Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with what seems to be a Trojan - Windows Fails to Boot Repeatedly


  • This topic is locked This topic is locked
21 replies to this topic

#1 SnickDroid

SnickDroid

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 13 September 2013 - 11:37 PM

Hi all,

 

I've recently been having trouble booting my Windows 7 machine, as it's been going into a repeated restart after the Windows logo loads. I've tried using all the options in Windows' Repair My Computer but it's not working. I've found that I can boot it in safe mode, and checked the event viewer. When I googled the errors there, I was pointed here to this forum. The errors I'm talking about is attached in my Attach.txt file.

 

Below are my DDS logs and Security Check (taken from Safe mode, where I can boot):

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.25.2
Run by Isneyki at 11:29:31 on 2013-09-14
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8174.6878 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Isneyki\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GarenaPlus] "C:\Games\Garena Plus\GarenaMessenger.exe" -autolaunch
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_Plugin.exe -update plugin
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 192.168.10.1
TCP: Interfaces\{433202D7-C2CA-4FD4-AC99-E25F7DBEBD81} : DHCPNameServer = 192.168.10.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\
FF - plugin: C:\Games\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Isneyki\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\Isneyki\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Isneyki\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Users\Isneyki\AppData\Roaming\RCKR\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-09-01 00:40; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-09-01 00:40; firefox@ghostery.com; C:\Users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\extensions\firefox@ghostery.com.xpi
FF - ExtSQL: 2013-09-01 00:41; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-09-01 00:41; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
============= SERVICES / DRIVERS ===============
.
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-10-17 21992]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-4-22 72216]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 139616]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-2 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-12-27 36328]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-10-21 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2011-12-27 95928]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-28 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-17 471144]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-12-27 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-12-27 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-12-27 177640]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2011-12-27 203320]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-28 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-19 1255736]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-09-13 07:20:57    9515512    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{54B6A8B5-F65F-4E32-AAC5-159942D4DA82}\mpengine.dll
2013-09-08 15:11:15    9515512    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-06 03:17:57    965008    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9A089934-4A8C-4DA3-B620-84B1B65FAE35}\gapaengine.dll
2013-09-05 14:06:03    --------    d--h--w-    C:\Program Files (x86)\Common Files\EAInstaller
2013-09-03 07:38:13    --------    d-----w-    C:\Users\Isneyki\AppData\Roaming\Trine2
2013-08-29 07:25:53    --------    d-----w-    C:\Program Files (x86)\Origin Games
2013-08-29 07:21:17    --------    d-----w-    C:\Users\Isneyki\AppData\Roaming\Origin
2013-08-29 07:21:16    --------    d-----w-    C:\Users\Isneyki\AppData\Local\Origin
2013-08-29 07:13:35    --------    d-----w-    C:\ProgramData\Origin
2013-08-29 07:13:35    --------    d-----w-    C:\ProgramData\Electronic Arts
.
==================== Find3M  ====================
.
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-24 13:40:31    1188864    ----a-w-    C:\Windows\System32\wininet.dll
2013-07-24 13:14:35    981504    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-07-24 11:43:35    1638912    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-07-24 11:23:17    1638912    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-07-23 12:09:19    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-23 12:09:18    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-19 01:58:42    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-19 01:41:01    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-07-09 06:03:30    5550528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-07-09 05:52:52    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-07-09 05:03:34    3968960    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34    3913664    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-07-09 04:52:10    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-23 12:06:33    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-23 12:06:32    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-06-23 12:06:32    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-06-18 13:50:08    247216    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-06-18 13:50:08    139616    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 11:37:23.76 ===============

 

 

 

---------------------

Security Check Logs

---------------------

 

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300  
 JavaFX 2.1.1    
 Java 7 Update 25  
 Adobe Flash Player 11.8.800.94  
 Mozilla Firefox (23.0.1)
 Google Chrome 29.0.1547.62  
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

Attached Files


Edited by SnickDroid, 13 September 2013 - 11:38 PM.


BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:11 AM

Posted 17 September 2013 - 10:09 AM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:11 AM

Posted 19 September 2013 - 06:59 AM

Still here?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#4 SnickDroid

SnickDroid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 19 September 2013 - 07:55 AM

Hello, jeffce! Thanks for taking time to look at my problem! :) Sorry for the late response, as I've been really busy with some work issues. The weirdest thing though, I gave my PC a good dust cleaning and tried booting it up, and now boots into Normal Windows 7 mode! I'm still not convinced that I'm totally free though, and would really appreciate it if we could keep on looking if I might still have issues? :)

 

Anyway, here's what's in my TDS Killer log:

 

