfHost - ok
    22:03:20.0696 8052 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    22:03:20.0727 8052 pla - ok
    22:03:20.0774 8052 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    22:03:20.0774 8052 PlugPlay - ok
    22:03:20.0821 8052 PnkBstrA - ok
    22:03:20.0836 8052 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    22:03:20.0836 8052 PNRPAutoReg - ok
    22:03:20.0867 8052 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    22:03:20.0867 8052 PNRPsvc - ok
    22:03:20.0914 8052 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    22:03:20.0914 8052 PolicyAgent - ok
    22:03:20.0945 8052 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    22:03:20.0945 8052 Power - ok
    22:03:20.0977 8052 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    22:03:20.0992 8052 PptpMiniport - ok
    22:03:21.0008 8052 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
    22:03:21.0008 8052 Processor - ok
    22:03:21.0039 8052 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    22:03:21.0039 8052 ProfSvc - ok
    22:03:21.0070 8052 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    22:03:21.0070 8052 ProtectedStorage - ok
    22:03:21.0101 8052 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    22:03:21.0101 8052 Psched - ok
    22:03:21.0179 8052 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    22:03:21.0242 8052 ql2300 - ok
    22:03:21.0242 8052 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    22:03:21.0242 8052 ql40xx - ok
    22:03:21.0257 8052 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    22:03:21.0273 8052 QWAVE - ok
    22:03:21.0289 8052 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    22:03:21.0289 8052 QWAVEdrv - ok
    22:03:21.0289 8052 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    22:03:21.0289 8052 RasAcd - ok
    22:03:21.0335 8052 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    22:03:21.0351 8052 RasAgileVpn - ok
    22:03:21.0382 8052 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    22:03:21.0382 8052 RasAuto - ok
    22:03:21.0398 8052 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:03:21.0398 8052 Rasl2tp - ok
    22:03:21.0429 8052 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    22:03:21.0429 8052 RasMan - ok
    22:03:21.0445 8052 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    22:03:21.0445 8052 RasPppoe - ok
    22:03:21.0476 8052 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    22:03:21.0476 8052 RasSstp - ok
    22:03:21.0491 8052 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    22:03:21.0507 8052 rdbss - ok
    22:03:21.0523 8052 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    22:03:21.0523 8052 rdpbus - ok
    22:03:21.0569 8052 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:03:21.0569 8052 RDPCDD - ok
    22:03:21.0585 8052 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    22:03:21.0585 8052 RDPENCDD - ok
    22:03:21.0585 8052 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    22:03:21.0585 8052 RDPREFMP - ok
    22:03:21.0616 8052 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    22:03:21.0616 8052 RDPWD - ok
    22:03:21.0647 8052 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    22:03:21.0663 8052 rdyboost - ok
    22:03:21.0850 8052 [ A436F5E7D80BBDBB0826D0F176D5BEA8 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    22:03:21.0897 8052 RegSrvc - ok
    22:03:21.0913 8052 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    22:03:21.0913 8052 RemoteAccess - ok
    22:03:21.0944 8052 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    22:03:21.0944 8052 RemoteRegistry - ok
    22:03:22.0006 8052 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    22:03:22.0006 8052 RFCOMM - ok
    22:03:22.0022 8052 RimUsb - ok
    22:03:22.0069 8052 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
    22:03:22.0069 8052 RimVSerPort - ok
    22:03:22.0115 8052 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
    22:03:22.0115 8052 ROOTMODEM - ok
    22:03:22.0147 8052 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    22:03:22.0147 8052 RpcEptMapper - ok
    22:03:22.0162 8052 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    22:03:22.0162 8052 RpcLocator - ok
    22:03:22.0178 8052 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    22:03:22.0178 8052 RpcSs - ok
  8. Big Vikz