20:46:54.0096 1544  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:46:54.0159 1544  ============================================================
20:46:54.0159 1544  Current date / time: 2013/09/19 20:46:54.0159
20:46:54.0159 1544  SystemInfo:
20:46:54.0159 1544  
20:46:54.0159 1544  OS Version: 6.1.7601 ServicePack: 1.0
20:46:54.0159 1544  Product type: Workstation
20:46:54.0159 1544  ComputerName: ISNEYKI-PC
20:46:54.0159 1544  UserName: Isneyki
20:46:54.0159 1544  Windows directory: C:\Windows
20:46:54.0159 1544  System windows directory: C:\Windows
20:46:54.0159 1544  Running under WOW64
20:46:54.0159 1544  Processor architecture: Intel x64
20:46:54.0159 1544  Number of processors: 4
20:46:54.0159 1544  Page size: 0x1000
20:46:54.0159 1544  Boot type: Safe boot
20:46:54.0159 1544  ============================================================
20:46:55.0142 1544  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:46:55.0173 1544  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:46:55.0173 1544  Drive \Device\Harddisk2\DR3 - Size: 0x3BA300000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:46:55.0173 1544  ============================================================
20:46:55.0173 1544  \Device\Harddisk0\DR0:
20:46:55.0173 1544  MBR partitions:
20:46:55.0173 1544  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:46:55.0173 1544  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30D0D800
20:46:55.0173 1544  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D40000, BlocksNum 0x439C6000
20:46:55.0173 1544  \Device\Harddisk1\DR1:
20:46:55.0173 1544  MBR partitions:
20:46:55.0173 1544  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
20:46:55.0173 1544  \Device\Harddisk2\DR3:
20:46:55.0173 1544  MBR partitions:
20:46:55.0173 1544  \Device\Harddisk2\DR3\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DD17E0
20:46:55.0173 1544  ============================================================
20:46:55.0188 1544  C: <-> \Device\Harddisk0\DR0\Partition2
20:46:55.0235 1544  E: <-> \Device\Harddisk0\DR0\Partition3
20:46:55.0251 1544  F: <-> \Device\Harddisk1\DR1\Partition1
20:46:55.0251 1544  ============================================================
20:46:55.0251 1544  Initialize success
20:46:55.0251 1544  ============================================================
20:47:30.0429 1664  ============================================================
20:47:30.0429 1664  Scan started
20:47:30.0429 1664  Mode: Manual;
20:47:30.0429 1664  ============================================================
20:47:31.0115 1664  ================ Scan system memory ========================
20:47:31.0115 1664  System memory - ok
20:47:31.0115 1664  ================ Scan services =============================
20:47:31.0209 1664  1394hub - ok
20:47:31.0271 1664  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:47:31.0271 1664  1394ohci - ok
20:47:31.0287 1664  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:47:31.0287 1664  ACPI - ok
20:47:31.0318 1664  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:47:31.0318 1664  AcpiPmi - ok
20:47:31.0443 1664  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:47:31.0443 1664  AdobeFlashPlayerUpdateSvc - ok
20:47:31.0474 1664  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:47:31.0474 1664  adp94xx - ok
20:47:31.0474 1664  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:47:31.0474 1664  adpahci - ok
20:47:31.0490 1664  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:47:31.0490 1664  adpu320 - ok
20:47:31.0505 1664  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:47:31.0521 1664  AeLookupSvc - ok
20:47:31.0552 1664  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:47:31.0552 1664  AFD - ok
20:47:31.0568 1664  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:47:31.0568 1664  agp440 - ok
20:47:31.0583 1664  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:47:31.0583 1664  ALG - ok
20:47:31.0599 1664  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:47:31.0599 1664  aliide - ok
20:47:31.0630 1664  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:47:31.0630 1664  amdide - ok
20:47:31.0661 1664  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:47:31.0661 1664  AmdK8 - ok
20:47:31.0661 1664  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:47:31.0677 1664  AmdPPM - ok
20:47:31.0708 1664  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:47:31.0708 1664  amdsata - ok
20:47:31.0708 1664  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:47:31.0724 1664  amdsbs - ok
20:47:31.0724 1664  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:47:31.0724 1664  amdxata - ok
20:47:31.0755 1664  [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
20:47:31.0755 1664  androidusb - ok
20:47:31.0817 1664  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:47:31.0817 1664  AppID - ok
20:47:31.0833 1664  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:47:31.0833 1664  AppIDSvc - ok
20:47:31.0864 1664  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
20:47:31.0864 1664  Appinfo - ok
20:47:31.0927 1664  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
20:47:31.0927 1664  AppMgmt - ok
20:47:31.0942 1664  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:47:31.0942 1664  arc - ok
20:47:31.0942 1664  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:47:31.0942 1664  arcsas - ok
20:47:32.0036 1664  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:47:32.0067 1664  aspnet_state - ok
20:47:32.0098 1664  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:47:32.0098 1664  AsyncMac - ok
20:47:32.0114 1664  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:47:32.0114 1664  atapi - ok
20:47:32.0161 1664  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:47:32.0161 1664  AudioEndpointBuilder - ok
20:47:32.0161 1664  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:47:32.0176 1664  AudioSrv - ok
20:47:32.0223 1664  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:47:32.0223 1664  AxInstSV - ok
20:47:32.0254 1664  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:47:32.0270 1664  b06bdrv - ok
20:47:32.0285 1664  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:47:32.0285 1664  b57nd60a - ok
20:47:32.0301 1664  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:47:32.0301 1664  BDESVC - ok
20:47:32.0332 1664  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:47:32.0332 1664  Beep - ok
20:47:32.0379 1664  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:47:32.0379 1664  BFE - ok
20:47:32.0410 1664  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:47:32.0410 1664  BITS - ok
20:47:32.0410 1664  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:47:32.0410 1664  blbdrive - ok
20:47:32.0441 1664  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:47:32.0441 1664  bowser - ok
20:47:32.0457 1664  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:47:32.0457 1664  BrFiltLo - ok
20:47:32.0457 1664  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:47:32.0457 1664  BrFiltUp - ok
20:47:32.0488 1664  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:47:32.0488 1664  Browser - ok
20:47:32.0504 1664  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:47:32.0504 1664  Brserid - ok
20:47:32.0504 1664  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:47:32.0504 1664  BrSerWdm - ok
20:47:32.0519 1664  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:47:32.0519 1664  BrUsbMdm - ok
20:47:32.0519 1664  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:47:32.0519 1664  BrUsbSer - ok
20:47:32.0535 1664  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:47:32.0535 1664  BTHMODEM - ok
20:47:32.0551 1664  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:47:32.0551 1664  bthserv - ok
20:47:32.0566 1664  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:47:32.0566 1664  cdfs - ok
20:47:32.0613 1664  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
20:47:32.0613 1664  cdrom - ok
20:47:32.0644 1664  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:47:32.0644 1664  CertPropSvc - ok
20:47:32.0644 1664  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:47:32.0644 1664  circlass - ok
20:47:32.0660 1664  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:47:32.0660 1664  CLFS - ok
20:47:32.0722 1664  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:47:32.0722 1664  clr_optimization_v2.0.50727_32 - ok
20:47:32.0753 1664  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:47:32.0753 1664  clr_optimization_v2.0.50727_64 - ok
20:47:32.0831 1664  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:47:32.0894 1664  clr_optimization_v4.0.30319_32 - ok
20:47:32.0909 1664  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:47:32.0972 1664  clr_optimization_v4.0.30319_64 - ok
20:47:33.0003 1664  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:47:33.0003 1664  CmBatt - ok
20:47:33.0019 1664  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:47:33.0034 1664  cmdide - ok
20:47:33.0065 1664  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
20:47:33.0065 1664  CNG - ok
20:47:33.0081 1664  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:47:33.0081 1664  Compbatt - ok
20:47:33.0112 1664  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:47:33.0112 1664  CompositeBus - ok
20:47:33.0128 1664  COMSysApp - ok
20:47:33.0175 1664  [ 262969A3FAB32B9E17E63E2D17A57744 ] cpuz135         C:\Windows\system32\drivers\cpuz135_x64.sys
20:47:33.0175 1664  cpuz135 - ok
20:47:33.0190 1664  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:47:33.0190 1664  crcdisk - ok
20:47:33.0268 1664  [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
20:47:33.0268 1664  Creative Audio Engine Licensing Service - ok
20:47:33.0315 1664  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:47:33.0315 1664  CryptSvc - ok
20:47:33.0377 1664  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
20:47:33.0377 1664  CSC - ok
20:47:33.0409 1664  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
20:47:33.0424 1664  CscService - ok
20:47:33.0455 1664  [ 229E3B8F266ABDAFD54E4A372B9D5DDC ] CT20XUT         C:\Windows\system32\drivers\CT20XUT.SYS
20:47:33.0455 1664  CT20XUT - ok
20:47:33.0471 1664  [ 229E3B8F266ABDAFD54E4A372B9D5DDC ] CT20XUT.SYS     C:\Windows\System32\drivers\CT20XUT.SYS
20:47:33.0471 1664  CT20XUT.SYS - ok
20:47:33.0502 1664  [ EB3843A91A10150C9E05607CBCB44090 ] ctac32k         C:\Windows\system32\drivers\ctac32k.sys
20:47:33.0502 1664  ctac32k - ok
20:47:33.0518 1664  [ BC06EFB59A2316537765462DFE40F764 ] ctaud2k         C:\Windows\system32\drivers\ctaud2k.sys
20:47:33.0518 1664  ctaud2k - ok
20:47:33.0549 1664  [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
20:47:33.0549 1664  CTAudSvcService - ok
20:47:33.0580 1664  [ 63B2B6CE9D3EF182981FB64BD5433DA4 ] CTEXFIFX        C:\Windows\system32\drivers\CTEXFIFX.SYS
20:47:33.0596 1664  CTEXFIFX - ok
20:47:33.0627 1664  [ 63B2B6CE9D3EF182981FB64BD5433DA4 ] CTEXFIFX.SYS    C:\Windows\System32\drivers\CTEXFIFX.SYS
20:47:33.0627 1664  CTEXFIFX.SYS - ok
20:47:33.0627 1664  [ 6D115CC80873B85FD80DDA1C41F75A2C ] CTHWIUT         C:\Windows\system32\drivers\CTHWIUT.SYS
20:47:33.0643 1664  CTHWIUT - ok
20:47:33.0643 1664  [ 6D115CC80873B85FD80DDA1C41F75A2C ] CTHWIUT.SYS     C:\Windows\System32\drivers\CTHWIUT.SYS
20:47:33.0643 1664  CTHWIUT.SYS - ok
20:47:33.0658 1664  [ EBC9548EF5838CB5AA8F18B3AC28AF12 ] ctprxy2k        C:\Windows\system32\drivers\ctprxy2k.sys
20:47:33.0658 1664  ctprxy2k - ok
20:47:33.0658 1664  [ 459BEE1682121842285C162E2D98D81A ] ctsfm2k         C:\Windows\system32\drivers\ctsfm2k.sys
20:47:33.0658 1664  ctsfm2k - ok
20:47:33.0674 1664  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:47:33.0674 1664  DcomLaunch - ok
20:47:33.0721 1664  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:47:33.0721 1664  defragsvc - ok
20:47:33.0752 1664  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:47:33.0752 1664  DfsC - ok
20:47:33.0799 1664  [ BF4E72D6FA78FEDC4B8577116EFACE7E ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
20:47:33.0799 1664  dg_ssudbus - ok
20:47:33.0830 1664  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:47:33.0830 1664  Dhcp - ok
20:47:33.0861 1664  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:47:33.0861 1664  discache - ok
20:47:33.0892 1664  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:47:33.0892 1664  Disk - ok
20:47:33.0923 1664  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:47:33.0923 1664  Dnscache - ok
20:47:33.0970 1664  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:47:33.0970 1664  dot3svc - ok
20:47:33.0986 1664  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:47:33.0986 1664  DPS - ok
20:47:34.0033 1664  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:47:34.0033 1664  drmkaud - ok
20:47:34.0064 1664  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:47:34.0064 1664  DXGKrnl - ok
20:47:34.0095 1664  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:47:34.0095 1664  EapHost - ok
20:47:34.0142 1664  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:47:34.0189 1664  ebdrv - ok
20:47:34.0220 1664  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:47:34.0220 1664  EFS - ok
20:47:34.0251 1664  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:47:34.0251 1664  ehRecvr - ok
20:47:34.0267 1664  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:47:34.0267 1664  ehSched - ok
20:47:34.0282 1664  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:47:34.0298 1664  elxstor - ok
20:47:34.0329 1664  [ C26133B6165928FBD156C6FE570F9ED2 ] emupia          C:\Windows\system32\drivers\emupia2k.sys
20:47:34.0329 1664  emupia - ok
20:47:34.0360 1664  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:47:34.0360 1664  ErrDev - ok
20:47:34.0376 1664  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:47:34.0376 1664  EventSystem - ok
20:47:34.0391 1664  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:47:34.0391 1664  exfat - ok
20:47:34.0407 1664  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:47:34.0407 1664  fastfat - ok
20:47:34.0438 1664  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:47:34.0454 1664  Fax - ok
20:47:34.0469 1664  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:47:34.0469 1664  fdc - ok
20:47:34.0469 1664  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:47:34.0469 1664  fdPHost - ok
20:47:34.0469 1664  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:47:34.0485 1664  FDResPub - ok
20:47:34.0485 1664  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:47:34.0485 1664  FileInfo - ok
20:47:34.0501 1664  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:47:34.0501 1664  Filetrace - ok
20:47:34.0516 1664  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:47:34.0516 1664  flpydisk - ok
20:47:34.0532 1664  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:47:34.0532 1664  FltMgr - ok
20:47:34.0594 1664  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
20:47:34.0610 1664  FontCache - ok
20:47:34.0625 1664  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:47:34.0641 1664  FontCache3.0.0.0 - ok
20:47:34.0641 1664  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:47:34.0641 1664  FsDepends - ok
20:47:34.0672 1664  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:47:34.0672 1664  Fs_Rec - ok
20:47:34.0719 1664  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:47:34.0719 1664  fvevol - ok
20:47:34.0766 1664  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:47:34.0766 1664  gagp30kx - ok
20:47:34.0875 1664  GGSAFERDriver - ok
20:47:34.0906 1664  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:47:34.0906 1664  gpsvc - ok
20:47:34.0937 1664  [ A3F010D5DBFB589A3B3288C05C2EA3F9 ] ha20x2k         C:\Windows\system32\drivers\ha20x2k.sys
20:47:34.0969 1664  ha20x2k - ok
20:47:35.0000 1664  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
20:47:35.0000 1664  hamachi - ok
20:47:35.0015 1664  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:47:35.0015 1664  hcw85cir - ok
20:47:35.0062 1664  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:47:35.0062 1664  HdAudAddService - ok
20:47:35.0093 1664  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:47:35.0093 1664  HDAudBus - ok
20:47:35.0109 1664  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:47:35.0109 1664  HidBatt - ok
20:47:35.0125 1664  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:47:35.0125 1664  HidBth - ok
20:47:35.0140 1664  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:47:35.0140 1664  HidIr - ok
20:47:35.0156 1664  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:47:35.0156 1664  hidserv - ok
20:47:35.0187 1664  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:47:35.0187 1664  HidUsb - ok
20:47:35.0234 1664  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:47:35.0234 1664  hkmsvc - ok
20:47:35.0281 1664  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:47:35.0281 1664  HomeGroupListener - ok
20:47:35.0296 1664  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:47:35.0296 1664  HomeGroupProvider - ok
20:47:35.0312 1664  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:47:35.0312 1664  HpSAMD - ok
20:47:35.0343 1664  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:47:35.0359 1664  HTTP - ok
20:47:35.0359 1664  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:47:35.0359 1664  hwpolicy - ok
20:47:35.0405 1664  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:47:35.0405 1664  i8042prt - ok
20:47:35.0437 1664  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:47:35.0437 1664  iaStorV - ok
20:47:35.0468 1664  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:47:35.0483 1664  idsvc - ok
20:47:35.0499 1664  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:47:35.0515 1664  iirsp - ok
20:47:35.0530 1664  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:47:35.0546 1664  IKEEXT - ok
20:47:35.0561 1664  IntcAzAudAddService - ok
20:47:35.0593 1664  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:47:35.0593 1664  intelide - ok
20:47:35.0608 1664  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:47:35.0608 1664  intelppm - ok
20:47:35.0624 1664  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:47:35.0624 1664  IPBusEnum - ok
20:47:35.0639 1664  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:47:35.0639 1664  IpFilterDriver - ok
20:47:35.0671 1664  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:47:35.0686 1664  iphlpsvc - ok
20:47:35.0686 1664  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:47:35.0686 1664  IPMIDRV - ok
20:47:35.0702 1664  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:47:35.0702 1664  IPNAT - ok
20:47:35.0702 1664  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:47:35.0702 1664  IRENUM - ok
20:47:35.0717 1664  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:47:35.0717 1664  isapnp - ok
20:47:35.0749 1664  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:47:35.0749 1664  iScsiPrt - ok
20:47:35.0764 1664  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:47:35.0764 1664  kbdclass - ok
20:47:35.0764 1664  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:47:35.0764 1664  kbdhid - ok
20:47:35.0764 1664  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:47:35.0764 1664  KeyIso - ok
20:47:35.0795 1664  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:47:35.0795 1664  KSecDD - ok
20:47:35.0827 1664  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:47:35.0827 1664  KSecPkg - ok
20:47:35.0842 1664  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:47:35.0842 1664  ksthunk - ok
20:47:35.0858 1664  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:47:35.0858 1664  KtmRm - ok
20:47:35.0889 1664  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:47:35.0889 1664  LanmanServer - ok
20:47:35.0905 1664  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:47:35.0905 1664  LanmanWorkstation - ok
20:47:35.0936 1664  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:47:35.0936 1664  lltdio - ok
20:47:35.0951 1664  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:47:35.0951 1664  lltdsvc - ok
20:47:35.0967 1664  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:47:35.0967 1664  lmhosts - ok
20:47:35.0998 1664  LMIInfo - ok
20:47:36.0045 1664  [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
20:47:36.0045 1664  lmimirr - ok
20:47:36.0061 1664  LMIRfsClientNP - ok
20:47:36.0076 1664  [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
20:47:36.0076 1664  LMIRfsDriver - ok
20:47:36.0092 1664  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:47:36.0092 1664  LSI_FC - ok
20:47:36.0107 1664  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:47:36.0107 1664  LSI_SAS - ok
20:47:36.0107 1664  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:47:36.0123 1664  LSI_SAS2 - ok
20:47:36.0123 1664  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:47:36.0123 1664  LSI_SCSI - ok
20:47:36.0154 1664  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:47:36.0154 1664  luafv - ok
20:47:36.0185 1664  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:47:36.0185 1664  Mcx2Svc - ok
20:47:36.0185 1664  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:47:36.0201 1664  megasas - ok
20:47:36.0217 1664  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:47:36.0217 1664  MegaSR - ok
20:47:36.0217 1664  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:47:36.0217 1664  MMCSS - ok
20:47:36.0232 1664  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:47:36.0232 1664  Modem - ok
20:47:36.0232 1664  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:47:36.0232 1664  monitor - ok
20:47:36.0248 1664  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:47:36.0248 1664  mouclass - ok
20:47:36.0248 1664  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:47:36.0248 1664  mouhid - ok
20:47:36.0263 1664  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:47:36.0263 1664  mountmgr - ok
20:47:36.0341 1664  [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:47:36.0341 1664  MozillaMaintenance - ok
20:47:36.0388 1664  [ FC1D590039EF06A381768710E6C07E75 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
20:47:36.0404 1664  MpFilter - ok
20:47:36.0435 1664  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:47:36.0435 1664  mpio - ok
20:47:36.0435 1664  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:47:36.0435 1664  mpsdrv - ok
20:47:36.0482 1664  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:47:36.0482 1664  MpsSvc - ok
20:47:36.0513 1664  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:47:36.0529 1664  MRxDAV - ok
20:47:36.0560 1664  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:47:36.0560 1664  mrxsmb - ok
20:47:36.0575 1664  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:47:36.0575 1664  mrxsmb10 - ok
20:47:36.0607 1664  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:47:36.0607 1664  mrxsmb20 - ok
20:47:36.0638 1664  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:47:36.0653 1664  msahci - ok
20:47:36.0653 1664  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:47:36.0653 1664  msdsm - ok
20:47:36.0669 1664  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:47:36.0685 1664  MSDTC - ok
20:47:36.0685 1664  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:47:36.0685 1664  Msfs - ok
20:47:36.0700 1664  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:47:36.0700 1664  mshidkmdf - ok
20:47:36.0716 1664  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:47:36.0716 1664  msisadrv - ok
20:47:36.0731 1664  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:47:36.0747 1664  MSiSCSI - ok
20:47:36.0747 1664  msiserver - ok
20:47:36.0778 1664  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:47:36.0778 1664  MSKSSRV - ok
20:47:36.0887 1664  [ 66238063B53E51ADDA16764BAB9A3F7C ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:47:36.0887 1664  MsMpSvc - ok
20:47:36.0903 1664  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:47:36.0903 1664  MSPCLOCK - ok
20:47:36.0919 1664  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:47:36.0919 1664  MSPQM - ok
20:47:36.0950 1664  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:47:36.0950 1664  MsRPC - ok
20:47:36.0965 1664  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:47:36.0965 1664  mssmbios - ok
20:47:36.0981 1664  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:47:36.0981 1664  MSTEE - ok
20:47:36.0981 1664  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:47:36.0981 1664  MTConfig - ok
20:47:37.0028 1664  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:47:37.0028 1664  Mup - ok
20:47:37.0043 1664  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:47:37.0059 1664  napagent - ok
20:47:37.0090 1664  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:47:37.0106 1664  NativeWifiP - ok
20:47:37.0137 1664  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:47:37.0137 1664  NDIS - ok
20:47:37.0153 1664  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:47:37.0153 1664  NdisCap - ok
20:47:37.0184 1664  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:47:37.0184 1664  NdisTapi - ok
20:47:37.0231 1664  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:47:37.0231 1664  Ndisuio - ok
20:47:37.0262 1664  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:47:37.0262 1664  NdisWan - ok
20:47:37.0293 1664  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:47:37.0293 1664  NDProxy - ok
20:47:37.0293 1664  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:47:37.0293 1664  NetBIOS - ok
20:47:37.0309 1664  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:47:37.0309 1664  NetBT - ok
20:47:37.0324 1664  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:47:37.0324 1664  Netlogon - ok
20:47:37.0355 1664  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:47:37.0355 1664  Netman - ok
20:47:37.0387 1664  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:47:37.0433 1664  NetMsmqActivator - ok
20:47:37.0465 1664  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:47:37.0465 1664  NetPipeActivator - ok
20:47:37.0465 1664  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:47:37.0480 1664  netprofm - ok
20:47:37.0480 1664  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:47:37.0480 1664  NetTcpActivator - ok
20:47:37.0480 1664  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:47:37.0480 1664  NetTcpPortSharing - ok
20:47:37.0511 1664  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:47:37.0511 1664  nfrd960 - ok
20:47:37.0558 1664  [ 8FB3C853E886E1E4D57271672486111C ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:47:37.0558 1664  NisDrv - ok
20:47:37.0574 1664  [ 869A808253726EA11939EC4FE76346A4 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
20:47:37.0574 1664  NisSrv - ok
20:47:37.0605 1664  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:47:37.0605 1664  NlaSvc - ok
20:47:37.0605 1664  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:47:37.0605 1664  Npfs - ok
20:47:37.0621 1664  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:47:37.0621 1664  nsi - ok
20:47:37.0621 1664  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:47:37.0621 1664  nsiproxy - ok
20:47:37.0667 1664  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:47:37.0699 1664  Ntfs - ok
20:47:37.0699 1664  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:47:37.0699 1664  Null - ok
20:47:37.0745 1664  [ 10204955027011E08A9DC27737A48A54 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
20:47:37.0745 1664  NVHDA - ok
20:47:37.0901 1664  [ 7A711D08F1FD1AB8149B6199F84A0EB7 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:47:38.0042 1664  nvlddmkm - ok
20:47:38.0042 1664  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:47:38.0042 1664  nvraid - ok
20:47:38.0073 1664  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:47:38.0073 1664  nvstor - ok
20:47:38.0135 1664  [ B9F3591981D761A5CA1D24C369764D96 ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:47:38.0151 1664  nvsvc - ok
20:47:38.0151 1664  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:47:38.0151 1664  nv_agp - ok
20:47:38.0229 1664  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:47:38.0229 1664  odserv - ok
20:47:38.0245 1664  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:47:38.0245 1664  ohci1394 - ok
20:47:38.0291 1664  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:47:38.0291 1664  ose - ok
20:47:38.0323 1664  [ 0E2DE427EBE106E7E5B52869D5C99F68 ] ossrv           C:\Windows\system32\drivers\ctoss2k.sys
20:47:38.0323 1664  ossrv - ok
20:47:38.0338 1664  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:47:38.0338 1664  p2pimsvc - ok
20:47:38.0369 1664  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:47:38.0369 1664  p2psvc - ok
20:47:38.0401 1664  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:47:38.0416 1664  Parport - ok
20:47:38.0432 1664  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:47:38.0447 1664  partmgr - ok
20:47:38.0447 1664  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:47:38.0463 1664  PcaSvc - ok
20:47:38.0463 1664  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:47:38.0463 1664  pci - ok
20:47:38.0494 1664  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:47:38.0494 1664  pciide - ok
20:47:38.0494 1664  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:47:38.0494 1664  pcmcia - ok
20:47:38.0510 1664  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:47:38.0510 1664  pcw - ok
20:47:38.0525 1664  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:47:38.0525 1664  PEAUTH - ok
20:47:38.0572 1664  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
20:47:38.0588 1664  PeerDistSvc - ok
20:47:38.0635 1664  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:47:38.0635 1664  PerfHost - ok
20:47:38.0697 1664  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:47:38.0713 1664  pla - ok
20:47:38.0759 1664  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:47:38.0759 1664  PlugPlay - ok
20:47:38.0791 1664  PnkBstrA - ok
20:47:38.0822 1664  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:47:38.0822 1664  PNRPAutoReg - ok
20:47:38.0837 1664  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:47:38.0837 1664  PNRPsvc - ok
20:47:38.0853 1664  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:47:38.0853 1664  PolicyAgent - ok
20:47:38.0869 1664  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:47:38.0869 1664  Power - ok
20:47:38.0915 1664  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:47:38.0915 1664  PptpMiniport - ok
20:47:38.0931 1664  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:47:38.0931 1664  Processor - ok
20:47:38.0978 1664  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:47:38.0978 1664  ProfSvc - ok
20:47:38.0993 1664  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:47:38.0993 1664  ProtectedStorage - ok
20:47:39.0040 1664  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:47:39.0040 1664  Psched - ok
20:47:39.0071 1664  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:47:39.0103 1664  ql2300 - ok
20:47:39.0118 1664  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:47:39.0118 1664  ql40xx - ok
20:47:39.0134 1664  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:47:39.0149 1664  QWAVE - ok
20:47:39.0149 1664  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:47:39.0149 1664  QWAVEdrv - ok
20:47:39.0165 1664  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:47:39.0165 1664  RasAcd - ok
20:47:39.0196 1664  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:47:39.0196 1664  RasAgileVpn - ok
20:47:39.0212 1664  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:47:39.0212 1664  RasAuto - ok
20:47:39.0227 1664  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:47:39.0227 1664  Rasl2tp - ok
20:47:39.0243 1664  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:47:39.0243 1664  RasMan - ok
20:47:39.0259 1664  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:47:39.0259 1664  RasPppoe - ok
20:47:39.0274 1664  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:47:39.0274 1664  RasSstp - ok
20:47:39.0290 1664  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:47:39.0290 1664  rdbss - ok
20:47:39.0290 1664  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:47:39.0290 1664  rdpbus - ok
20:47:39.0305 1664  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:47:39.0305 1664  RDPCDD - ok
20:47:39.0321 1664  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
20:47:39.0321 1664  RDPDR - ok
20:47:39.0337 1664  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:47:39.0337 1664  RDPENCDD - ok
20:47:39.0337 1664  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:47:39.0337 1664  RDPREFMP - ok
20:47:39.0383 1664  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:47:39.0399 1664  RdpVideoMiniport - ok
20:47:39.0430 1664  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:47:39.0430 1664  RDPWD - ok
20:47:39.0430 1664  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:47:39.0446 1664  rdyboost - ok
20:47:39.0461 1664  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:47:39.0461 1664  RemoteAccess - ok
20:47:39.0477 1664  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:47:39.0477 1664  RemoteRegistry - ok
20:47:39.0477 1664  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:47:39.0477 1664  RpcEptMapper - ok
20:47:39.0493 1664  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:47:39.0493 1664  RpcLocator - ok
20:47:39.0524 1664  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:47:39.0524 1664  RpcSs - ok
20:47:39.0539 1664  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:47:39.0539 1664  rspndr - ok
20:47:39.0571 1664  [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:47:39.0571 1664  RTL8167 - ok
20:47:39.0602 1664  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
20:47:39.0602 1664  s3cap - ok
20:47:39.0602 1664  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:47:39.0602 1664  SamSs - ok
20:47:39.0633 1664  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:47:39.0633 1664  sbp2port - ok
20:47:39.0758 1664  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:47:39.0773 1664  SBSDWSCService - ok
20:47:39.0773 1664  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:47:39.0773 1664  SCardSvr - ok
20:47:39.0805 1664  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:47:39.0805 1664  scfilter - ok
20:47:39.0836 1664  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:47:39.0851 1664  Schedule - ok
20:47:39.0867 1664  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:47:39.0867 1664  SCPolicySvc - ok
20:47:39.0898 1664  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:47:39.0898 1664  SDRSVC - ok
20:47:39.0914 1664  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:47:39.0914 1664  secdrv - ok
20:47:39.0914 1664  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:47:39.0929 1664  seclogon - ok
20:47:39.0929 1664  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:47:39.0929 1664  SENS - ok
20:47:39.0929 1664  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:47:39.0945 1664  SensrSvc - ok
20:47:39.0945 1664  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:47:39.0945 1664  Serenum - ok
20:47:39.0961 1664  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:47:39.0961 1664  Serial - ok
20:47:39.0976 1664  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:47:39.0976 1664  sermouse - ok
20:47:39.0992 1664  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:47:39.0992 1664  SessionEnv - ok
20:47:40.0007 1664  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:47:40.0007 1664  sffdisk - ok
20:47:40.0007 1664  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:47:40.0023 1664  sffp_mmc - ok
20:47:40.0023 1664  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:47:40.0023 1664  sffp_sd - ok
20:47:40.0023 1664  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:47:40.0023 1664  sfloppy - ok
20:47:40.0039 1664  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:47:40.0054 1664  SharedAccess - ok
20:47:40.0085 1664  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:47:40.0085 1664  ShellHWDetection - ok
20:47:40.0117 1664  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:47:40.0117 1664  SiSRaid2 - ok
20:47:40.0132 1664  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:47:40.0132 1664  SiSRaid4 - ok
20:47:40.0179 1664  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:47:40.0179 1664  SkypeUpdate - ok
20:47:40.0210 1664  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:47:40.0210 1664  Smb - ok
20:47:40.0226 1664  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:47:40.0226 1664  SNMPTRAP - ok
20:47:40.0241 1664  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:47:40.0241 1664  spldr - ok
20:47:40.0273 1664  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:47:40.0273 1664  Spooler - ok
20:47:40.0351 1664  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:47:40.0397 1664  sppsvc - ok
20:47:40.0413 1664  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:47:40.0413 1664  sppuinotify - ok
20:47:40.0444 1664  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:47:40.0444 1664  srv - ok
20:47:40.0475 1664  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:47:40.0475 1664  srv2 - ok
20:47:40.0507 1664  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:47:40.0507 1664  srvnet - ok
20:47:40.0553 1664  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
20:47:40.0569 1664  ssadbus - ok
20:47:40.0600 1664  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
20:47:40.0600 1664  ssadmdfl - ok
20:47:40.0631 1664  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
20:47:40.0631 1664  ssadmdm - ok
20:47:40.0663 1664  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:47:40.0663 1664  SSDPSRV - ok
20:47:40.0678 1664  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:47:40.0678 1664  SstpSvc - ok
20:47:40.0741 1664  [ DAA02A6E84A4F99B5B9CD3EF8D59D652 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
20:47:40.0741 1664  ssudmdm - ok
20:47:40.0803 1664  [ 3DBF9D2E5DE3A72B37AB27ABB79FEE69 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
20:47:40.0803 1664  Steam Client Service - ok
20:47:40.0819 1664  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:47:40.0819 1664  stexstor - ok
20:47:40.0850 1664  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:47:40.0850 1664  stisvc - ok
20:47:40.0912 1664  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
20:47:40.0912 1664  storflt - ok
20:47:40.0928 1664  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
20:47:40.0928 1664  StorSvc - ok
20:47:40.0943 1664  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
20:47:40.0943 1664  storvsc - ok
20:47:40.0959 1664  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:47:40.0959 1664  swenum - ok
20:47:40.0975 1664  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:47:40.0975 1664  swprv - ok
20:47:41.0037 1664  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:47:41.0053 1664  SysMain - ok
20:47:41.0099 1664  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:47:41.0099 1664  TabletInputService - ok
20:47:41.0131 1664  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:47:41.0131 1664  TapiSrv - ok
20:47:41.0146 1664  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:47:41.0146 1664  TBS - ok
20:47:41.0193 1664  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:47:41.0224 1664  Tcpip - ok
20:47:41.0271 1664  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:47:41.0271 1664  TCPIP6 - ok
20:47:41.0302 1664  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:47:41.0302 1664  tcpipreg - ok
20:47:41.0318 1664  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:47:41.0318 1664  TDPIPE - ok
20:47:41.0349 1664  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:47:41.0349 1664  TDTCP - ok
20:47:41.0365 1664  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:47:41.0365 1664  tdx - ok
20:47:41.0365 1664  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:47:41.0365 1664  TermDD - ok
20:47:41.0380 1664  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:47:41.0380 1664  TermService - ok
20:47:41.0396 1664  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:47:41.0396 1664  Themes - ok
20:47:41.0411 1664  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:47:41.0411 1664  THREADORDER - ok
20:47:41.0427 1664  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:47:41.0427 1664  TrkWks - ok
20:47:41.0474 1664  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:47:41.0474 1664  TrustedInstaller - ok
20:47:41.0474 1664  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:47:41.0474 1664  tssecsrv - ok
20:47:41.0536 1664  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:47:41.0536 1664  TsUsbFlt - ok
20:47:41.0567 1664  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:47:41.0567 1664  tunnel - ok
20:47:41.0583 1664  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:47:41.0583 1664  uagp35 - ok
20:47:41.0599 1664  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:47:41.0614 1664  udfs - ok
20:47:41.0630 1664  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:47:41.0630 1664  UI0Detect - ok
20:47:41.0630 1664  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:47:41.0630 1664  uliagpkx - ok
20:47:41.0661 1664  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
20:47:41.0661 1664  umbus - ok
20:47:41.0677 1664  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:47:41.0677 1664  UmPass - ok
20:47:41.0677 1664  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
20:47:41.0692 1664  UmRdpService - ok
20:47:41.0708 1664  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:47:41.0708 1664  upnphost - ok
20:47:41.0739 1664  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:47:41.0739 1664  usbaudio - ok
20:47:41.0770 1664  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:47:41.0770 1664  usbccgp - ok
20:47:41.0770 1664  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:47:41.0770 1664  usbcir - ok
20:47:41.0786 1664  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:47:41.0786 1664  usbehci - ok
20:47:41.0786 1664  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:47:41.0786 1664  usbhub - ok
20:47:41.0801 1664  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:47:41.0801 1664  usbohci - ok
20:47:41.0833 1664  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:47:41.0833 1664  usbprint - ok
20:47:41.0864 1664  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:47:41.0864 1664  usbscan - ok
20:47:41.0879 1664  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:47:41.0879 1664  USBSTOR - ok
20:47:41.0895 1664  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:47:41.0895 1664  usbuhci - ok
20:47:41.0895 1664  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:47:41.0895 1664  UxSms - ok
20:47:41.0911 1664  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:47:41.0911 1664  VaultSvc - ok
20:47:41.0911 1664  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:47:41.0911 1664  vdrvroot - ok
20:47:41.0926 1664  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:47:41.0926 1664  vds - ok
20:47:41.0942 1664  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:47:41.0942 1664  vga - ok
20:47:41.0957 1664  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:47:41.0957 1664  VgaSave - ok
20:47:41.0957 1664  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:47:41.0973 1664  vhdmp - ok
20:47:41.0989 1664  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:47:41.0989 1664  viaide - ok
20:47:42.0004 1664  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
20:47:42.0004 1664  vmbus - ok
20:47:42.0020 1664  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
20:47:42.0020 1664  VMBusHID - ok
20:47:42.0035 1664  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:47:42.0035 1664  volmgr - ok
20:47:42.0082 1664  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:47:42.0082 1664  volmgrx - ok
20:47:42.0098 1664  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:47:42.0098 1664  volsnap - ok
20:47:42.0145 1664  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:47:42.0145 1664  vsmraid - ok
20:47:42.0191 1664  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:47:42.0207 1664  VSS - ok
20:47:42.0223 1664  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:47:42.0223 1664  vwifibus - ok
20:47:42.0238 1664  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:47:42.0238 1664  W32Time - ok
20:47:42.0254 1664  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:47:42.0254 1664  WacomPen - ok
20:47:42.0269 1664  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:47:42.0269 1664  WANARP - ok
20:47:42.0269 1664  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:47:42.0269 1664  Wanarpv6 - ok
20:47:42.0316 1664  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:47:42.0332 1664  WatAdminSvc - ok
20:47:42.0363 1664  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:47:42.0379 1664  wbengine - ok
20:47:42.0394 1664  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:47:42.0394 1664  WbioSrvc - ok
20:47:42.0410 1664  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:47:42.0410 1664  wcncsvc - ok
20:47:42.0425 1664  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:47:42.0425 1664  WcsPlugInService - ok
20:47:42.0425 1664  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:47:42.0425 1664  Wd - ok
20:47:42.0472 1664  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:47:42.0488 1664  Wdf01000 - ok
20:47:42.0503 1664  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:47:42.0503 1664  WdiServiceHost - ok
20:47:42.0503 1664  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:47:42.0503 1664  WdiSystemHost - ok
20:47:42.0535 1664  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:47:42.0535 1664  WebClient - ok
20:47:42.0550 1664  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:47:42.0550 1664  Wecsvc - ok
20:47:42.0566 1664  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:47:42.0566 1664  wercplsupport - ok
20:47:42.0581 1664  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:47:42.0581 1664  WerSvc - ok
20:47:42.0581 1664  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:47:42.0581 1664  WfpLwf - ok
20:47:42.0581 1664  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:47:42.0581 1664  WIMMount - ok
20:47:42.0613 1664  WinDefend - ok
20:47:42.0613 1664  WinHttpAutoProxySvc - ok
20:47:42.0644 1664  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:47:42.0644 1664  Winmgmt - ok
20:47:42.0691 1664  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:47:42.0722 1664  WinRM - ok
20:47:42.0784 1664  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:47:42.0784 1664  WinUsb - ok
20:47:42.0800 1664  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:47:42.0815 1664  Wlansvc - ok
20:47:42.0893 1664  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:47:42.0925 1664  wlidsvc - ok
20:47:42.0971 1664  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:47:42.0971 1664  WmiAcpi - ok
20:47:43.0003 1664  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:47:43.0018 1664  wmiApSrv - ok
20:47:43.0018 1664  WMPNetworkSvc - ok
20:47:43.0034 1664  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:47:43.0034 1664  WPCSvc - ok
20:47:43.0049 1664  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:47:43.0049 1664  WPDBusEnum - ok
20:47:43.0065 1664  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:47:43.0065 1664  ws2ifsl - ok
20:47:43.0065 1664  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:47:43.0081 1664  wscsvc - ok
20:47:43.0081 1664  WSearch - ok
20:47:43.0127 1664  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:47:43.0159 1664  wuauserv - ok
20:47:43.0190 1664  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:47:43.0190 1664  WudfPf - ok
20:47:43.0205 1664  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:47:43.0205 1664  WUDFRd - ok
20:47:43.0205 1664  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:47:43.0221 1664  wudfsvc - ok
20:47:43.0237 1664  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:47:43.0237 1664  WwanSvc - ok
20:47:43.0283 1664  [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
20:47:43.0283 1664  xusb21 - ok
20:47:43.0299 1664  ================ Scan global ===============================
20:47:43.0330 1664  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:47:43.0361 1664  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:47:43.0361 1664  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:47:43.0377 1664  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:47:43.0393 1664  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:47:43.0393 1664  [Global] - ok
20:47:43.0393 1664  ================ Scan MBR ==================================
20:47:43.0408 1664  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:47:43.0533 1664  \Device\Harddisk0\DR0 - ok
20:47:43.0533 1664  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
20:47:43.0533 1664  \Device\Harddisk1\DR1 - ok
20:47:43.0533 1664  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR3
20:47:43.0533 1664  \Device\Harddisk2\DR3 - ok
20:47:43.0533 1664  ================ Scan VBR ==================================
20:47:43.0549 1664  [ 0486E6C2837043A6EB3AAF3BF851632E ] \Device\Harddisk0\DR0\Partition1
20:47:43.0549 1664  \Device\Harddisk0\DR0\Partition1 - ok
20:47:43.0549 1664  [ AB4643AFAC6D32AAF4360B5B34879184 ] \Device\Harddisk0\DR0\Partition2
20:47:43.0549 1664  \Device\Harddisk0\DR0\Partition2 - ok
20:47:43.0564 1664  [ E0384F02BB24B4724D20B54478813479 ] \Device\Harddisk0\DR0\Partition3
20:47:43.0580 1664  \Device\Harddisk0\DR0\Partition3 - ok
20:47:43.0580 1664  [ 16548327C98CB8490722490012631329 ] \Device\Harddisk1\DR1\Partition1
20:47:43.0580 1664  \Device\Harddisk1\DR1\Partition1 - ok
20:47:43.0580 1664  [ 6C02D498C4C47FAADBB4D483A902191D ] \Device\Harddisk2\DR3\Partition1
20:47:43.0580 1664  \Device\Harddisk2\DR3\Partition1 - ok
20:47:43.0580 1664  ============================================================
20:47:43.0580 1664  Scan finished
20:47:43.0580 1664  ============================================================
20:47:43.0580 1656  Detected object count: 0
20:47:43.0580 1656  Actual detected object count: 0
20:47:56.0419 1540  Deinitialize success
 