    Big Vikz TS Rookie Topic Starter Posts: 29

    22:03:22.0209 8052 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    22:03:22.0209 8052 rspndr - ok
    22:03:22.0287 8052 [ E57FAC2CDB73F06586ED2ED310B80932 ] RSUSBVSTOR C:\Windows\system32\Drivers\RtsUVStor.sys
    22:03:22.0287 8052 RSUSBVSTOR - ok
    22:03:22.0318 8052 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    22:03:22.0318 8052 RTL8167 - ok
    22:03:22.0334 8052 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    22:03:22.0334 8052 SamSs - ok
    22:03:22.0381 8052 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    22:03:22.0381 8052 sbp2port - ok
    22:03:22.0412 8052 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    22:03:22.0412 8052 SCardSvr - ok
    22:03:22.0427 8052 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    22:03:22.0427 8052 scfilter - ok
    22:03:22.0459 8052 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    22:03:22.0490 8052 Schedule - ok
    22:03:22.0521 8052 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    22:03:22.0521 8052 SCPolicySvc - ok
    22:03:22.0537 8052 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    22:03:22.0537 8052 SDRSVC - ok
    22:03:22.0646 8052 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    22:03:22.0661 8052 SeaPort - ok
    22:03:22.0693 8052 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    22:03:22.0693 8052 secdrv - ok
    22:03:22.0724 8052 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    22:03:22.0724 8052 seclogon - ok
    22:03:22.0739 8052 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    22:03:22.0755 8052 SENS - ok
    22:03:22.0771 8052 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    22:03:22.0771 8052 SensrSvc - ok
    22:03:22.0802 8052 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
    22:03:22.0802 8052 Serenum - ok
    22:03:22.0833 8052 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
    22:03:22.0849 8052 Serial - ok
    22:03:22.0864 8052 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    22:03:22.0864 8052 sermouse - ok
    22:03:22.0895 8052 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    22:03:22.0895 8052 SessionEnv - ok
    22:03:22.0895 8052 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    22:03:22.0911 8052 sffdisk - ok
    22:03:22.0911 8052 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    22:03:22.0927 8052 sffp_mmc - ok
    22:03:22.0927 8052 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    22:03:22.0927 8052 sffp_sd - ok
    22:03:22.0942 8052 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    22:03:22.0942 8052 sfloppy - ok
    22:03:22.0989 8052 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    22:03:23.0005 8052 SharedAccess - ok
    22:03:23.0036 8052 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    22:03:23.0051 8052 ShellHWDetection - ok
    22:03:23.0098 8052 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
    22:03:23.0098 8052 SiSGbeLH - ok
    22:03:23.0129 8052 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    22:03:23.0129 8052 SiSRaid2 - ok
    22:03:23.0145 8052 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    22:03:23.0145 8052 SiSRaid4 - ok
    22:03:23.0254 8052 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    22:03:23.0270 8052 SkypeUpdate - ok
    22:03:23.0285 8052 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    22:03:23.0285 8052 Smb - ok
    22:03:23.0332 8052 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    22:03:23.0332 8052 SNMPTRAP - ok
    22:03:23.0348 8052 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    22:03:23.0348 8052 spldr - ok
    22:03:23.0379 8052 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
    22:03:23.0395 8052 Spooler - ok
    22:03:23.0504 8052 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    22:03:23.0597 8052 sppsvc - ok
    22:03:23.0613 8052 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    22:03:23.0613 8052 sppuinotify - ok
    22:03:23.0660 8052 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    22:03:23.0691 8052 srv - ok
    22:03:23.0707 8052 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    22:03:23.0707 8052 srv2 - ok
    22:03:23.0722 8052 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    22:03:23.0738 8052 srvnet - ok
    22:03:23.0785 8052 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    22:03:23.0785 8052 SSDPSRV - ok
    22:03:23.0800 8052 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    22:03:23.0816 8052 SstpSvc - ok
    22:03:23.0863 8052 Steam Client Service - ok
    22:03:23.0878 8052 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
    22:03:23.0878 8052 stexstor - ok
    22:03:23.0925 8052 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    22:03:23.0925 8052 StillCam - ok
    22:03:23.0987 8052 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    22:03:23.0987 8052 stisvc - ok
    22:03:24.0003 8052 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    22:03:24.0003 8052 swenum - ok
    22:03:24.0128 8052 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    22:03:24.0159 8052 SwitchBoard - ok
    22:03:24.0206 8052 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    22:03:24.0206 8052 swprv - ok
    22:03:24.0284 8052 [ F0D7C68CDA9784689CAA72C17AF393B2 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    22:03:24.0331 8052 SynTP - ok
    22:03:24.0377 8052 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    22:03:24.0424 8052 SysMain - ok
    22:03:24.0424 8052 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    22:03:24.0440 8052 TabletInputService - ok
    22:03:24.0455 8052 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    22:03:24.0471 8052 TapiSrv - ok
    22:03:24.0471 8052 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    22:03:24.0487 8052 TBS - ok
    22:03:24.0830 8052 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    22:03:24.0892 8052 Tcpip - ok
    22:03:24.0955 8052 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    22:03:24.0970 8052 TCPIP6 - ok
    22:03:25.0001 8052 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    22:03:25.0017 8052 tcpipreg - ok
    22:03:25.0064 8052 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    22:03:25.0064 8052 TDPIPE - ok
    22:03:25.0079 8052 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    22:03:25.0095 8052 TDTCP - ok
    22:03:25.0095 8052 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    22:03:25.0111 8052 tdx - ok
    22:03:25.0142 8052 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    22:03:25.0142 8052 TermDD - ok
    22:03:25.0204 8052 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    22:03:25.0220 8052 TermService - ok
    22:03:25.0235 8052 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    22:03:25.0235 8052 Themes - ok
    22:03:25.0251 8052 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    22:03:25.0251 8052 THREADORDER - ok
    22:03:25.0267 8052 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    22:03:25.0267 8052 TrkWks - ok
    22:03:25.0313 8052 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    22:03:25.0329 8052 TrustedInstaller - ok
    22:03:25.0345 8052 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:03:25.0345 8052 tssecsrv - ok
    22:03:25.0391 8052 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    22:03:25.0391 8052 TsUsbFlt - ok
    22:03:25.0391 8052 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    22:03:25.0391 8052 TsUsbGD - ok
    22:03:25.0423 8052 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    22:03:25.0423 8052 tunnel - ok
    22:03:25.0454 8052 [ B355581A9DA34C92E2DBAFA410D2F829 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
    22:03:25.0454 8052 TurboB - ok
    22:03:25.0485 8052 [ 6564E84B1522C12EA1C3A181ED03276F ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    22:03:25.0516 8052 TurboBoost - ok
    22:03:25.0532 8052 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    22:03:25.0532 8052 uagp35 - ok
    22:03:25.0594 8052 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    22:03:25.0625 8052 udfs - ok
    22:03:25.0828 8052 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    22:03:25.0844 8052 UI0Detect - ok
    22:03:25.0984 8052 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    22:03:26.0000 8052 uliagpkx - ok
    22:03:26.0015 8052 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    22:03:26.0015 8052 umbus - ok
    22:03:26.0031 8052 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
    22:03:26.0031 8052 UmPass - ok
    22:03:26.0047 8052 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    22:03:26.0062 8052 upnphost - ok
    22:03:26.0109 8052 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    22:03:26.0109 8052 USBAAPL64 - ok
    22:03:26.0171 8052 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    22:03:26.0187 8052 usbaudio - ok
    22:03:26.0249 8052 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    22:03:26.0249 8052 usbccgp - ok
    22:03:26.0390 8052 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    22:03:26.0390 8052 usbcir - ok
    22:03:26.0421 8052 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    22:03:26.0421 8052 usbehci - ok
    22:03:26.0468 8052 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    22:03:26.0483 8052 usbhub - ok
    22:03:26.0515 8052 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    22:03:26.0515 8052 usbohci - ok
    22:03:26.0546 8052 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    22:03:26.0546 8052 usbprint - ok
    22:03:26.0608 8052 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    22:03:26.0608 8052 usbscan - ok
    22:03:26.0624 8052 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:03:26.0624 8052 USBSTOR - ok
    22:03:26.0671 8052 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    22:03:26.0671 8052 usbuhci - ok
    22:03:26.0733 8052 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    22:03:26.0733 8052 usbvideo - ok
    22:03:26.0764 8052 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    22:03:26.0764 8052 UxSms - ok
    22:03:26.0780 8052 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    22:03:26.0780 8052 VaultSvc - ok
    22:03:26.0795 8052 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    22:03:26.0795 8052 vdrvroot - ok
    22:03:26.0842 8052 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    22:03:26.0858 8052 vds - ok
    22:03:26.0889 8052 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    22:03:26.0889 8052 vga - ok
    22:03:26.0905 8052 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    22:03:26.0905 8052 VgaSave - ok
    22:03:26.0920 8052 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    22:03:26.0920 8052 vhdmp - ok
    22:03:26.0920 8052 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    22:03:26.0920 8052 viaide - ok
    22:03:26.0936 8052 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    22:03:26.0951 8052 volmgr - ok
    22:03:26.0967 8052 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    22:03:26.0983 8052 volmgrx - ok
    22:03:27.0029 8052 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    22:03:27.0045 8052 volsnap - ok
    22:03:27.0076 8052 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    22:03:27.0076 8052 vsmraid - ok
    22:03:27.0154 8052 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    22:03:27.0201 8052 VSS - ok
    22:03:27.0201 8052 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    22:03:27.0217 8052 vwifibus - ok
    22:03:27.0217 8052 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    22:03:27.0232 8052 vwififlt - ok
    22:03:27.0279 8052 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    22:03:27.0279 8052 vwifimp - ok
    22:03:27.0279 8052 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    22:03:27.0295 8052 W32Time - ok
    22:03:27.0310 8052 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    22:03:27.0310 8052 WacomPen - ok
    22:03:27.0326 8052 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    22:03:27.0326 8052 WANARP - ok
    22:03:27.0341 8052 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    22:03:27.0341 8052 Wanarpv6 - ok
    22:03:27.0575 8052 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    22:03:27.0622 8052 WatAdminSvc - ok
    22:03:27.0872 8052 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    22:03:27.0919 8052 wbengine - ok
    22:03:27.0934 8052 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    22:03:27.0950 8052 WbioSrvc - ok
    22:03:27.0965 8052 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    22:03:27.0965 8052 wcncsvc - ok
    22:03:27.0981 8052 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    22:03:27.0981 8052 WcsPlugInService - ok
    22:03:28.0012 8052 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
    22:03:28.0012 8052 Wd - ok
    22:03:28.0028 8052 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    22:03:28.0043 8052 Wdf01000 - ok
    22:03:28.0059 8052 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    22:03:28.0059 8052 WdiServiceHost - ok
    22:03:28.0075 8052 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    22:03:28.0075 8052 WdiSystemHost - ok
    22:03:28.0090 8052 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    22:03:28.0090 8052 WebClient - ok
    22:03:28.0106 8052 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    22:03:28.0121 8052 Wecsvc - ok
    22:03:28.0121 8052 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    22:03:28.0137 8052 wercplsupport - ok
    22:03:28.0168 8052 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    22:03:28.0168 8052 WerSvc - ok
    22:03:28.0215 8052 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    22:03:28.0215 8052 WfpLwf - ok
    22:03:28.0277 8052 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
    22:03:28.0277 8052 WimFltr - ok
    22:03:28.0309 8052 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    22:03:28.0324 8052 WIMMount - ok
    22:03:28.0340 8052 WinDefend - ok
    22:03:28.0340 8052 WinHttpAutoProxySvc - ok
    22:03:28.0418 8052 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    22:03:28.0418 8052 Winmgmt - ok
    22:03:28.0480 8052 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    22:03:28.0527 8052 WinRM - ok
    22:03:28.0574 8052 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    22:03:28.0574 8052 WinUsb - ok
    22:03:28.0636 8052 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    22:03:28.0667 8052 Wlansvc - ok
    22:03:28.0730 8052 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    22:03:28.0730 8052 wlcrasvc - ok
    22:03:28.0870 8052 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    22:03:28.0933 8052 wlidsvc - ok
    22:03:28.0948 8052 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    22:03:28.0964 8052 WmiAcpi - ok
    22:03:28.0995 8052 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    22:03:28.0995 8052 wmiApSrv - ok
    22:03:29.0042 8052 WMPNetworkSvc - ok
    22:03:29.0073 8052 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    22:03:29.0089 8052 WPCSvc - ok
    22:03:29.0104 8052 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    22:03:29.0120 8052 WPDBusEnum - ok
    22:03:29.0135 8052 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    22:03:29.0135 8052 ws2ifsl - ok
    22:03:29.0151 8052 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    22:03:29.0167 8052 wscsvc - ok
    22:03:29.0323 8052 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
    22:03:29.0338 8052 WSDPrintDevice - ok
    22:03:29.0338 8052 WSearch - ok
    22:03:29.0447 8052 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    22:03:29.0510 8052 wuauserv - ok
    22:03:29.0541 8052 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    22:03:29.0541 8052 WudfPf - ok
    22:03:29.0557 8052 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:03:29.0557 8052 WUDFRd - ok
    22:03:29.0588 8052 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    22:03:29.0588 8052 wudfsvc - ok
    22:03:29.0603 8052 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    22:03:29.0619 8052 WwanSvc - ok
    22:03:29.0635 8052 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
    22:03:29.0650 8052 xusb21 - ok
    22:03:29.0681 8052 ================ Scan global ===============================
    22:03:29.0713 8052 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    22:03:29.0744 8052 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    22:03:29.0759 8052 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    22:03:29.0791 8052 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    22:03:29.0822 8052 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    22:03:29.0837 8052 [Global] - ok
    22:03:29.0837 8052 ================ Scan MBR ==================================
    22:03:29.0837 8052 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    22:03:31.0148 8052 \Device\Harddisk0\DR0 - ok
    22:03:31.0148 8052 ================ Scan VBR ==================================
    22:03:31.0195 8052 [ B64A48BFD40272B21C9532B283E55DD8 ] \Device\Harddisk0\DR0\Partition1
    22:03:31.0195 8052 \Device\Harddisk0\DR0\Partition1 - ok
    22:03:31.0210 8052 [ F36E9C8986046474FA542F194232DE20 ] \Device\Harddisk0\DR0\Partition2
    22:03:31.0226 8052 \Device\Harddisk0\DR0\Partition2 - ok
    22:03:31.0226 8052 ============================================================
    22:03:31.0226 8052 Scan finished
    22:03:31.0226 8052 ============================================================
    22:03:31.0241 12312 Detected object count: 0
    22:03:31.0241 12312 Actual detected object count: 0
  9. Big Vikz