And here's my AdwCleaner log:

 

# AdwCleaner v3.003 - Report created 19/09/2013 at 20:49:48
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Isneyki - ISNEYKI-PC
# Running from : G:\Snickcrash\Fixers\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\ProgramData\Trymedia
Folder Found C:\Users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\jetpack

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : [x64] HKCU\Software\APN PIP
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Found : HKLM\Software\PIP
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2238 octets] - [19/09/2013 20:48:00]
AdwCleaner[R1].txt - [2154 octets] - [19/09/2013 20:49:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2214 octets] ##########
 

 

 

Does anything look amiss, or should I be worry free (for now?)



#5 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:11 AM

Posted 19 September 2013 - 08:00 AM

Hi,
 
Looks like we have some work to do but from what I am seeing right now it is nothing terrible.   :)
 
81mYIKe.jpgAdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------
 
ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#6 SnickDroid

SnickDroid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 19 September 2013 - 08:52 AM

Does what I have look serious? I turned off the broken machine for a while, and then it failed to even boot up. I removed the monitor connector and restarted a couple of times then it booted up fine again. I'm not sure if it's coincidence, or what though. Also, when I'm done with the scans, I can delete all the folders these programs create into my C: drive, right?

 

Anyway, here's my AdwCleaner log:

# AdwCleaner v3.003 - Report created 19/09/2013 at 21:28:24
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Isneyki - ISNEYKI-PC
# Running from : C:\Users\Isneyki\Desktop\Fixers\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\jetpack

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2238 octets] - [19/09/2013 20:48:00]
AdwCleaner[R1].txt - [2298 octets] - [19/09/2013 20:49:48]
AdwCleaner[R2].txt - [2369 octets] - [19/09/2013 21:27:38]
AdwCleaner[S0].txt - [2285 octets] - [19/09/2013 21:28:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2345 octets] ##########
 

 

And then my ComboFix.txt:

ComboFix 13-09-13.01 - Isneyki 09/19/2013  21:36:54.1.4 - x64 MINIMAL
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8174.6742 [GMT 8:00]
Running from: c:\users\Isneyki\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Isneyki\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-19 to 2013-09-19  )))))))))))))))))))))))))))))))
.
.
2013-09-19 13:41 . 2013-09-19 13:41    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-09-19 13:41 . 2013-09-19 13:41    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-19 12:47 . 2013-09-19 13:28    --------    d-----w-    C:\AdwCleaner
2013-09-13 07:20 . 2013-08-06 08:58    9515512    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54B6A8B5-F65F-4E32-AAC5-159942D4DA82}\mpengine.dll
2013-09-08 15:11 . 2013-08-06 08:58    9515512    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-06 03:17 . 2013-09-06 03:17    965008    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A089934-4A8C-4DA3-B620-84B1B65FAE35}\gapaengine.dll
2013-09-05 14:06 . 2013-09-05 14:06    --------    d--h--w-    c:\program files (x86)\Common Files\EAInstaller
2013-09-03 07:38 . 2013-09-03 07:38    --------    d-----w-    c:\users\Isneyki\AppData\Roaming\Trine2
2013-08-29 07:25 . 2013-09-03 06:04    --------    d-----w-    c:\program files (x86)\Origin Games
2013-08-29 07:21 . 2013-09-01 11:12    --------    d-----w-    c:\users\Isneyki\AppData\Roaming\Origin
2013-08-29 07:21 . 2013-09-08 14:02    --------    d-----w-    c:\users\Isneyki\AppData\Local\Origin
2013-08-29 07:13 . 2013-09-08 14:36    --------    d-----w-    c:\programdata\Origin
2013-08-29 07:13 . 2013-09-08 14:02    --------    d-----w-    c:\programdata\Electronic Arts
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-23 16:40 . 2012-02-11 02:39    941720    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-14 16:12 . 2011-10-23 03:33    78161360    ----a-w-    c:\windows\system32\MRT.exe
2013-07-25 09:25 . 2013-08-14 15:15    1888768    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 15:15    1620992    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-07-24 13:40 . 2013-08-14 15:15    1188864    ----a-w-    c:\windows\system32\wininet.dll
2013-07-24 13:40 . 2013-08-14 15:15    1493504    ----a-w-    c:\windows\system32\urlmon.dll
2013-07-24 13:40 . 2013-08-14 15:15    134144    ----a-w-    c:\windows\system32\url.dll
2013-07-24 13:40 . 2013-08-14 15:15    9065472    ----a-w-    c:\windows\system32\mshtml.dll
2013-07-24 13:40 . 2013-08-14 15:15    97792    ----a-w-    c:\windows\system32\mshtmled.dll
2013-07-24 13:40 . 2013-08-14 15:15    735232    ----a-w-    c:\windows\system32\msfeeds.dll
2013-07-24 13:40 . 2013-08-14 15:15    12295680    ----a-w-    c:\windows\system32\ieframe.dll
2013-07-24 13:40 . 2013-08-14 15:15    247808    ----a-w-    c:\windows\system32\ieui.dll
2013-07-24 13:40 . 2013-08-14 15:15    2458112    ----a-w-    c:\windows\system32\iertutil.dll
2013-07-24 13:40 . 2013-08-14 15:15    65024    ----a-w-    c:\windows\system32\jsproxy.dll
2013-07-24 13:14 . 2013-08-14 15:15    981504    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-07-24 11:43 . 2013-08-14 15:15    1638912    ----a-w-    c:\windows\system32\mshtml.tlb
2013-07-24 11:23 . 2013-08-14 15:15    1638912    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-07-23 12:09 . 2013-07-23 12:09    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-23 12:09 . 2013-07-23 12:09    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-19 01:58 . 2013-08-14 15:15    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 15:15    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-07-09 06:03 . 2013-08-14 15:15    5550528    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-07-09 05:54 . 2013-08-14 15:15    1732032    ----a-w-    c:\windows\system32\ntdll.dll
2013-07-09 05:53 . 2013-08-14 15:15    243712    ----a-w-    c:\windows\system32\wow64.dll
2013-07-09 05:52 . 2013-08-14 15:15    224256    ----a-w-    c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 15:15    1217024    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 15:15    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 15:15    1472512    ----a-w-    c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 15:15    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-07-09 05:03 . 2013-08-14 15:15    3913664    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-07-09 05:03 . 2013-08-14 15:15    3968960    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-07-09 04:53 . 2013-08-14 15:15    1292192    ----a-w-    c:\windows\SysWow64\ntdll.dll
2013-07-09 04:52 . 2013-08-14 15:15    663552    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 15:15    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-07-09 04:52 . 2013-08-14 15:15    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 15:15    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 15:15    1166848    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 15:15    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-07-09 04:45 . 2013-08-14 15:15    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-07-09 02:49 . 2013-08-14 15:15    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-07-09 02:49 . 2013-08-14 15:15    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-07-09 02:49 . 2013-08-14 15:15    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-07-09 02:49 . 2013-08-14 15:15    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-07-06 06:03 . 2013-08-14 15:15    1910208    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-06-23 12:06 . 2013-06-23 12:06    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-23 12:06 . 2012-08-01 03:02    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-06-23 12:06 . 2012-08-01 03:02    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\Isneyki\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\Isneyki\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\Isneyki\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GarenaPlus"="c:\games\Garena Plus\GarenaMessenger.exe" [2013-09-05 9846576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\games\Garena Plus\Room\safedrv.sys;c:\games\Garena Plus\Room\safedrv.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
.
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-23 12:09]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4283704451-627482032-2372678378-1000Core.job
- c:\users\Isneyki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 11:23]
.
2013-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4283704451-627482032-2372678378-1000UA.job
- c:\users\Isneyki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 11:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\Isneyki\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\Isneyki\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\Isneyki\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\Isneyki\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.10.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\
FF - ExtSQL: 2013-09-01 00:40; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-09-01 00:40; firefox@ghostery.com; c:\users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\extensions\firefox@ghostery.com.xpi
FF - ExtSQL: 2013-09-01 00:41; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-09-01 00:41; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-19  21:44:02
ComboFix-quarantined-files.txt  2013-09-19 13:44
.
Pre-Run: 161,183,178,752 bytes free
Post-Run: 161,041,252,352 bytes free
.
- - End Of File - - 911FA091FA2A10A3458F1CCB47EA4C3E
A36C5E4F47E84449FF07ED3517B43A31
 



#7 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:11 AM

Posted 19 September 2013 - 09:00 AM

Does what I have look serious? I turned off the broken machine for a while, and then it failed to even boot up. I removed the monitor connector and restarted a couple of times then it booted up fine again. I'm not sure if it's coincidence, or what though.

Does not seem to be no.   :)  I think this was just coincidence.  
 
Although I would like to take a look with a different tool...
 
ttLR1ki.jpg

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#8 SnickDroid

SnickDroid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 19 September 2013 - 09:29 AM

Could I risk infecting other computers? I'm using a flashdisk to transfer the logs to the infected machine; I'm afraid to connect the main computer to the internet. Anyway here's the OTL log:

 

OTL logfile created on: 9/19/2013 10:14:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = G:\Snickcrash\Fixers
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.98 Gb Total Physical Memory | 6.71 Gb Available Physical Memory | 84.00% Memory free
15.96 Gb Paging File | 14.72 Gb Available in Paging File | 92.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 390.53 Gb Total Space | 150.12 Gb Free Space | 38.44% Space Free | Partition Type: NTFS
Drive E: | 540.89 Gb Total Space | 118.77 Gb Free Space | 21.96% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 146.35 Gb Free Space | 31.42% Space Free | Partition Type: NTFS
Drive G: | 14.90 Gb Total Space | 4.68 Gb Free Space | 31.44% Space Free | Partition Type: FAT32
 
Computer Name: ISNEYKI-PC | User Name: Isneyki | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\Snickcrash\Fixers\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (1394hub) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@raidcall.com/RCplugin: C:\Users\Isneyki\AppData\LocalLow\raidcall\plugins\webplugin_en.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Isneyki\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@raidcall.kr/RCplugin: C:\Users\Isneyki\AppData\Roaming\RCKR\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Games\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Isneyki\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Isneyki\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Isneyki\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/10/18 17:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isneyki\AppData\Roaming\Mozilla\Extensions
[2013/09/01 00:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\extensions
[2013/09/01 00:41:45 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/08/22 01:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\gosc7lgk.default-1362362325187\extensions
[2013/08/22 01:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\gosc7lgk.default-1362362325187\extensions\firefox@ghostery.com
[2013/09/01 00:40:59 | 001,314,979 | ---- | M] () (No name found) -- C:\Users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\extensions\firefox@ghostery.com.xpi
[2013/09/01 00:41:45 | 000,534,203 | ---- | M] () (No name found) -- C:\Users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/09/01 00:40:46 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/08/22 02:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/22 02:25:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\PepperFlash\11.8.800.97\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Isneyki\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Isneyki\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Garena Talk Plugin (Disabled) = C:\Games\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Isneyki\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Raidcall plugin (Disabled) = C:\Users\Isneyki\AppData\LocalLow\raidcall\plugins\webplugin_en.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Isneyki\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Raidcall plugin (Disabled) = C:\Users\Isneyki\AppData\Roaming\RCKR\plugins\nprcplugin.dll
CHR - plugin: Raidcall plugin (Disabled) = C:\Users\Isneyki\AppData\Roaming\raidcall\plugins\nprcplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Entanglement Web App = C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
CHR - Extension: AdBlock = C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0\
CHR - Extension: TweetDeck by Twitter = C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.2.5_0\
CHR - Extension: Classic = C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\
CHR - Extension: Evernote Web = C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Poppit = C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Currently = C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhmphdkpgbibohbnpbfiefkgieacjmh\2.6.0_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.20_0\
 
O1 HOSTS File: ([2012/02/21 19:56:12 | 000,441,346 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    www.123fporn.info
O1 - Hosts: 15167 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [GarenaPlus] C:\Games\Garena Plus\GarenaMessenger.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{433202D7-C2CA-4FD4-AC99-E25F7DBEBD81}: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/19 21:44:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/19 21:44:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/09/19 21:35:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/09/19 21:35:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/09/19 21:35:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/09/19 21:33:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/19 21:33:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/09/19 21:33:35 | 005,125,578 | R--- | C] (Swearware) -- C:\Users\Isneyki\Desktop\ComboFix.exe
[2013/09/19 21:27:11 | 000,000,000 | ---D | C] -- C:\Users\Isneyki\Desktop\Fixers
[2013/09/19 20:47:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/13 16:29:42 | 000,000,000 | ---D | C] -- C:\Users\Isneyki\Desktop\LocaleMetaData
[2013/09/08 20:32:18 | 000,000,000 | ---D | C] -- C:\Users\Isneyki\Documents\Telltale Games
[2013/09/05 22:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Space 3
[2013/09/05 22:06:03 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013/09/03 15:38:13 | 000,000,000 | ---D | C] -- C:\Users\Isneyki\AppData\Roaming\Trine2
[2013/08/29 15:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013/08/29 15:21:17 | 000,000,000 | ---D | C] -- C:\Users\Isneyki\AppData\Roaming\Origin
[2013/08/29 15:21:16 | 000,000,000 | ---D | C] -- C:\Users\Isneyki\AppData\Local\Origin
[2013/08/29 15:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013/08/29 15:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013/08/28 18:20:40 | 000,000,000 | ---D | C] -- C:\Users\Isneyki\Desktop\BF3 OST
[2013/08/28 18:05:50 | 000,000,000 | ---D | C] -- C:\Users\Isneyki\Desktop\Sims 3 OST
[2013/08/24 21:42:13 | 000,000,000 | ---D | C] -- C:\Users\Isneyki\Desktop\teamsched
[2013/08/22 02:25:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/19 22:10:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/19 22:10:38 | 2133,573,631 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/19 21:31:35 | 000,061,352 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000007-00000000-00000000-00001102-00000005-00311102}.rfx
[2013/09/19 21:31:35 | 000,061,352 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000007-00000000-00000000-00001102-00000005-00311102}.rfx
[2013/09/19 21:31:35 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000007-00000000-00000000-00001102-00000005-00311102}.rfx
[2013/09/19 21:25:03 | 329,594,700 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/14 01:33:54 | 005,125,578 | R--- | M] (Swearware) -- C:\Users\Isneyki\Desktop\ComboFix.exe
[2013/09/13 16:29:39 | 021,041,152 | ---- | M] () -- C:\Users\Isneyki\Desktop\Crash_event.evtx
[2013/09/12 00:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/12 00:05:40 | 000,013,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/12 00:05:40 | 000,013,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/11 12:24:27 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/11 12:24:27 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/11 12:24:27 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/11 11:41:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4283704451-627482032-2372678378-1000UA.job
[2013/09/08 19:41:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4283704451-627482032-2372678378-1000Core.job
[2013/09/05 22:06:05 | 000,001,211 | ---- | M] () -- C:\Users\Public\Desktop\Dead Space 3.lnk
[2013/08/29 15:13:35 | 000,000,691 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/08/23 00:34:13 | 000,007,608 | ---- | M] () -- C:\Users\Isneyki\AppData\Local\Resmon.ResmonCfg
[2013/08/21 18:43:39 | 054,252,893 | ---- | M] () -- C:\Users\Isneyki\Documents\Diablo III_ Reaper of Souls Opening Cinematic - YouTube [720p].mp4
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/19 21:35:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/19 21:35:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/19 21:35:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/19 21:35:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/19 21:35:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/09/19 21:25:03 | 329,594,700 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/09/13 16:29:26 | 021,041,152 | ---- | C] () -- C:\Users\Isneyki\Desktop\Crash_event.evtx
[2013/09/05 22:06:05 | 000,001,211 | ---- | C] () -- C:\Users\Public\Desktop\Dead Space 3.lnk
[2013/08/29 15:13:35 | 000,000,691 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/08/21 18:29:28 | 054,252,893 | ---- | C] () -- C:\Users\Isneyki\Documents\Diablo III_ Reaper of Souls Opening Cinematic - YouTube [720p].mp4
[2013/02/27 07:10:55 | 000,045,270 | ---- | C] () -- C:\Users\Isneyki\AppData\Roaming\room_v3.dat
[2012/12/01 18:07:26 | 000,283,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/12/01 18:07:23 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/12/01 18:07:23 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/25 22:40:46 | 000,358,912 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll
[2012/07/25 22:40:46 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll
[2012/07/25 22:40:46 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\pythoncomloader27.dll
[2012/01/04 00:40:37 | 000,000,997 | ---- | C] () -- C:\Users\Isneyki\AppData\Roaming\MPQEditor.ini
[2011/11/29 16:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/11/29 16:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/11/29 16:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/11/29 16:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/10/31 18:14:16 | 000,006,656 | ---- | C] () -- C:\Users\Isneyki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/21 10:41:50 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/10/21 10:41:50 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/10/18 10:30:22 | 000,007,608 | ---- | C] () -- C:\Users\Isneyki\AppData\Local\Resmon.ResmonCfg
[2011/10/17 19:32:17 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/17 19:18:03 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/10/17 19:18:01 | 000,021,742 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 13:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 12:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/01/21 18:42:59 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\BigHugeEngine
[2013/09/11 03:42:17 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\Dropbox
[2012/04/05 09:16:30 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\fltk.org
[2013/06/06 08:46:44 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\Foxit Software
[2013/04/21 18:10:52 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\Garena
[2013/09/14 07:17:50 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\GarenaPlus
[2013/09/14 07:17:50 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\IrfanView
[2012/12/06 16:05:08 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\Leadertech
[2012/03/30 18:17:19 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\LolClient
[2012/06/26 00:02:38 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\LolClient2
[2011/11/07 15:44:26 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\Might & Magic Heroes VI
[2011/11/06 16:55:37 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\Notepad++
[2013/09/01 19:12:08 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\Origin
[2012/07/24 00:29:23 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\raidcall
[2012/11/02 22:12:38 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\RCKR
[2012/12/24 11:30:02 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\RotMG.Production
[2012/08/24 11:53:11 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\runic games
[2011/12/27 20:34:23 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\Samsung
[2012/06/06 19:31:39 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\SplitMediaLabs
[2013/07/11 15:58:17 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\SumatraPDF
[2013/06/14 09:54:40 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\TeamViewer
[2012/09/13 22:30:54 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\To the Moon - Freebird Games
[2013/09/03 15:38:13 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\Trine2
[2013/04/22 21:19:14 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\Tunngle
[2011/11/20 20:07:17 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\Unity
[2013/09/14 07:17:50 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

< End of report >
 


Here's the Extras.txt

 

OTL Extras logfile created on: 9/19/2013 10:14:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = G:\Snickcrash\Fixers
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.98 Gb Total Physical Memory | 6.71 Gb Available Physical Memory | 84.00% Memory free
15.96 Gb Paging File | 14.72 Gb Available in Paging File | 92.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 390.53 Gb Total Space | 150.12 Gb Free Space | 38.44% Space Free | Partition Type: NTFS
Drive E: | 540.89 Gb Total Space | 118.77 Gb Free Space | 21.96% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 146.35 Gb Free Space | 31.42% Space Free | Partition Type: NTFS
Drive G: | 14.90 Gb Total Space | 4.68 Gb Free Space | 31.44% Space Free | Partition Type: FAT32
 