    Big Vikz TS Rookie Topic Starter Posts: 29

    RogueKiller V8.0.5 [09/23/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Vikesh [Admin rights]
    Mode : Remove -- Date : 09/25/2012 22:06:59

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [STARTUP][BLACKLIST DLL] Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk @Vikesh : C:\Windows\system32\RunDll32.exe|"C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1AP582Q005PJ;CONNECTION=NW;MONITOR=1; -> DELETED
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (isa:8080) -> NOT REMOVED, USE PROXYFIX
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST9500325AS +++++
    --- User ---
    [MBR] 1adc24914383b501ac1193c37206dec8
    [BSP] a6dfcef95bdca6f6c690eb797753f4a9 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 190776 Mo
    2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 443140096 | Size: 260562 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
  10. Big Vikz

    Big Vikz TS Rookie Topic Starter Posts: 29

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-25 22:08:40
    -----------------------------
    22:08:40.375 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:08:40.375 Number of processors: 8 586 0x2A07
    22:08:40.375 ComputerName: VIKESH-PC UserName: Vikesh
    22:08:42.404 Initialize success
    22:08:42.467 AVAST engine defs: 12092501
    22:08:59.970 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    22:08:59.970 Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
    22:08:59.986 Disk 0 MBR read successfully
    22:08:59.986 Disk 0 MBR scan
    22:08:59.986 Disk 0 Windows 7 default MBR code
    22:08:59.986 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
    22:09:00.017 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 190776 MB offset 52430848
    22:09:00.017 Disk 0 Partition - 00 0F Extended LBA 260562 MB offset 443140096
    22:09:00.064 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 260561 MB offset 443142144
    22:09:00.110 Disk 0 scanning C:\Windows\system32\drivers
    22:09:16.472 Service scanning
    22:09:50.293 Modules scanning
    22:09:50.305 Disk 0 trace - called modules:
    22:09:50.694 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
    22:09:50.699 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005099790]
    22:09:50.702 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8004e5dc90]
    22:09:50.706 5 ACPI.sys[fffff88000f9f7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004e5c050]
    22:09:51.980 AVAST engine scan C:\Windows
    22:09:53.899 AVAST engine scan C:\Windows\system32
    22:12:24.714 AVAST engine scan C:\Windows\system32\drivers
    22:12:35.395 AVAST engine scan C:\Users\Vikesh
    22:14:25.239 Disk 0 MBR has been saved successfully to "C:\Users\Vikesh\Downloads\MBR.dat"
    22:14:25.249 The log file has been saved successfully to "C:\Users\Vikesh\Downloads\aswMBR.txt"
  11. Broni

    Broni Malware Annihilator Posts: 46,805   +254

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  12. Big Vikz

    Big Vikz TS Rookie Topic Starter Posts: 29

    Rkill 2.4.3 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 09/26/2012 12:56:26 AM in x64 mode.
    Windows Version: Windows 7 Home Premium Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * No issues found.

    Checking Windows Service Integrity:

    * No issues found.