Computer Name: ISNEYKI-PC | User Name: Isneyki | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07DF5271-EE9B-4DB7-AAF8-B48FC159D376}" = rport=80 | protocol=6 | dir=out | app=c:\games\warframe\downloaded\public\warframe.x64.exe |
"{0C54C551-DB85-4AA9-BAD7-E813879126EF}" = rport=138 | protocol=17 | dir=out | app=system |
"{151331E6-DDAE-40B4-98C7-F535F1C9527F}" = lport=3960 | protocol=17 | dir=out | app=c:\games\warframe\downloaded\public\warframe.x64.exe |
"{1A4071BB-113C-4B27-9B6D-2E0E010EE982}" = rport=445 | protocol=6 | dir=out | app=system |
"{2A9A9A84-5CE7-434A-A2C2-E56E985BDDF9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31E7E627-0828-4621-92A1-D52D697A4983}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3445E9FD-DD3F-41AE-9864-AE07B4CF3248}" = rport=137 | protocol=17 | dir=out | app=system |
"{38E15A39-079E-4F33-B841-E75C53620A0A}" = rport=80 | protocol=6 | dir=out | app=c:\games\warframe\downloaded\public\warframe.exe |
"{46749E5C-1D28-46C6-9392-1B86BA469A14}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{55CAAEC3-BA27-41B0-A72A-5CD9F3B94B19}" = lport=138 | protocol=17 | dir=in | app=system |
"{57688E91-3C86-4C33-A195-303011DD5F3B}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{5946AA20-A98E-4EEB-8A39-4B87FE2610B4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{5F827380-CFC5-49FA-A8C9-BD59220BF98C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{63811D46-DD34-4B5A-B79D-022C8A7A7FDE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{74C11980-A3A3-4B34-89D1-0620ADD3794D}" = rport=139 | protocol=6 | dir=out | app=system |
"{74F5BA2E-E032-4798-A23D-9D1D54CED450}" = lport=3960 | protocol=17 | dir=in | app=c:\games\warframe\downloaded\public\warframe.exe |
"{81274A83-1F3C-4F23-A17F-596310F536DF}" = lport=3960 | protocol=17 | dir=in | app=c:\games\warframe\downloaded\public\warframe.x64.exe |
"{8605C6E0-8DFE-4D02-9195-DACCB3C98FF3}" = lport=445 | protocol=6 | dir=in | app=system |
"{86967F38-5524-4F17-AEC6-2974A16352A1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{90CAA465-DBE6-4B9B-82BB-9EC9821BBEA0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{998D9879-A206-4C8F-A9FE-1E38CDC12550}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B4958EBB-A80E-447A-A793-19A6A09C0D5D}" = lport=137 | protocol=17 | dir=in | app=system |
"{BB063AE9-E850-480C-BDA6-B356EE2CD6D1}" = lport=3960 | protocol=17 | dir=out | app=c:\games\warframe\downloaded\public\warframe.exe |
"{BE306898-24A8-49CF-87B8-B12F21D0329A}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{D00F7CAD-5D24-41F4-ADE4-707A984F1A91}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D84529A7-672E-4DC6-B880-396DA0CCA107}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DA0C553C-A170-4F0F-A2AC-288DD946F289}" = lport=139 | protocol=6 | dir=in | app=system |
"{DF207968-4DC4-4860-9ED5-5583A91D8380}" = rport=80 | protocol=6 | dir=out | app=c:\users\isneyki\appdata\local\warframe\downloaded\public\tools\launcher.exe |
"{E86BC997-7577-492E-A614-9BEDA4F80D6F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EB6B03C9-7A1A-436C-AC37-DE2A10E2E573}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FEB8D8B2-F3EA-4D5D-AD87-359B795C7131}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FC690B-9DBF-4C5F-B184-645C5D7C9C92}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{0531F3FA-682D-43B6-8AEE-7852567FEB64}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\machine for pigs\aamfp.exe |
"{05513D7E-0188-4358-8FB1-765012644056}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{06767A61-F3A8-424D-8ECE-07E01074D6C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{09FC4D94-C03B-438A-B794-96ECD59E9129}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{0A6919B0-6C29-40F3-AA00-341029E31684}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dead space 3\deadspace3.exe |
"{0C7D61A1-5D0E-481F-AB88-01F92E736A10}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\magic 2013\dotp_d13.exe |
"{0DF27695-569D-4600-BFAF-307B2583BA28}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\warframe\tools\launcher.exe |
"{0E34609A-E931-44CD-A33E-778E7FCDB39D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0EADE156-9D08-438B-9BBC-37635D36A55D}" = protocol=6 | dir=in | app=c:\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{100E08ED-EA3C-48F9-AE82-9D5DD3C455B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{127812E0-CC38-40FF-B8FF-12B6294C513F}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\magicka\magicka.exe |
"{185B51F9-A873-48B8-A91B-54CA76F5B70D}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{186C0BA4-2820-425F-8A2E-0F967B1A6AEA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{19998A08-987E-42EF-9CB5-96774941BD5D}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\to the moon\to the moon\to the moon.exe |
"{22657B6A-48CA-496C-AB44-2C70F3F4703F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{27239056-E5A7-4985-AA8B-1854E14C56B6}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\warframe\tools\launcher.exe |
"{287E8511-0161-4D37-98AE-084832717F70}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C0BCBC0-0F4A-4527-BFE9-EF733E6A7821}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\skyrim\creationkit.exe |
"{3085AA04-4A86-4281-BBE4-A0834947DC3F}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{319D435F-3CEF-4D94-B51E-9F754DD70274}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{33BFCEC6-2E6A-4C3D-B98A-B5052637C7F4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{38BA6698-194A-4E91-9F77-3DF5619DBA37}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{397FAAD8-198D-45F0-9F00-C833A517715A}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\dota 2 beta\dota.exe |
"{3AA6B2E6-0B65-427D-83A1-1F7663626E1B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{3B3EDB51-7638-4D36-866A-93091CBB412E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F3576D6-8C19-4AFD-AB43-CBB552E166C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3FC26012-772B-418A-A741-EED7D627F087}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{4080E982-4DE6-43C5-95F0-C7F72B8E983A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{41C57AD6-A1D7-4AAD-8FBF-DEA5C745C683}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{4278127D-76BA-447A-9809-9D895ED3B6D9}" = protocol=17 | dir=in | app=c:\games\diablo iii beta\diablo iii.exe |
"{458080DD-6A0E-4669-B2B5-39B6BBDC8F42}" = protocol=6 | dir=in | app=c:\games\steam\steam.exe |
"{45D74BA2-F2A7-4C07-83F1-74DC1A33EBC9}" = protocol=17 | dir=in | app=c:\games\steam\steam.exe |
"{4610A050-FA3F-4E22-9631-39B59557490A}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\anomaly warzone earth\anomalywarzoneearth.exe |
"{47648D85-368F-44CC-A4F1-BB0D9E19EB24}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\magic 2013\dotp_d13.exe |
"{47818548-5531-4502-8624-4A02DA69BCB7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{485B292C-F19F-4B7B-A911-F013577255F9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{49851B6C-0B6E-4EB9-BC6F-9AE3FF2EB6C0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{4B5795EE-7ED7-4DAD-B284-77533F0846BF}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet ink adv 2060 k110\bin\usbsetup.exe |
"{4EF05F74-4370-4460-BAF5-DB324636EBEF}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\dota 2 beta\dota.exe |
"{4F66D262-A59F-4534-A396-ECE1EE636B8D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{5123AD89-1241-492C-A9FC-0B19639583F0}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{52B2D9F8-AC00-4B3E-9318-C07DDA2A066A}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{54459C5A-0686-4286-890E-4D891D6D3456}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{556CEEC6-C425-4F96-A359-B3298B4F1CCA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{56B965C3-8D99-46D1-91BF-F02E812B9D47}" = protocol=17 | dir=in | app=c:\games\world of warcraft\launcher.exe |
"{57B49604-FFB3-4458-BB43-1F08D0CDDA4A}" = protocol=6 | dir=in | app=c:\games\garena lolph\gamedata\apps\lolph\air\lolclient.exe |
"{597CA39C-2272-4FFF-BF4F-2DF0B3260456}" = protocol=17 | dir=in | app=c:\users\isneyki\appdata\roaming\dropbox\bin\dropbox.exe |
"{5A339398-F693-4C54-9521-D2E8910466C6}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{5AAA8B90-922B-4F67-AC05-E02B819173EC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{6031C685-4DB2-41CB-A7C2-4BC30F225B5F}" = protocol=17 | dir=in | app=c:\games\starcraft ii\starcraft ii.exe |
"{6187816B-B488-47D4-BC58-F619F2A6D03A}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\machine for pigs\launcher.exe |
"{6391068E-ED00-483D-B5C0-755D6453AB9A}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{642BAD55-51AD-4126-85CF-7695250EDBE5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{65918EBD-A101-4D0E-9BA8-AB188149F3C3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{660B39BF-E95D-41BD-ADBC-EEFE4497288B}" = protocol=6 | dir=in | app=c:\games\world of warcraft\launcher.patch.exe |
"{69442897-A881-4647-84CA-C66261022AC5}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{6C78710B-4C35-412C-9AC0-6ED7005F64F1}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{721DE6D7-73C8-44DA-898E-2C4A3621D6F9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{72B649B8-56B1-444D-B69D-5A6FB4D8F03C}" = protocol=17 | dir=in | app=c:\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{747320D6-5C16-44CC-AA54-801B587C2CFF}" = protocol=6 | dir=in | app=c:\users\isneyki\appdata\roaming\dropbox\bin\dropbox.exe |
"{74DB9E8C-E3F4-4C96-88F9-5F901DB269FD}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{77117A9C-93AF-40A8-8DDC-F8489464A4D0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{77BFFD49-B186-476D-A093-B7BAECF63214}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{792E7D79-B5C4-4D0F-AC15-2E570696DEA4}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\castlecrashers\castle.exe |
"{7A056529-076B-4000-BB64-C412C03DCF4F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{7E04DDD3-E292-40A7-9619-5300C692DED6}" = protocol=17 | dir=in | app=c:\games\ventrilo\ventrilo.exe |
"{844AF009-3007-4B79-A3B7-AA081AE69E2C}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\terraria\terraria.exe |
"{86ECCE20-C332-495E-8533-06382C8566BD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8703389C-E282-4870-ADD9-192A481DF53A}" = protocol=6 | dir=out | app=system |
"{87F0FACA-08F6-4055-AD3E-925D3EF096E2}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
"{88FCC94E-A956-44EC-B926-29E097ADF717}" = protocol=17 | dir=in | app=c:\games\starcraft ii\starcraft ii public test.exe |
"{89CE80FC-D89B-4F70-AE3A-AA60520C5889}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8A5DD1F6-FB60-4A9E-A214-6FBCA8757A23}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{8AD7B955-7445-4463-B558-FFD6E63F06B3}" = protocol=6 | dir=in | app=c:\games\garena lolph\gamedata\apps\lolph\game\league of legends.exe |
"{8B234D71-C033-4194-B72E-069E16FA6CBF}" = dir=in | app=c:\games\garena plus\ggdllhost.exe |
"{8E530F16-8DEE-4542-852A-C18DA397E7EB}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{957365C4-6D71-4748-B634-64F979B03223}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{9686567A-88FF-4055-9FEF-280D30FCC2CF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{968B31B5-9BCB-4827-8C5A-62D31F7FA516}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dead space 3\deadspace3.exe |
"{9777181A-ABE0-4F2D-9894-324E541F7C3A}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\psychonauts\psychonauts.exe |
"{99E19C69-5773-47F3-A02E-5AFDC52A78A5}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\the witcher 2\launcher.exe |
"{A054FD6A-2E3B-4008-B210-99F76000FA40}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\alien swarm\srcds.exe |
"{A17ADC8E-1CB8-4C9A-9AE9-29020B11FBA0}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{A363BD8A-2B17-48D2-8DB3-DB6B77EB0784}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{A93CC71D-6592-4800-BAA8-374BE009635F}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\the witcher 2\launcher.exe |
"{AA71852E-3892-4675-82D0-6A5D47582A94}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB63BAB0-81BD-4F06-9799-4E48D0282DF4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{AD0EB998-F0DE-4C7E-BBBE-CFC7EC5F8938}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{ADC44536-FB72-499F-B8A2-50B2B62976B4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AE0B91D6-1D36-45F1-BC1B-6921A611A9E2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B204FA30-79B2-49C7-912C-64E230EBE62E}" = protocol=17 | dir=in | app=c:\games\world of warcraft\launcher.patch.exe |
"{B702F3B9-07A6-4140-8455-4168F43EF168}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{B897A54C-F2F9-464F-86E9-E7457D6F13E2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{BAD756E9-25AF-4ECB-A592-DB4B8967C658}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{BB9EAB84-14D1-4928-A662-AD113FB08B1A}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\magicka\magicka.exe |
"{BBD13BF0-66F8-430A-83A4-965CFA82C6DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C02A1BA4-57B6-4390-9186-18FFCAD1EC64}" = protocol=6 | dir=in | app=c:\games\dragonnest.exe |
"{C03FB475-3BA9-4C58-8E02-FADA4E50C213}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\skyrim\creationkit.exe |
"{C169BEAE-DDF5-4CE1-BFCE-2B1BD0031C0C}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\machine for pigs\aamfp.exe |
"{C3FECE11-D089-4B61-A9CE-646979B74E30}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{C4C8595A-A329-4FD4-9C3B-37AA4BF4731E}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
"{C617DC44-291B-4D96-9C3F-347194B99AB5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CAF4A3BB-723D-4DB2-BE33-56F2DC3C3070}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CB9EE556-DD28-400E-AB51-0B9928C21A94}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\to the moon\to the moon\to the moon.exe |
"{CDA726B7-CB72-41EB-89D3-B59A390C4C24}" = protocol=6 | dir=in | app=c:\games\diablo iii beta\diablo iii.exe |
"{CEB8A3F9-6459-47F5-BFEA-257D9DF60D8D}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet ink adv 2060 k110\bin\usbsetup.exe |
"{D0845C3E-D84D-4D75-BA0A-BB5DF70457B8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{D731C267-65D2-4DFF-A20C-7E97D8AF65FA}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\psychonauts\psychonauts.exe |
"{DB861242-7A01-41E4-B9DF-007D97D0DA7E}" = protocol=17 | dir=in | app=c:\games\might & magic heroes vi\might & magic heroes vi.exe |
"{DD80B95A-CD0A-4696-81CC-672238C0ECEE}" = protocol=17 | dir=in | app=c:\games\garena lolph\gamedata\apps\lolph\game\league of legends.exe |
"{DFC8D0EB-53D1-4804-A764-61C94C9F0CA3}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{E0E3A887-7D5D-4B45-929B-F62E3FE14A3F}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\terraria\terraria.exe |
"{E124629D-3062-4F7E-9EDA-83EE031CD918}" = protocol=6 | dir=in | app=c:\games\world of warcraft\launcher.exe |
"{E2C0111A-06C5-462B-A037-237EC2BA5DAD}" = protocol=6 | dir=in | app=c:\games\starcraft ii\starcraft ii.exe |
"{E7F18D40-7144-428E-8055-5DDFBECC1EDE}" = protocol=6 | dir=in | app=c:\games\might & magic heroes vi\might & magic heroes vi.exe |
"{E8623FFC-2435-477A-975B-5BBEEB548F20}" = protocol=6 | dir=in | app=c:\games\starcraft ii\starcraft ii public test.exe |
"{E9F9A31D-FC8B-4E43-B5ED-0980395C45FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EA2E4A8F-C8A2-4ABD-ABE5-2F465DF86ADB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F0B0B275-EC45-4602-B739-9F38808B2A05}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\castlecrashers\castle.exe |
"{F171827A-1C16-4884-8877-E225C6A0F036}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\anomaly warzone earth\anomalywarzoneearth.exe |
"{F3A3F9E3-35AF-442D-A4A3-C5D7B4F653BB}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{F479D74A-F644-4899-9A1E-452CE0CEBD45}" = protocol=17 | dir=in | app=c:\games\dragonnest.exe |
"{F4A1DFA1-1854-462A-94B9-82EB16937C3F}" = protocol=6 | dir=in | app=c:\games\ventrilo\ventrilo.exe |
"{F66F343A-E2FB-4C36-B01B-F6B8941A1DE8}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\machine for pigs\launcher.exe |
"{F747F2C1-AFA2-496C-A01D-4DC7582B787C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{F77E8FF5-C091-43BC-A5D6-D8350241275E}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{F828EF60-538C-4AB0-94E6-504B2F7A165E}" = protocol=17 | dir=in | app=c:\games\garena lolph\gamedata\apps\lolph\air\lolclient.exe |
"{FA3E90BF-FEF7-4014-92AB-55F0DA709068}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\alien swarm\srcds.exe |
"{FC5B2FB4-485B-425D-BD7F-7BDBE6DE9382}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{FDCA0A1F-DF54-47A6-B014-03C6A55A7013}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"TCP Query User{04E2C490-D112-4293-A933-546079732C08}C:\program files\ipmsg\ipmsg.exe" = protocol=6 | dir=in | app=c:\program files\ipmsg\ipmsg.exe |
"TCP Query User{06262748-E647-4C10-9B2A-7E6C4D1308CD}C:\games\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"TCP Query User{06D28C01-79F6-4C6A-A5E5-2D320E3878AC}C:\games\garena hon\gamedata\apps\hon\hon.exe" = protocol=6 | dir=in | app=c:\games\garena hon\gamedata\apps\hon\hon.exe |
"TCP Query User{165033E9-D183-461D-9D9E-05091DE94CAC}C:\games\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{2359C67F-4777-4281-B992-C5E07B148A26}C:\games\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\planetside 2\planetside2.exe |
"TCP Query User{28B4DADF-402E-48EC-8781-35A467636BC8}C:\games\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"TCP Query User{28EA9A36-DB1F-4C72-82A3-FCF82FF4694E}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{34DF61B4-D2AE-4E01-9FE4-7127DB975CF6}C:\games\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\games\tera\tera-launcher.exe |
"TCP Query User{40F1DAF8-5A68-4BE4-8823-AA45E22D0ADF}C:\games\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=c:\games\garena plus\room\garena_room.exe |
"TCP Query User{44C89925-C493-4C3F-8DBA-B4268CAAA2B4}C:\games\kingdoms of amalur - reckoning\reckoning.exe" = protocol=6 | dir=in | app=c:\games\kingdoms of amalur - reckoning\reckoning.exe |
"TCP Query User{44D15999-C82B-4300-BB84-144A2BB20715}C:\games\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{4957B100-BAB4-4DC6-AD3E-43CF00BDAF48}C:\games\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\games\crysis 2\bin32\crysis2.exe |
"TCP Query User{4986EA91-BBC3-4023-A4F4-227106E7030A}C:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{4E992818-481B-4FF8-938E-5C8B6DB4803B}C:\games\garena plus\garenamessenger.exe" = protocol=6 | dir=in | app=c:\games\garena plus\garenamessenger.exe |
"TCP Query User{51F0D86C-79D3-48FE-B000-F1DAED625335}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"TCP Query User{53D1E541-E4D1-448E-900F-C70332CAFDE7}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{6BB17615-8255-471F-8E6C-2CACFF02DA6E}C:\games\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base24944\sc2.exe |
"TCP Query User{86D60D02-6F64-432E-877A-7325CF4A3F98}C:\games\warframe\downloaded\public\warframe.x64.exe" = protocol=6 | dir=in | app=c:\games\warframe\downloaded\public\warframe.x64.exe |
"TCP Query User{8D3A994D-4BC1-4C35-852F-6E35B8B18A6C}G:\garena hon\gamedata\apps\hon\hon.exe" = protocol=6 | dir=in | app=g:\garena hon\gamedata\apps\hon\hon.exe |
"TCP Query User{8D58D4EE-FAC0-424E-8BD5-0D4E5DDBBA6A}C:\games\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe |
"TCP Query User{8DC5151F-9DB9-4290-B179-FD7662D7244A}C:\games\strike suit zero\pc\main\binary\ssz.exe" = protocol=6 | dir=in | app=c:\games\strike suit zero\pc\main\binary\ssz.exe |
"TCP Query User{8F0A870A-8346-40FC-A06F-462EC583F238}C:\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\games\cryptic studios\neverwinter\live\gameclient.exe |
"TCP Query User{905A161F-1CBA-43E7-AADF-01A7F0317C7D}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{95834147-6FA5-4C3B-A29C-11F9E79FDDBD}C:\games\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe" = protocol=6 | dir=in | app=c:\games\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
"TCP Query User{971A04CD-AF21-4612-80C9-6A1CE206B42E}C:\games\call of duty black ops ii\t6sp.exe" = protocol=6 | dir=in | app=c:\games\call of duty black ops ii\t6sp.exe |
"TCP Query User{9E7FD856-2B1A-4165-9D99-E5C1C72CB694}C:\games\steam\steamapps\common\warframe\warframe.x64.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\warframe\warframe.x64.exe |
"TCP Query User{9F1E29D8-D3BA-4CEE-BAAE-A1270B94BD3B}C:\users\isneyki\downloads\honinstaller.exe" = protocol=6 | dir=in | app=c:\users\isneyki\downloads\honinstaller.exe |
"TCP Query User{9FDC1BA3-7B2A-4BB5-A3D3-2CFF1A0FCBEC}C:\games\garena plus\updatemanager.exe" = protocol=6 | dir=in | app=c:\games\garena plus\updatemanager.exe |
"TCP Query User{AC089C94-D2FC-448D-AE34-8066FE5FCB7A}C:\games\the witcher 2 enhanced edition\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\games\the witcher 2 enhanced edition\bin\witcher2.exe |
"TCP Query User{B1F85EAD-AC20-46E2-B5FC-E2C7E3C741DC}C:\games\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=c:\games\dishonored\binaries\win32\dishonored.exe |
"TCP Query User{B49F7D22-FBC1-477B-B419-F2338028A62E}C:\users\isneyki\downloads\honinstaller (1).exe" = protocol=6 | dir=in | app=c:\users\isneyki\downloads\honinstaller (1).exe |
"TCP Query User{B931A38C-FDBF-4F5F-98B2-6C285E42E33C}C:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe |
"TCP Query User{C890F1E1-D175-41A1-9A63-7E9ADC46BD44}C:\games\warhammer 40000 dawn of war ii - chaos rising\dow2.exe" = protocol=6 | dir=in | app=c:\games\warhammer 40000 dawn of war ii - chaos rising\dow2.exe |
"TCP Query User{CBF85CF9-53A8-4A86-9DAC-78EA0A0D2227}C:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{E0E4ADBE-23B4-48C9-90DF-2AFBD7ED777C}C:\games\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\games\the witcher 2\bin\witcher2.exe |
"TCP Query User{EF87BD67-47CD-4D88-8FFC-A79206F0B21B}C:\program files (x86)\wb games\batman arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wb games\batman arkham city\binaries\win32\batmanac.exe |
"TCP Query User{F4768D4C-349D-4A33-A0E4-CBF94404103F}C:\games\garena lolph\lolphlauncher.exe" = protocol=6 | dir=in | app=c:\games\garena lolph\lolphlauncher.exe |
"TCP Query User{F949852E-BDAC-4E13-AA7B-8BAB9EE04594}C:\games\guild wars 2 beta\gw2.exe" = protocol=6 | dir=in | app=c:\games\guild wars 2 beta\gw2.exe |
"UDP Query User{03C366EC-C92D-45A2-9473-25A52473C583}C:\games\kingdoms of amalur - reckoning\reckoning.exe" = protocol=17 | dir=in | app=c:\games\kingdoms of amalur - reckoning\reckoning.exe |
"UDP Query User{238FA898-A122-447A-B7B1-A9C0EFAF8D89}C:\program files (x86)\wb games\batman arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wb games\batman arkham city\binaries\win32\batmanac.exe |
"UDP Query User{361D63DF-41AE-4E92-BEC6-83D897B7C5B8}C:\users\isneyki\downloads\honinstaller (1).exe" = protocol=17 | dir=in | app=c:\users\isneyki\downloads\honinstaller (1).exe |
"UDP Query User{36EF12DB-B3DC-4545-95E7-471B6E80D19F}G:\garena hon\gamedata\apps\hon\hon.exe" = protocol=17 | dir=in | app=g:\garena hon\gamedata\apps\hon\hon.exe |
"UDP Query User{3866EAA0-AB61-4BC1-AA95-205CEB05FCAD}C:\games\steam\steamapps\common\warframe\warframe.x64.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\warframe\warframe.x64.exe |
"UDP Query User{418A86B1-A0CB-440C-BB4A-8B2C37254465}C:\games\strike suit zero\pc\main\binary\ssz.exe" = protocol=17 | dir=in | app=c:\games\strike suit zero\pc\main\binary\ssz.exe |
"UDP Query User{43B47A63-918F-49CA-9ADF-D927849BCBA0}C:\games\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\games\tera\tera-launcher.exe |
"UDP Query User{454431D6-5349-4136-B9EB-D5F80A6B6734}C:\games\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=c:\games\dishonored\binaries\win32\dishonored.exe |
"UDP Query User{4982306A-78FE-430C-928A-E4E0BB8C6AC5}C:\games\warframe\downloaded\public\warframe.x64.exe" = protocol=17 | dir=in | app=c:\games\warframe\downloaded\public\warframe.x64.exe |
"UDP Query User{53270CED-1B1E-44E0-8677-14CF47F4C9B1}C:\program files\ipmsg\ipmsg.exe" = protocol=17 | dir=in | app=c:\program files\ipmsg\ipmsg.exe |
"UDP Query User{5A2830A9-7F64-4280-9726-A4EA17E6BE7A}C:\games\garena lolph\lolphlauncher.exe" = protocol=17 | dir=in | app=c:\games\garena lolph\lolphlauncher.exe |
"UDP Query User{67F8487B-7D20-44CE-8CD5-54EBA06FD303}C:\games\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe |
"UDP Query User{7B2DF0EF-4EBB-4D26-A238-703395E57BE2}C:\users\isneyki\downloads\honinstaller.exe" = protocol=17 | dir=in | app=c:\users\isneyki\downloads\honinstaller.exe |
"UDP Query User{7E8E3CCC-ABC2-4EE6-99BD-48B5780CCA02}C:\games\the witcher 2 enhanced edition\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\games\the witcher 2 enhanced edition\bin\witcher2.exe |
"UDP Query User{802FBC32-2C45-4ADE-BCF2-04B9BA077182}C:\games\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{846397E3-1D24-4E59-A7FF-0A54ACA1B52C}C:\games\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe" = protocol=17 | dir=in | app=c:\games\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
"UDP Query User{8A9275F1-58BE-4BBB-ACE9-1831CB3FDBA6}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{8CF46717-AAD9-4D60-882D-920A38BE0332}C:\games\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{93CEEE77-2546-42EA-A168-9CF976392657}C:\games\guild wars 2 beta\gw2.exe" = protocol=17 | dir=in | app=c:\games\guild wars 2 beta\gw2.exe |
"UDP Query User{998D1647-C3BD-43EC-86C8-8A8BD7C2AFBC}C:\games\call of duty black ops ii\t6sp.exe" = protocol=17 | dir=in | app=c:\games\call of duty black ops ii\t6sp.exe |
"UDP Query User{9B20F042-CFA6-491D-8F04-32E84FA14F9C}C:\games\garena plus\garenamessenger.exe" = protocol=17 | dir=in | app=c:\games\garena plus\garenamessenger.exe |
"UDP Query User{9C784B30-D297-4415-A65E-E8B413C6066B}C:\games\garena plus\updatemanager.exe" = protocol=17 | dir=in | app=c:\games\garena plus\updatemanager.exe |
"UDP Query User{9C885B18-693E-48C6-A178-396C8882F667}C:\games\garena hon\gamedata\apps\hon\hon.exe" = protocol=17 | dir=in | app=c:\games\garena hon\gamedata\apps\hon\hon.exe |
"UDP Query User{9DA808C4-22BD-4B2B-8600-20FFD71D7E1B}C:\games\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\planetside 2\planetside2.exe |
"UDP Query User{9DA9BC44-320F-4773-A298-FF20D627BEC3}C:\games\warhammer 40000 dawn of war ii - chaos rising\dow2.exe" = protocol=17 | dir=in | app=c:\games\warhammer 40000 dawn of war ii - chaos rising\dow2.exe |
"UDP Query User{A1DB6D9F-19DC-4338-9E67-3EB09B48C241}C:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe |
"UDP Query User{B212BE97-7DE2-4D70-B29E-3EF4495A1492}C:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{B63C4E51-B2FB-450A-A1D8-7CF4CD50E891}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"UDP Query User{C1BB0B19-6223-4FB2-BA18-4CF7EC49D3B1}C:\games\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\games\crysis 2\bin32\crysis2.exe |
"UDP Query User{C1ED108A-828C-43D2-AD21-DFD3D2996D91}C:\games\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"UDP Query User{C59DD3FB-96E4-4718-87D5-C757BDAE1444}C:\games\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\games\the witcher 2\bin\witcher2.exe |
"UDP Query User{C7B44223-D10D-45CA-AC0D-CEFB9EF511BC}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{C8D49E31-D419-4934-8397-3CE95E4730F7}C:\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\games\cryptic studios\neverwinter\live\gameclient.exe |
"UDP Query User{D5B60D64-A99D-4C2A-9D4F-C36114E450F7}C:\games\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{DA98D981-1E86-4E47-8BC1-837922FD860A}C:\games\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"UDP Query User{DDC41C12-6233-4FD4-8AF5-132E1E61A251}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{DFA13C4F-4275-4BE0-8005-981D3A133E57}C:\games\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=c:\games\garena plus\room\garena_room.exe |
"UDP Query User{F57E10F0-BF78-4A0C-8AFE-6880CAE79047}C:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\support\blizzarddownloader.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{27726449-83B8-428D-92DE-101346C1E15C}" = Microsoft Security Client
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{857F4F6C-3CEF-4E80-8EB5-2DF65DFD8ED9}" = HP Deskjet Ink Adv 2060 K110 Basic Device Software
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{261A4762-744B-4C71-81D2-57FA5038DC7B}" = HP Deskjet Ink Adv 2060 K110 Help
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A23AADDA-3DBF-11E2-A6F2-984BE15F174E}" = Evernote v. 4.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}" = Python 2.7.3
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{EA2D7798-5629-42C4-B544-F8A13B499014}_is1" = DMC Devil May Cry version 1.0
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudioCS" = Creative Audio Control Panel
"Bejeweled 31.0" = Bejeweled 3
"comtypes-py2.7" = Python 2.7 comtypes-0.6.2
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diablo III" = Diablo III
"Fraps" = Fraps (remove only)
"Full Combat Rebalance 2 Hotfix_is1" = Full Combat Rebalance 2 Hotfix version 1.1a
"HoN" = Garena - Heroes of Newerth
"IrfanView" = IrfanView (remove only)
"LoLPH" = Garena - League of Legends PH
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Origin" = Origin
"Planescape Torment_is1" = Planescape Torment
"PunkBusterSvc" = PunkBuster Services
"pywin32-py2.7" = Python 2.7 pywin32-217
"Raidcall" = RaidCall
"STANDARD" = Microsoft Office Standard 2007
"StarCraft II" = StarCraft II
"Steam App 105600" = Terraria
"Steam App 200710" = Torchlight II
"Steam App 201790" = Orcs Must Die! 2
"Steam App 202480" = Creation Kit
"Steam App 204360" = Castle Crashers
"Steam App 206440" = To the Moon
"Steam App 207610" = The Walking Dead
"Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition
"Steam App 209870" = Blacklight: Retribution
"Steam App 230410" = Warframe
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 35720" = Trine 2
"Steam App 3830" = Psychonauts
"Steam App 42910" = Magicka
"Steam App 49520" = Borderlands 2
"Steam App 570" = Dota 2
"Steam App 91200" = Anomaly Warzone Earth
"Steam App 97330" = Magic: The Gathering - Duels of the Planeswalkers 2013
"Strike Suit Zero" = Strike Suit Zero
"SumatraPDF" = SumatraPDF
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"Wrye Bash" = Wrye Bash
"wxPython2.8-unicode-py27_is1" = wxPython 2.8.12.1 (unicode) for Python 2.7
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/26/2013 7:56:08 PM | Computer Name = Isneyki-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
 - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8.  The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 5/27/2013 7:52:35 PM | Computer Name = Isneyki-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
 - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8.  The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 5/29/2013 9:33:13 AM | Computer Name = Isneyki-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
 - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8.  The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 5/29/2013 7:49:42 PM | Computer Name = Isneyki-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
 - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8.  The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 5/30/2013 7:53:45 PM | Computer Name = Isneyki-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
 - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8.  The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 6/1/2013 12:56:38 AM | Computer Name = Isneyki-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
 - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8.  The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 6/1/2013 12:31:10 PM | Computer Name = Isneyki-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
 - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8.  The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 6/2/2013 6:58:08 PM | Computer Name = Isneyki-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
 - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8.  The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 6/3/2013 8:22:59 PM | Computer Name = Isneyki-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
 - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8.  The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 6/4/2013 12:32:17 PM | Computer Name = Isneyki-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
 - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8.  The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 6/7/2013 4:44:31 PM | Computer Name = Isneyki-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
 - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8.  The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 6/8/2013 11:15:19 PM | Computer Name = Isneyki-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
 - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8.  The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 6/9/2013 8:01:35 PM | Computer Name = Isneyki-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
 - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8.  The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
 