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 localhost

    Program finished at: 09/26/2012 12:56:32 AM
    Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)
  13. Big Vikz

    Big Vikz TS Rookie Topic Starter Posts: 29

    ComboFix 12-09-24.03 - Vikesh 26/09/2012 0:58.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4008.1439 [GMT 1:00]
    Running from: c:\users\Vikesh\Downloads\BigVikz.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-26 to 2012-09-26 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-26 00:02 . 2012-09-26 00:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-09-26 00:02 . 2012-09-26 00:02 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-09-25 17:39 . 2012-09-25 17:39 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EBD8834-4477-4F2B-816A-FF0DC404A603}\offreg.dll
    2012-09-25 15:07 . 2012-09-18 23:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EBD8834-4477-4F2B-816A-FF0DC404A603}\mpengine.dll
    2012-09-24 12:07 . 2012-09-24 12:07 39184 ----a-w- c:\windows\system32\Partizan.exe
    2012-09-24 12:05 . 2012-09-24 17:01 -------- d-----w- c:\programdata\RegRun
    2012-09-24 12:05 . 2012-09-24 12:05 2 --shatr- c:\windows\winstart.bat
    2012-09-24 12:05 . 2012-09-24 17:02 -------- d-----w- c:\program files (x86)\UnHackMe
    2012-09-23 09:01 . 2012-09-23 09:01 -------- d-----w- c:\windows\CheckSur
    2012-09-23 02:19 . 2012-09-23 02:19 -------- d-----w- c:\users\Vikesh\AppData\Roaming\SUPERAntiSpyware.com
    2012-09-23 02:09 . 2012-09-23 02:11 -------- d-----w- c:\programdata\HitmanPro
    2012-09-23 00:08 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-09-23 00:08 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-09-23 00:08 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-09-23 00:08 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-09-23 00:08 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-09-23 00:08 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-09-23 00:07 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
    2012-09-23 00:07 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-09-22 23:38 . 2012-09-07 16:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-22 22:07 . 2012-09-22 22:07 -------- d-----w- c:\users\Vikesh\AppData\Roaming\AVG
    2012-09-22 22:06 . 2012-09-22 22:08 -------- d-----w- c:\programdata\AVG
    2012-09-22 22:06 . 2012-09-22 22:06 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2012-09-22 21:48 . 2012-08-24 11:15 17810944 ----a-w- c:\windows\system32\mshtml.dll
    2012-09-22 21:48 . 2012-08-24 10:39 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-09-21 22:15 . 2012-09-21 22:15 -------- d-----w- c:\users\Vikesh\AppData\Roaming\Malwarebytes
    2012-09-21 22:15 . 2012-09-21 22:15 -------- d-----w- c:\programdata\Malwarebytes
    2012-09-21 22:15 . 2012-09-25 17:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-09-12 20:51 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-09-12 20:51 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
    2012-09-12 20:51 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-09-12 20:51 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2012-09-12 20:51 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-09-12 20:51 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-09-12 20:51 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-09-12 20:41 . 2012-09-22 21:37 -------- d-----w- c:\program files (x86)\QuickTime
    2012-09-07 19:53 . 2011-03-30 18:00 766824 ------w- c:\windows\system32\HPDiscoPMa011.dll
    2012-09-07 19:52 . 2012-09-22 21:38 -------- d-----w- c:\programdata\HP
    2012-09-07 19:52 . 2012-09-22 21:36 -------- d-----w- c:\program files (x86)\HP
    2012-09-07 19:52 . 2012-09-22 21:37 -------- d-----w- c:\program files\HP
    2012-09-07 19:52 . 2012-09-22 21:38 -------- d-----w- c:\users\Vikesh\AppData\Local\HP
    2012-09-07 19:34 . 2012-09-07 19:34 -------- d-----w- c:\users\Vikesh\AppData\Local\ElevatedDiagnostics
    2012-09-04 22:36 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-09-04 22:27 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
    2012-09-04 21:37 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
    2012-09-04 21:28 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-09-04 21:27 . 2012-09-23 00:07 -------- d-----w- c:\programdata\AVAST Software
    2012-09-04 21:27 . 2012-09-23 00:07 -------- d-----w- c:\program files\AVAST Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-25 15:01 . 2011-11-20 16:41 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2012-09-22 23:09 . 2012-04-06 21:04 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-22 23:09 . 2011-11-21 18:26 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-13 02:01 . 2011-11-21 17:02 64462936 ----a-w- c:\windows\system32\MRT.exe
    2012-07-21 16:21 . 2012-07-21 16:21 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-07-21 16:21 . 2011-11-26 17:16 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-07-16 22:23 . 2012-07-14 18:28 282472 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-07-16 22:23 . 2012-07-14 17:49 282472 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-07-16 22:17 . 2012-07-14 17:49 282472 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-07-14 17:53 . 2012-07-14 17:49 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-07-14 17:49 . 2012-07-14 17:49 674600 ----a-w- c:\windows\SysWow64\pbsvc.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-03-30 2547048]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
    "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
    "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-07 766536]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]
    FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-7-6 12862]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Reader\Ereg\Ereg.ini"
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 250288]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-21 1255736]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-10 25960]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-10 2009704]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
    S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 93498863
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - MBAMPROTECTOR
    *Deregistered* - 93498863
    *Deregistered* - aswMBR
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 23:11]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
    2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
    @="{64174815-8D98-4CE6-8646-4C039977D808}"
    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
    2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
    "SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://www.google.co.uk/
    mStart Page = hxxp://asus.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = isa:8080
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 10.0.8.2 139.184.32.26 139.184.32.27
    FF - ProfilePath - c:\users\Vikesh\AppData\Roaming\Mozilla\Firefox\Profiles\321tpfu5.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\05\03\09\14\0c5?"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-09-26 01:04:42
    ComboFix-quarantined-files.txt 2012-09-26 00:04
    ComboFix2.txt 2012-09-25 23:38
    .
    Pre-Run: 86,648,762,368 bytes free
    Post-Run: 86,590,316,544 bytes free
    .
    - - End Of File - - A2183702D207942C1BFD43A90DA13A71
  14. Broni

    Broni Malware Annihilator Posts: 46,805   +254

    Looks good :)

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  15. Big Vikz

    Big Vikz TS Rookie Topic Starter Posts: 29

    OTL Extras logfile created on: 9/26/2012 1:14:19 AM - Run 1
    OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Vikesh\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.91 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 31.25% Memory free
    7.83 Gb Paging File | 5.03 Gb Available in Paging File | 64.22% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 186.30 Gb Total Space | 80.73 Gb Free Space | 43.33% Space Free | Partition Type: NTFS
    Drive D: | 254.45 Gb Total Space | 254.35 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