[ System Events ]
Error - 9/19/2013 10:11:13 AM | Computer Name = Isneyki-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 9/19/2013 10:11:13 AM | Computer Name = Isneyki-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 9/19/2013 10:11:13 AM | Computer Name = Isneyki-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 9/19/2013 10:11:13 AM | Computer Name = Isneyki-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 9/19/2013 10:11:13 AM | Computer Name = Isneyki-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 9/19/2013 10:11:13 AM | Computer Name = Isneyki-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 9/19/2013 10:21:21 AM | Computer Name = Isneyki-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.157.1702.0     Update Source: %%859     Update Stage:
 %%852     Source Path: Default URL     Signature Type: %%800     Update Type: %%803     User: NT AUTHORITY\SYSTEM

    Current
 Engine Version:      Previous Engine Version: 1.1.9800.0     Error code: 0x8007043c     Error
description: This service cannot be started in Safe Mode
 
Error - 9/19/2013 10:21:21 AM | Computer Name = Isneyki-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.157.1702.0     Update Source: %%851     Update Stage:
 %%852     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9800.0&avdelta=1.157.1702.0&asdelta=1.157.1702.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature
 Type: %%800     Update Type: %%803     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:
      Previous Engine Version: 1.1.9800.0     Error code: 0x80072ee7     Error description: The
 server name or address could not be resolved
 
Error - 9/19/2013 10:21:21 AM | Computer Name = Isneyki-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.157.1702.0     Update Source: %%851     Update Stage:
 %%852     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9800.0&avdelta=1.157.1702.0&asdelta=1.157.1702.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature
 Type: %%801     Update Type: %%803     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:
      Previous Engine Version: 1.1.9800.0     Error code: 0x80072ee7     Error description: The
 server name or address could not be resolved
 
Error - 9/19/2013 10:21:21 AM | Computer Name = Isneyki-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 0.0.0.0     Update Source: %%851     Update Stage: %%852

    Source
 Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature
 Type: %%886     Update Type: %%803     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:
      Previous Engine Version: 0.0.0.0     Error code: 0x80072ee7     Error description: The server
 name or address could not be resolved
 
 
< End of report >
 



#9 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:11 AM

Posted 19 September 2013 - 11:14 AM

Hi,
 
No I don't see anything that drastic that you should be infecting other systems.   :)
 
OJQgrbU.pngTweaking.com Registry Backup

  • Download the tool found here to your Desktop so it is easy to find.
  • Double click on the file you just downloaded to install it to your system.
  • Once the tool is installed, double-click on the Tweaking.com Registry Backup icon 
    **Note** The tool should automatically open to the Backup Registry tab.
     
    TRfuT3t.jpg
  • Press Backup Now
  • When the back up is complete, the tool will tell you that Successful */* Files Backed Up
  • You have now successfully backed up your Registry.