    Computer Name: VIKESH-PC | User Name: Vikesh | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1033316682-3954892544-2410240173-1002\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0CC5EFDF-3FAA-4EE1-B6F8-AAED79EF226F}" = lport=139 | protocol=6 | dir=in | app=system |
    "{0F1E34E6-9899-43A4-B1DC-48B20C1FC268}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{10AF9122-0E91-4E49-85B8-FA52DBE7A5CB}" = rport=139 | protocol=6 | dir=out | app=system |
    "{165627FF-241D-43C1-9AA2-2FF05E368144}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1938009F-1D06-484F-BC74-D14FA0D01E31}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{19EBFE20-062B-4E05-B401-0A715C87E563}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
    "{20E1C384-AF19-4ADB-A09B-710B3C773EDC}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
    "{228CF50C-2E1D-4190-83DF-F15112746CA1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{251251A5-36A8-4598-8FDC-CE8A1F061CC3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{31640088-5F1E-454F-B3F9-A3340C583B04}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4610C2E4-EC54-441B-88C2-927F3EDC4974}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
    "{54D9218C-4F25-4412-A3B3-8FAD42DA4569}" = lport=137 | protocol=17 | dir=in | app=system |
    "{554EA5E6-1526-44E5-9E82-04BB951A985C}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
    "{5646B9F8-E306-4237-B50A-54949EC9284A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{61BED646-9A88-4D61-8B31-3A5EBD39364B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{71CADB8B-AB23-4BA1-834B-A27F3A68C891}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{752520A7-12A4-49F5-A0B7-796E718F5907}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{84246354-E2F5-4D09-80B1-ED2AB89BB143}" = rport=137 | protocol=17 | dir=out | app=system |
    "{88EDEC35-58FC-47D4-B7A0-3DF7085B8C84}" = lport=138 | protocol=17 | dir=in | app=system |
    "{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
    "{AAAB7C4D-C0E5-4DA6-872D-2B05BFAABC01}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B4AF81D6-A8F6-4754-8580-41198124FC21}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{D2A4212F-73D9-4786-B1DF-3DD6D1773F67}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
    "{D62E826D-B492-46D4-A6E8-AC9FC8A35E66}" = rport=138 | protocol=17 | dir=out | app=system |
    "{DD62E653-25C2-4EBF-8642-24013ADE9DD1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EC43B141-ADD2-44FD-BDCE-5361970B7E2F}" = lport=445 | protocol=6 | dir=in | app=system |
    "{ED030CDD-A3B2-4182-9241-0AED1FF7124D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{F418DD03-F80B-4F74-89B8-02CA75B28202}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{FDB3C05C-D8AF-483D-B1FD-F0B56BD9AF1B}" = rport=445 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04C6F35C-1AA1-48EE-B2A5-CD44EF193749}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0BB9B558-0583-40A2-BB15-AFA77C68BDFA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{1C1D4C00-89CF-4971-A1C4-6AD82375BD08}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{2B7DF97B-6F54-4C8D-A119-56998D615F37}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{30512135-BCF4-46A1-8DBD-1B1CE6D5D385}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{365165D8-0125-4839-AA23-2576D677CBA2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{37858E9E-FCD8-4D3D-88D5-642C74D00AC6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{39C5467D-1862-4B7B-A555-0B44E746C04D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3FBEADAA-7F17-4486-9C3C-E2594A5F25A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{416EB6EA-8961-41FB-A0ED-BBE30805C90B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{4A831BC0-6171-48CB-80A4-47CCC445854B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{50778012-9A3F-4F6E-8B1C-AAAE0B52774D}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe |
    "{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{5DC133AF-A358-489C-8366-0CDF2A829EF2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{64B5BDA5-7A79-4E64-B10B-DC8764327E7D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{657960AC-B74E-47CB-BE98-9E1F66A0A5AB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{6586D1D9-9F4E-4B1A-AED3-10A5E60ED6F8}" = protocol=6 | dir=out | app=system |
    "{6C649A21-2D07-434E-A3B3-242B3C9A0252}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6FB4B2AD-87F6-49C7-AA73-B371E64D856C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{700D4708-6489-4AB6-B888-9FF24787C62D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{7ADEA697-323B-4558-BB55-1F14B740C5A6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{7B55426A-0A25-4D2C-8254-7A4B5AAA6012}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{82DCAAB9-98DA-4A2C-8F41-9478872B160B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe |
    "{84CB095B-9A4F-4789-BD6C-E90035334271}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{8826AA7D-E449-4233-87DB-43121D2084CF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe |
    "{8E43171C-F857-4E6C-8E0D-FBB6B6E0F1C4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{8EBB66D5-F643-4C9D-BC4B-2EF6718299D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{946086CC-43E7-46BE-AB7D-ACC29F588AFC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A030CEFD-2C14-4133-85DD-645526B3AE5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B7786A19-DA63-47F7-A23C-D91ADB11FC2C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe |
    "{B9EDE84C-0289-473B-B32F-1452CF7F574D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C0DDDF19-F765-4864-93D0-93A54167ADB1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{C7989315-F994-49E7-947B-25D47B1FF9CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{CB537EC5-6D2B-44FA-A5A1-72D86AFD0549}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{CB6FEF17-523C-4CB4-979F-25F22495BBAB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D86C35C2-9EDF-4A28-8283-AF66ECF4F92F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{D8727420-3E2B-47A3-97C5-A7B189A0D55B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{E4E32FEA-726E-43D6-B2CA-B3B9BCD70ADA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{E83913BB-51EC-421E-A1C9-372ABF529325}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe |
    "{E89FC9AF-F87D-48C8-A55F-83D9BC1F2602}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{E8D78B00-6DA0-4492-B767-97A59C84256F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EA1078B6-8DD4-4370-B38B-E5EEA20E5400}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe |
    "{EFFAD21F-E1AB-4A89-8D05-75154514146B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{F5E0A2B8-2F88-4DE2-AC73-25DC92CFAAEF}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{F5EC8F3B-6777-4F76-800D-1E1E81951785}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{F68E043F-2220-4D42-9652-2E1A2384A286}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "TCP Query User{0BED2CE5-6B78-47E9-9173-85DABACF09FE}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
    "UDP Query User{85593676-12BA-43F6-A97C-2242EFBBCA8D}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
    "{0F696557-180C-4813-A754-5D43969B0691}" = Windows Live Family Safety
    "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
    "{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
    "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
    "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
    "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
    "{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
    "{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
    "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
    "{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
    "{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7734509D-A1F7-4A5E-AF9D-77CD17AE41AF}" = Windows Live Family Safety
    "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
    "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
    "{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
    "{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.56
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.56
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.22
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B6A3EAE4-3727-46A4-A659-8576BF7C8C8D}" = HP Deskjet 3050A J611 series Basic Device Software
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
    "{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety
    "{CF411A4F-5ED9-11E1-B971-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D4761C4F-5ED9-11E1-9202-F04DA23A5C58}" = MSVCRT Redists
    "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
    "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
    "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
    "{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
  16. Big Vikz

    Big Vikz TS Rookie Topic Starter Posts: 29

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
    "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
    "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
    "{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
    "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
    "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
    "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
    "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
    "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
    "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
    "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
    "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
    "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
    "{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
    "{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
    "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
    "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
    "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
    "{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
    "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
    "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
    "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
    "{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
    "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
    "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
    "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
    "{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
    "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
    "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
    "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
    "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
    "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
    "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
    "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
    "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
    "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
    "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
    "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
    "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
    "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
    "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
    "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
    "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Help
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
    "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
    "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
    "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
    "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
    "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
    "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
    "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
    "{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
    "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
    "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
    "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
    "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
    "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
    "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
    "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
    "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
    "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
    "{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
    "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
    "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
    "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
    "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
    "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
    "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
    "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
    "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
    "ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver
    "Asus Vibe2.0" = AsusVibe2.0
    "ASUS WebStorage" = ASUS WebStorage
    "avast" = avast! Free Antivirus
    "Bookworm Deluxe" = Bookworm Deluxe
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Cooking Dash" = Cooking Dash
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Governor of Poker" = Governor of Poker
    "Hotel Dash Suite Success" = Hotel Dash Suite Success
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "Jewel Quest 3" = Jewel Quest 3
    "Luxor 3" = Luxor 3
    "Mahjongg dimensions" = Mahjongg dimensions
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Plants vs Zombies" = Plants vs Zombies
    "ProInst" = Intel PROSet Wireless
    "PunkBusterSvc" = PunkBuster Services
    "Steam App 440" = Team Fortress 2
    "Steam App 7940" = Call of Duty 4: Modern Warfare
    "VLC media player" = VLC media player 1.1.11
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.01 (32-bit)
    "World of Goo" = World of Goo
    "Xfire" = Xfire (remove only)

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/19/2012 6:20:39 PM | Computer Name = Vikesh-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/19/2012 6:20:39 PM | Computer Name = Vikesh-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2012

    Error - 9/19/2012 6:20:39 PM | Computer Name = Vikesh-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2012

    Error - 9/21/2012 12:39:24 PM | Computer Name = Vikesh-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514,
    time stamp: 0x4ce7ae7f Faulting module name: unknown, version: 0.0.0.0, time stamp:
    0x00000000 Exception code: 0xc0000005 Fault offset: 0x000000000008000a Faulting process
    id: 0x1980 Faulting application start time: 0x01cd97f5fb507c7b Faulting application
    path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: unknown
    Report
    Id: e68846fb-040a-11e2-8821-14dae91a182e

    Error - 9/21/2012 1:17:24 PM | Computer Name = Vikesh-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe_RpcSs, version: 6.1.7600.16385,
    time stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp:
    0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000770e000a Faulting process
    id: 0x4d0 Faulting application start time: 0x01cd97f5c6d3d13b Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: unknown Report Id: 34fc4f11-0410-11e2-8821-14dae91a182e

    Error - 9/21/2012 1:24:49 PM | Computer Name = Vikesh-PC | Source = VSS | ID = 13
    Description =

    Error - 9/21/2012 1:24:49 PM | Computer Name = Vikesh-PC | Source = VSS | ID = 8193
    Description =

    Error - 9/21/2012 1:24:49 PM | Computer Name = Vikesh-PC | Source = VSS | ID = 13
    Description =

    Error - 9/21/2012 1:24:49 PM | Computer Name = Vikesh-PC | Source = VSS | ID = 8193
    Description =

    Error - 9/22/2012 12:01:22 PM | Computer Name = Vikesh-PC | Source = MsiInstaller | ID = 10005
    Description =

    [ Media Center Events ]
    Error - 2/17/2012 9:23:39 PM | Computer Name = Vikesh-PC | Source = MCUpdate | ID = 0
    Description = 01:22:44 - Error connecting to the internet. 01:22:44 - Unable
    to contact server..

    Error - 4/24/2012 5:07:02 AM | Computer Name = Vikesh-PC | Source = MCUpdate | ID = 0
    Description = 10:07:02 - Error connecting to the internet. 10:07:02 - Unable
    to contact server..

    Error - 4/24/2012 5:07:13 AM | Computer Name = Vikesh-PC | Source = MCUpdate | ID = 0
    Description = 10:07:08 - Error connecting to the internet. 10:07:08 - Unable
    to contact server..

    Error - 4/25/2012 6:58:57 AM | Computer Name = Vikesh-PC | Source = MCUpdate | ID = 0
    Description = 11:58:57 - Error connecting to the internet. 11:58:57 - Unable
    to contact server..

    Error - 4/25/2012 6:59:06 AM | Computer Name = Vikesh-PC | Source = MCUpdate | ID = 0
    Description = 11:59:02 - Error connecting to the internet. 11:59:02 - Unable
    to contact server..

    Error - 5/1/2012 9:00:41 AM | Computer Name = Vikesh-PC | Source = MCUpdate | ID = 0
    Description = 14:00:41 - Failed to retrieve Broadband.enc (Error: HTTP status 400:
    The server cannot process the request because the syntax is not valid. )

    Error - 5/1/2012 10:01:33 AM | Computer Name = Vikesh-PC | Source = MCUpdate | ID = 0
    Description = 15:01:29 - Failed to retrieve Broadband.enc (Error: HTTP status 400:
    The server cannot process the request because the syntax is not valid. )

    Error - 5/2/2012 9:08:23 AM | Computer Name = Vikesh-PC | Source = MCUpdate | ID = 0
    Description = 14:08:22 - Error connecting to the internet. 14:08:22 - Unable
    to contact server..

    Error - 5/2/2012 9:08:39 AM | Computer Name = Vikesh-PC | Source = MCUpdate | ID = 0
    Description = 14:08:28 - Error connecting to the internet. 14:08:28 - Unable
    to contact server..

    Error - 5/8/2012 10:09:28 AM | Computer Name = Vikesh-PC | Source = MCUpdate | ID = 0
    Description = 15:09:17 - Error connecting to the internet. 15:09:17 - Unable
    to contact server..

    [ System Events ]
    Error - 9/25/2012 6:48:08 PM | Computer Name = Vikesh-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 9/25/2012 6:48:08 PM | Computer Name = Vikesh-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 9/25/2012 6:48:09 PM | Computer Name = Vikesh-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 9/25/2012 7:01:55 PM | Computer Name = Vikesh-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 9/25/2012 7:01:55 PM | Computer Name = Vikesh-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 9/25/2012 7:29:46 PM | Computer Name = Vikesh-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 9/25/2012 7:35:45 PM | Computer Name = Vikesh-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 9/25/2012 7:36:21 PM | Computer Name = Vikesh-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 9/25/2012 8:00:36 PM | Computer Name = Vikesh-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 9/25/2012 8:02:58 PM | Computer Name = Vikesh-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
  17. Big Vikz

    Big Vikz TS Rookie Topic Starter Posts: 29

    Function properly.


    < End of report >
  18. Broni

    Broni Malware Annihilator Posts: 46,805   +254

    You posted only Extras.txt. I still need OTL.txt log.
  19. Big Vikz

    Big Vikz TS Rookie Topic Starter Posts: 29

    OTL logfile created on: 9/26/2012 1:14:19 AM - Run 1
    OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Vikesh\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.91 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 31.25% Memory free
    7.83 Gb Paging File | 5.03 Gb Available in Paging File | 64.22% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 186.30 Gb Total Space | 80.73 Gb Free Space | 43.33% Space Free | Partition Type: NTFS
    Drive D: | 254.45 Gb Total Space | 254.35 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

    Computer Name: VIKESH-PC | User Name: Vikesh | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/26 01:13:06 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Vikesh\Downloads\OTL.exe
    PRC - [2012/09/23 00:09:40 | 001,807,280 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
    PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/09/06 02:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/08/21 10:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/08/21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/07/14 18:53:19 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2011/08/31 16:33:32 | 001,545,856 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    PRC - [2011/07/06 20:39:05 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
    PRC - [2011/05/10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/02/25 18:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/01/25 19:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    PRC - [2010/11/15 18:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    PRC - [2010/10/07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    PRC - [2010/08/17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    PRC - [2010/07/10 06:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    PRC - [2009/12/15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    PRC - [2009/11/02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    PRC - [2009/06/19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    PRC - [2009/06/19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    PRC - [2009/06/16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    PRC - [2008/12/23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    PRC - [2008/08/14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/09/23 00:09:40 | 009,813,424 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
    MOD - [2012/09/06 02:26:41 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/06/16 17:29:05 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
    MOD - [2012/06/16 17:28:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/16 17:28:30 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/06/16 17:28:23 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
    MOD - [2012/05/09 21:46:22 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
    MOD - [2012/05/09 21:45:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/05/09 21:45:12 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/09 21:45:08 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/09 21:45:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/09 21:44:59 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2011/08/31 16:33:32 | 000,208,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
    MOD - [2009/11/02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    MOD - [2009/11/02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
    MOD - [2009/08/11 21:18:28 | 000,497,664 | ---- | M] () -- C:\Windows\SysWOW64\ac3filter.acm