----------
 
ttLR1ki.jpg
 
Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
     
    :Services
     
    :OTL
    O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2011/10/31 18:14:16 | 000,006,656 | ---- | C] () -- C:\Users\Isneyki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/09/14 07:17:50 | 000,000,000 | ---D | M] -- C:\Users\Isneyki\AppData\Roaming\uTorrent
     
    :Files
    ipconfig /flushdns /c
     
    :Commands
    [emptytemp]
    [resethosts]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Edited by jeffce, 19 September 2013 - 11:14 AM.
removed empty line in fix

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#10 SnickDroid

SnickDroid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 19 September 2013 - 10:21 PM

Hi Jeffce,

 

I took a peek and compared my new OTL vs. the Old one. I see some hosts entries and Trusted Domains were deleted, as well as this:

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

Just a question, what's the above entry mean?

 

I'm guessing we might be almost done, yes? :D

 

Anyway, here's a log that popped up after clicking Run Fix on OTL:

 

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\setup.exe not found.
C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP folder deleted successfully.
C:\Users\Isneyki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Users\Isneyki\AppData\Roaming\uTorrent\share folder moved successfully.
C:\Users\Isneyki\AppData\Roaming\uTorrent\ie folder moved successfully.
C:\Users\Isneyki\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Isneyki\AppData\Roaming\uTorrent\Cache folder moved successfully.
C:\Users\Isneyki\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Isneyki\AppData\Roaming\uTorrent folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
G:\Snickcrash\Fixers\cmd.bat deleted successfully.
G:\Snickcrash\Fixers\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Isneyki
->Temp folder emptied: 29609 bytes
->Temporary Internet Files folder emptied: 1765333 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7090961 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 545 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7198 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 9.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 09202013_110432

Files\Folders moved on Reboot...
File move failed. C:\Users\Isneyki\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

And finally, here's my new OTL.txt:

OTL logfile created on: 9/20/2013 11:07:46 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = G:\Snickcrash\Fixers
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.98 Gb Total Physical Memory | 6.72 Gb Available Physical Memory | 84.19% Memory free
15.96 Gb Paging File | 14.73 Gb Available in Paging File | 92.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 390.53 Gb Total Space | 149.97 Gb Free Space | 38.40% Space Free | Partition Type: NTFS
Drive E: | 540.89 Gb Total Space | 118.77 Gb Free Space | 21.96% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 146.35 Gb Free Space | 31.42% Space Free | Partition Type: NTFS
Drive G: | 14.90 Gb Total Space | 4.68 Gb Free Space | 31.39% Space Free | Partition Type: FAT32
 
Computer Name: ISNEYKI-PC | User Name: Isneyki | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\Snickcrash\Fixers\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (1394hub) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@raidcall.com/RCplugin: C:\Users\Isneyki\AppData\LocalLow\raidcall\plugins\webplugin_en.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Isneyki\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@raidcall.kr/RCplugin: C:\Users\Isneyki\AppData\Roaming\RCKR\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Games\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Isneyki\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Isneyki\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Isneyki\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/10/18 17:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isneyki\AppData\Roaming\Mozilla\Extensions
[2013/09/01 00:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\extensions
[2013/09/01 00:41:45 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/08/22 01:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\gosc7lgk.default-1362362325187\extensions
[2013/08/22 01:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\gosc7lgk.default-1362362325187\extensions\firefox@ghostery.com
[2013/09/01 00:40:59 | 001,314,979 | ---- | M] () (No name found) -- C:\Users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\extensions\firefox@ghostery.com.xpi
[2013/09/01 00:41:45 | 000,534,203 | ---- | M] () (No name found) -- C:\Users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/09/01 00:40:46 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Isneyki\AppData\Roaming\Mozilla\Firefox\Profiles\epoc251n.default-1377962745724\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/08/22 02:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/22 02:25:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\PepperFlash\11.8.800.97\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Isneyki\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Isneyki\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Garena Talk Plugin (Disabled) = C:\Games\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Isneyki\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Raidcall plugin (Disabled) = C:\Users\Isneyki\AppData\LocalLow\raidcall\plugins\webplugin_en.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Isneyki\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Raidcall plugin (Disabled) = C:\Users\Isneyki\AppData\Roaming\RCKR\plugins\nprcplugin.dll
CHR - plugin: Raidcall plugin (Disabled) = C:\Users\Isneyki\AppData\Roaming\raidcall\plugins\nprcplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Entanglement Web App = C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
CHR - Extension: AdBlock = C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0\
CHR - Extension: TweetDeck by Twitter = C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.2.5_0\
CHR - Extension: Classic = C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\
CHR - Extension: Evernote Web = C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Poppit = C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Currently = C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhmphdkpgbibohbnpbfiefkgieacjmh\2.6.0_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Isneyki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.20_0\
 
O1 HOSTS File: ([2013/09/20 11:04:45 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [GarenaPlus] C:\Games\Garena Plus\GarenaMessenger.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{433202D7-C2CA-4FD4-AC99-E25F7DBEBD81}: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/20 11:02:36 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/09/20 11:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/09/20 11:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/09/19 21:44:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/19 21:44:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/09/19 21:35:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/09/19 21:35:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/09/19 21:35:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/09/19 21:33:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/19 21:33:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/09/19 21:33:35 | 005,125,578 | R--- | C] (Swearware) -- C:\Users\Isneyki\Desktop\ComboFix.exe
[2013/09/19 21:27:11 | 000,000,000 | ---D | C] -- C:\Users\Isneyki\Desktop\Fixers
[2013/09/19 20:47:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/13 16:29:42 | 000,000,000 | ---D | C] -- C:\Users\Isneyki\Desktop\LocaleMetaData
[2013/09/08 20:32:18 | 000,000,000 | ---D | C] -- C:\Users\Isneyki\Documents\Telltale Games
[2013/09/05 22:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Space 3
[2013/09/05 22:06:03 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013/09/03 15:38:13 | 000,000,000 | ---D | C] -- C:\Users\Isneyki\AppData\Roaming\Trine2
[2013/08/29 15:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013/08/29 15:21:17 | 000,000,000 | ---D | C] -- C:\Users\Isneyki\AppData\Roaming\Origin
[2013/08/29 15:21:16 | 000,000,000 | ---D | C] -- C:\Users\Isneyki\AppData\Local\Origin
[2013/08/29 15:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013/08/29 15:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013/08/28 18:20:40 | 000,000,000 | ---D | C] -- C:\Users\Isneyki\Desktop\BF3 OST
[2013/08/28 18:05:50 | 000,000,000 | ---D | C] -- C:\Users\Isneyki\Desktop\Sims 3 OST
[2013/08/24 21:42:13 | 000,000,000 | ---D | C] -- C:\Users\Isneyki\Desktop\teamsched
[2013/08/22 02:25:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/20 11:05:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/20 11:05:32 | 2133,573,631 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/20 11:04:45 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/09/20 11:03:10 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-ISNEYKI-PC-Microsoft-Windows-7-Professional-(64-bit).dat
[2013/09/20 11:02:30 | 000,002,242 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/09/19 21:31:35 | 000,061,352 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000007-00000000-00000000-00001102-00000005-00311102}.rfx
[2013/09/19 21:31:35 | 000,061,352 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000007-00000000-00000000-00001102-00000005-00311102}.rfx
[2013/09/19 21:31:35 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000007-00000000-00000000-00001102-00000005-00311102}.rfx
[2013/09/19 21:25:03 | 329,594,700 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/14 01:33:54 | 005,125,578 | R--- | M] (Swearware) -- C:\Users\Isneyki\Desktop\ComboFix.exe
[2013/09/13 16:29:39 | 021,041,152 | ---- | M] () -- C:\Users\Isneyki\Desktop\Crash_event.evtx
[2013/09/12 00:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/12 00:05:40 | 000,013,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/12 00:05:40 | 000,013,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/11 12:24:27 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/11 12:24:27 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/11 12:24:27 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/11 11:41:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4283704451-627482032-2372678378-1000UA.job
[2013/09/08 19:41:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4283704451-627482032-2372678378-1000Core.job
[2013/09/05 22:06:05 | 000,001,211 | ---- | M] () -- C:\Users\Public\Desktop\Dead Space 3.lnk
[2013/08/29 15:13:35 | 000,000,691 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/08/23 00:34:13 | 000,007,608 | ---- | M] () -- C:\Users\Isneyki\AppData\Local\Resmon.ResmonCfg
[2013/08/21 18:43:39 | 054,252,893 | ---- | M] () -- C:\Users\Isneyki\Documents\Diablo III_ Reaper of Souls Opening Cinematic - YouTube [720p].mp4
 
========== Files Created - No Company Name ==========
 
[2013/09/20 11:03:10 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ISNEYKI-PC-Microsoft-Windows-7-Professional-(64-bit).dat
[2013/09/20 11:02:30 | 000,002,242 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/09/19 21:35:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/19 21:35:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/19 21:35:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/19 21:35:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/19 21:35:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/09/19 21:25:03 | 329,594,700 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/09/13 16:29:26 | 021,041,152 | ---- | C] () -- C:\Users\Isneyki\Desktop\Crash_event.evtx
[2013/09/05 22:06:05 | 000,001,211 | ---- | C] () -- C:\Users\Public\Desktop\Dead Space 3.lnk
[2013/08/29 15:13:35 | 000,000,691 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/08/21 18:29:28 | 054,252,893 | ---- | C] () -- C:\Users\Isneyki\Documents\Diablo III_ Reaper of Souls Opening Cinematic - YouTube [720p].mp4
[2013/02/27 07:10:55 | 000,045,270 | ---- | C] () -- C:\Users\Isneyki\AppData\Roaming\room_v3.dat
[2012/12/01 18:07:26 | 000,283,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/12/01 18:07:23 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/12/01 18:07:23 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/25 22:40:46 | 000,358,912 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll
[2012/07/25 22:40:46 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll
[2012/07/25 22:40:46 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\pythoncomloader27.dll
[2012/01/04 00:40:37 | 000,000,997 | ---- | C] () -- C:\Users\Isneyki\AppData\Roaming\MPQEditor.ini
[2011/11/29 16:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/11/29 16:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/11/29 16:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/11/29 16:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/10/21 10:41:50 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/10/21 10:41:50 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/10/18 10:30:22 | 000,007,608 | ---- | C] () -- C:\Users\Isneyki\AppData\Local\Resmon.ResmonCfg
[2011/10/17 19:32:17 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/17 19:18:03 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/10/17 19:18:01 | 000,021,742 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 13:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 12:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 


Edited by SnickDroid, 19 September 2013 - 10:31 PM.


#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:11 AM

Posted 20 September 2013 - 06:43 AM

Hi,

 

That entry you see is just showing where we were removing a .tmp file from the C:/Windows directory.  

 

How is your system running now?  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#12 SnickDroid

SnickDroid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 20 September 2013 - 07:03 AM

I was able to boot into normal Windows 7 mode again earlier. Does it look like I'm all clean (based on the logs)? :D

 

Thank you very much for your help! I'll do more tests when I'm able to! Am I safe to do online banking and purchases? What exactly was I infected with?



#13 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:11 AM

Posted 20 September 2013 - 09:12 AM

Glad to hear that your system is running better.  I would hold off on any online banking for a bit longer until we find out if anything is still hiding in there...let's take a look now.
 
GUZVCQN.jpgMalwarebytes
 
Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
----------
 
ESET Online Scanner
 
Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#14 SnickDroid

SnickDroid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 21 September 2013 - 12:09 AM

<p>When I got home and tried to boot my machine, but then Windows wouldn't load again. When the Windows logo on the black screen came out, a few seconds after my monitor started blinking again. I DID notice, however, the windows sound chime, meaning a successful login. I pressed Windows + Winamp then pressed the &quot;Play&quot; hotkey I set. Music played. I re-seated my video card and cleaned it a bit, and it boot up again. That might be the actual cause of my problems.&nbsp;</p>
<p>&nbsp;</p>
<p><strong>EDIT:&nbsp;</strong>I also got a GeForce driver crash error message. I'll try updating my drivers as well after the ESET scan.</p>
<p>&nbsp;</p>
<p>Anyway, here's my malwarebytes log: (still scanning with Eset)</p>
<p>&nbsp;</p>
<div>Malwarebytes Anti-Malware 1.75.0.1300</div>
<div>www.malwarebytes.org</div>
<div>&nbsp;</div>
<div>Database version: v2013.09.07.05</div>
<div>&nbsp;</div>
<div>Windows 7 Service Pack 1 x64 NTFS (Safe Mode)</div>
<div>Internet Explorer 8.0.7601.17514</div>
<div>Isneyki :: ISNEYKI-PC [administrator]</div>
<div>&nbsp;</div>
<div>9/21/2013 12:36:48 PM</div>
<div>mbam-log-2013-09-21 (12-36-48).txt</div>
<div>&nbsp;</div>
<div>Scan type: Quick scan</div>
<div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div>
<div>Scan options disabled: P2P</div>
<div>Objects scanned: 246078</div>
<div>Time elapsed: 3 minute(s), 14 second(s)</div>
<div>&nbsp;</div>
<div>Memory Processes Detected: 0</div>
<div>(No malicious items detected)</div>
<div>&nbsp;</div>
<div>Memory Modules Detected: 0</div>
<div>(No malicious items detected)</div>
<div>&nbsp;</div>
<div>Registry Keys Detected: 0</div>
<div>(No malicious items detected)</div>
<div>&nbsp;</div>
<div>Registry Values Detected: 0</div>
<div>(No malicious items detected)</div>
<div>&nbsp;</div>
<div>Registry Data Items Detected: 0</div>
<div>(No malicious items detected)</div>
<div>&nbsp;</div>
<div>Folders Detected: 0</div>
<div>(No malicious items detected)</div>
<div>&nbsp;</div>
<div>Files Detected: 0</div>
<div>(No malicious items detected)</div>
<div>&nbsp;</div>
<div>(end)</div>
<div><br />
<strong>EDIT2:</strong></div>
<div>Here's my log from the ESET scan:</div>
<div>&nbsp;</div>
<div>
<div>C:\Users\Isneyki\Downloads\cpu-z_1.59-setup-en.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Bundled.Toolbar.Ask application</div>
<div>C:\Users\Isneyki\Downloads\FoxitReader502.0718_enu_Setup.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Bundled.Toolbar.Ask application</div>
<p>&nbsp;</p>
</div>
<p>&nbsp;</p>

Edited by SnickDroid, 21 September 2013 - 04:33 AM.


#15 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:11 AM

Posted 21 September 2013 - 08:22 AM

First open an elevated command prompt > Click Start and type cmd in Start Search.
When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.
 
Copy the contents of the code box (one at a time) > right click in the command window and select paste

del C:\Users\Isneyki\Downloads\FoxitReader502.0718_enu_Setup.exe
 
del C:\Users\Isneyki\Downloads\cpu-z_1.59-setup-en.exe

Press Enter (you won't actually see anything happen)
Close the Command Prompt window.
 
Let me know what remaining malware problems you are having.   :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users