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/08/21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2011/05/02 22:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2011/05/02 22:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2011/05/02 22:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2011/03/04 00:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
    SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/04/17 00:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/09/23 00:11:29 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/09/06 02:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/14 18:53:19 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/07/13 22:27:10 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/01/11 23:32:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/05/10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/03/02 05:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 18:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/12/15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
    SRV - [2009/06/16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/08/21 10:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/08/21 10:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/08/21 10:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/08/21 10:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/08/21 10:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/08/21 10:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/07/20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV:64bit: - [2011/05/10 19:47:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2011/05/01 22:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/03/04 04:42:20 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/01/27 01:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/01/13 12:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/11/20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/09/23 08:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/09/22 02:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/09/13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/08/03 19:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
    DRV:64bit: - [2010/04/17 00:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2009/10/05 02:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/07/20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/06/10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/05/24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2010/07/26 21:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1033316682-3954892544-2410240173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
    IE - HKU\S-1-5-21-1033316682-3954892544-2410240173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE - HKU\S-1-5-21-1033316682-3954892544-2410240173-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKU\S-1-5-21-1033316682-3954892544-2410240173-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    IE - HKU\S-1-5-21-1033316682-3954892544-2410240173-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKU\S-1-5-21-1033316682-3954892544-2410240173-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
    IE - HKU\S-1-5-21-1033316682-3954892544-2410240173-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1033316682-3954892544-2410240173-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1033316682-3954892544-2410240173-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKU\S-1-5-21-1033316682-3954892544-2410240173-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = isa:8080

    ========== FireFox ==========
  20. Big Vikz

    Big Vikz TS Rookie Topic Starter Posts: 29

    FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
    FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/23 01:08:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/23 03:13:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/12 21:42:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

    [2011/11/20 17:46:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vikesh\AppData\Roaming\Mozilla\Extensions
    [2012/08/12 02:37:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vikesh\AppData\Roaming\Mozilla\Firefox\Profiles\321tpfu5.default\extensions
    [2012/08/12 02:37:50 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Vikesh\AppData\Roaming\Mozilla\Firefox\Profiles\321tpfu5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012/09/23 03:13:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/09/23 01:08:08 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2012/09/06 02:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/06 02:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/09/06 02:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\Vikesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: YouTube = C:\Users\Vikesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: Google Search = C:\Users\Vikesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: Google Search = C:\Users\Vikesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: No name found = C:\Users\Vikesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
    CHR - Extension: No name found = C:\Users\Vikesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
    CHR - Extension: No name found = C:\Users\Vikesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
    CHR - Extension: Gmail = C:\Users\Vikesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
    CHR - Extension: Gmail = C:\Users\Vikesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/09/26 00:36:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
    O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
    O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
    O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
    O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
    O4 - HKU\S-1-5-21-1033316682-3954892544-2410240173-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
    O4 - HKU\S-1-5-21-1033316682-3954892544-2410240173-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1033316682-3954892544-2410240173-1002..\Run: [HP Deskjet 3050A J611 series (NET)] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKU\S-1-5-21-1033316682-3954892544-2410240173-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1033316682-3954892544-2410240173-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1033316682-3954892544-2410240173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1033316682-3954892544-2410240173-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1033316682-3954892544-2410240173-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.8.2 139.184.32.26 139.184.32.27
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14788C89-2AE4-40BE-B731-F346B717DC8E}: DhcpNameServer = 10.0.8.2 139.184.32.26 139.184.32.27
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B6FE27D-6EF8-4FA5-BB1C-7A7F150007D8}: DhcpNameServer = 192.168.0.1 192.168.0.2 192.168.0.3
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/26 00:46:52 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Vikesh\Desktop\rkill.exe
    [2012/09/26 00:01:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/09/26 00:01:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/09/26 00:01:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/09/25 23:58:34 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/25 23:58:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/09/25 22:06:20 | 000,000,000 | ---D | C] -- C:\Users\Vikesh\Desktop\RK_Quarantine
    [2012/09/24 13:07:09 | 000,039,184 | ---- | C] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
    [2012/09/24 13:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
    [2012/09/24 13:05:41 | 000,000,000 | ---D | C] -- C:\Users\Vikesh\Documents\RegRun2
    [2012/09/24 13:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
    [2012/09/23 10:01:36 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
    [2012/09/23 03:19:34 | 000,000,000 | ---D | C] -- C:\Users\Vikesh\AppData\Roaming\SUPERAntiSpyware.com
    [2012/09/23 03:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/09/23 03:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2012/09/23 01:08:34 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/09/23 01:08:34 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/09/23 01:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/09/23 01:08:31 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/09/23 01:08:29 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/09/23 01:08:26 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/09/23 01:08:26 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/09/23 01:07:54 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/09/23 01:07:50 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/09/23 00:38:09 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/09/22 23:07:37 | 000,000,000 | ---D | C] -- C:\Users\Vikesh\AppData\Roaming\AVG
    [2012/09/22 23:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
    [2012/09/22 23:06:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    [2012/09/21 23:15:50 | 000,000,000 | ---D | C] -- C:\Users\Vikesh\AppData\Roaming\Malwarebytes
    [2012/09/21 23:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/09/21 23:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/09/21 23:15:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/09/15 15:03:07 | 000,473,328 | ---- | C] (Cloudpath Networks, Inc.) -- C:\Users\Vikesh\Desktop\NetworkWizardLoader.exe
    [2012/09/12 21:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/09/12 21:41:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2012/09/10 21:29:07 | 000,000,000 | ---D | C] -- C:\Users\Vikesh\AppData\Roaming\Google
    [2012/09/07 20:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    [2012/09/07 20:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
    [2012/09/07 20:52:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
    [2012/09/07 20:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\HP
    [2012/09/07 20:52:38 | 000,000,000 | ---D | C] -- C:\Users\Vikesh\AppData\Local\HP
    [2012/09/07 20:34:45 | 000,000,000 | ---D | C] -- C:\Users\Vikesh\AppData\Local\ElevatedDiagnostics
    [2012/09/04 22:28:43 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/09/04 22:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/09/04 22:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

    ========== Files - Modified Within 30 Days ==========

    [2012/09/26 01:09:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/09/26 00:46:54 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Vikesh\Desktop\rkill.exe
    [2012/09/26 00:36:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/09/25 23:55:53 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/25 23:55:53 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/25 23:51:54 | 000,741,824 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/09/25 23:51:54 | 000,640,286 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/09/25 23:51:54 | 000,114,778 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/09/25 23:47:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/25 18:39:08 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/25 16:01:06 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
    [2012/09/25 16:00:25 | 3151,839,232 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/24 13:07:09 | 000,039,184 | ---- | M] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
    [2012/09/24 13:05:46 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
    [2012/09/24 13:05:46 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
    [2012/09/23 03:27:15 | 000,002,268 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
    [2012/09/23 03:27:14 | 000,001,480 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
    [2012/09/23 03:13:13 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/09/23 01:08:34 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/09/15 15:03:27 | 000,473,328 | ---- | M] (Cloudpath Networks, Inc.) -- C:\Users\Vikesh\Desktop\NetworkWizardLoader.exe
    [2012/09/14 20:09:25 | 001,915,142 | ---- | M] () -- C:\Users\Vikesh\Desktop\IMG_5057.JPG
    [2012/09/12 21:41:42 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/09/07 20:53:43 | 000,001,203 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3050A J611 series.lnk
    [2012/09/07 20:53:42 | 000,002,250 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk
    [2012/09/07 20:53:40 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Deskjet 3050A J611 series.lnk
    [2012/09/07 20:52:44 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
    [2012/09/07 19:33:17 | 004,980,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2012/09/26 00:01:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/09/26 00:01:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/09/26 00:01:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/09/26 00:01:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/09/26 00:01:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/09/24 13:05:46 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
    [2012/09/24 13:05:46 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
    [2012/09/23 03:13:13 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/09/23 03:13:12 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/09/23 01:08:34 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/09/23 00:38:14 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/14 20:09:16 | 001,915,142 | ---- | C] () -- C:\Users\Vikesh\Desktop\IMG_5057.JPG
    [2012/09/12 21:41:42 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/09/07 20:53:43 | 000,001,203 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3050A J611 series.lnk
    [2012/09/07 20:53:42 | 000,002,250 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk
    [2012/09/07 20:53:40 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Deskjet 3050A J611 series.lnk
    [2012/09/07 20:52:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2012/07/14 18:49:21 | 000,674,600 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
    [2012/07/14 18:49:21 | 000,282,472 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/07/14 18:49:21 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012/06/16 01:17:24 | 000,042,432 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
    [2012/04/24 16:47:56 | 000,000,132 | ---- | C] () -- C:\Users\Vikesh\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011/05/31 08:01:37 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/05/31 08:01:35 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/05/31 08:01:33 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/05/31 08:00:05 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\SysWow64\wbem\wbemess.dll

    ========== LOP Check ==========

    [2011/11/20 20:26:31 | 000,000,000 | ---D | M] -- C:\Users\Vikesh\AppData\Roaming\ASUS WebStorage
    [2012/09/22 23:07:37 | 000,000,000 | ---D | M] -- C:\Users\Vikesh\AppData\Roaming\AVG
    [2012/02/02 02:06:30 | 000,000,000 | ---D | M] -- C:\Users\Vikesh\AppData\Roaming\AVG2012
    [2012/06/26 23:00:56 | 000,000,000 | ---D | M] -- C:\Users\Vikesh\AppData\Roaming\Azureus
    [2012/06/28 12:59:26 | 000,000,000 | ---D | M] -- C:\Users\Vikesh\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/12/11 15:37:23 | 000,000,000 | ---D | M] -- C:\Users\Vikesh\AppData\Roaming\DAEMON Tools Lite
    [2011/11/21 20:58:25 | 000,000,000 | ---D | M] -- C:\Users\Vikesh\AppData\Roaming\Nuance
    [2012/05/09 22:52:51 | 000,000,000 | ---D | M] -- C:\Users\Vikesh\AppData\Roaming\Publish Providers
    [2011/12/29 20:02:20 | 000,000,000 | ---D | M] -- C:\Users\Vikesh\AppData\Roaming\redsn0w
    [2012/07/16 22:40:58 | 000,000,000 | ---D | M] -- C:\Users\Vikesh\AppData\Roaming\SendSpace
    [2012/05/10 14:21:02 | 000,000,000 | ---D | M] -- C:\Users\Vikesh\AppData\Roaming\Sony
    [2011/12/11 19:45:54 | 000,000,000 | ---D | M] -- C:\Users\Vikesh\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2012/09/22 22:39:42 | 000,000,000 | ---D | M] -- C:\Users\Vikesh\AppData\Roaming\SystemRequirementsLab
    [2012/07/17 02:26:47 | 000,000,000 | ---D | M] -- C:\Users\Vikesh\AppData\Roaming\TS3Client
    [2012/05/09 22:23:12 | 000,000,000 | ---D | M] -- C:\Users\Vikesh\AppData\Roaming\uTorrent
    [2012/05/15 17:57:30 | 000,000,000 | ---D | M] -- C:\Users\Vikesh\AppData\Roaming\Windows Live Writer
    [2011/11/21 20:58:19 | 000,000,000 | ---D | M] -- C:\Users\Vikesh\AppData\Roaming\Zeon

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D20FFA63

    < End of report >
  21. Broni

    Broni Malware Annihilator Posts: 46,805   +254

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-1033316682-3954892544-2410240173-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = isa:8080
      O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
      O4 - HKU\S-1-5-21-1033316682-3954892544-2410240173-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      [2012/09/22 23:07:37 | 000,000,000 | ---D | C] -- C:\Users\Vikesh\AppData\Roaming\AVG
      [2012/09/22 23:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
      [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\SysWow64\wbem\wbemess.dll
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D20FFA63
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  22. Big Vikz

    Big Vikz TS Rookie Topic Starter Posts: 29

    ========== OTL ==========
    HKU\S-1-5-21-1033316682-3954892544-2410240173-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager not found.
    Registry value HKEY_USERS\S-1-5-21-1033316682-3954892544-2410240173-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
    Folder C:\Users\Vikesh\AppData\Roaming\AVG\ not found.
    Folder C:\ProgramData\AVG\ not found.
    File C:\Windows\assembly\Desktop.ini not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    Unable to delete ADS C:\ProgramData\Temp:D20FFA63 .

    OTL by OldTimer - Version 3.2.66.0 log created on 09262012_134526
  23. Big Vikz

    Big Vikz TS Rookie Topic Starter Posts: 29

    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.0.1400
    Adobe Flash Player 11.4.402.278
    Mozilla Firefox (15.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes' Anti-Malware mbamscheduler.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
  24. Big Vikz

    Big Vikz TS Rookie Topic Starter Posts: 29

    Farbar Service Scanner Version: 19-09-2012
    Ran by Vikesh (administrator) on 26-09-2012 at 13:51:35
    Running from "C:\Users\Vikesh\Downloads"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  25. Big Vikz

    Big Vikz TS Rookie Topic Starter Posts: 29

    # AdwCleaner v2.003 - Logfile created 09/26/2012 at 13:52:35
    # Updated 23/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Vikesh - VIKESH-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Vikesh\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\ProgramData\InstallMate
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\ProgramData\Premium

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Conduit

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-21-1033316682-3954892544-2410240173-1000\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

    -\\ Mozilla Firefox v15.0.1 (en-US)

    Profile name : default
    File : C:\Users\Vikesh\AppData\Roaming\Mozilla\Firefox\Profiles\321tpfu5.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Vikesh\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [1495 octets] - [26/09/2012 13:52:35]

    ########## EOF - C:\AdwCleaner[S1].txt - [1555 octets] ##########


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.