Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Security centre failure [Solved]

Started by GalaxyOne , Feb 20 2014 01:30 AM

  • This topic is locked This topic is locked

#1
GalaxyOne
Posted 20 February 2014 - 01:30 AM

GalaxyOne

    Member

  • Member
  • PipPip
  • 23 posts
Hi all,

I was trying to activate the windows security centre, but it would not start. I tried following MS suggestions to get it started but it would start then turn off within a few seconds. I also tried installing MS security essentials but it failed to start also. I stumbled across this site that suggested that it might be malware related. Trend Micro Titanium fails to find any problems. So here is the OTL log file. Hopefully we can nut out whats going on

thanks in advance.





OTL Extras logfile created on: 20/02/2014 4:19:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Store\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.78 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 29.93% Memory free
7.56 Gb Paging File | 4.39 Gb Available in Paging File | 58.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 146.07 Gb Free Space | 52.27% Space Free | Partition Type: NTFS
Drive D: | 394.18 Gb Total Space | 248.07 Gb Free Space | 62.93% Space Free | Partition Type: NTFS
Drive E: | 6.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MANDYS-PC | User Name: Store | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0171E37C-0F42-4FF4-9922-60384B050F10}" = lport=138 | protocol=17 | dir=in | app=system |
"{16A9D8D7-DA75-4697-A5CE-BC1159BFF6C8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{228E79A3-24A0-4E56-9EB1-98FCA699FB7B}" = rport=137 | protocol=17 | dir=out | app=system |
"{34549BC1-E589-43FF-B4F4-F381EADE38C5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3521459A-36CC-409F-841A-87627887BAC7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3702CCD1-6B24-47C3-B746-E9B7B12D39F8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{38AEA07F-F69F-479F-8652-F21739D7FB55}" = lport=137 | protocol=17 | dir=in | app=system |
"{397CDEA3-8136-4F76-9704-529AEF61DE2F}" = rport=445 | protocol=6 | dir=out | app=system |
"{3B2D66B0-98ED-498C-B3DF-DC9571856885}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{57198884-C281-40F5-8B7D-8AB5DD16FCFE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{59A8A8A2-DC01-4428-9D13-160A70B4D548}" = lport=139 | protocol=6 | dir=in | app=system |
"{5A91AC63-3975-4121-8662-306E9525B30E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{68B02A83-8076-4176-89BF-2F6A63A78F03}" = rport=139 | protocol=6 | dir=out | app=system |
"{6C14473F-BC66-4E4D-9C49-24C19E3A0EBE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9C93E15C-F2CC-4E3E-B798-6104A957EAA3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A0DFCEEF-F40F-45B7-AA4E-366D74BEF05B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A8FC5816-B1DE-4473-840F-6B4568DB9C99}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B84847E6-0B23-4D6E-9A65-54E4BCEE7E73}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B84E874B-C140-43CF-BC0C-48EA9D508569}" = lport=445 | protocol=6 | dir=in | app=system |
"{B97B0542-2B10-4888-A94C-398AAEBB1DD9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C9E055AA-56D3-4CE3-AC1E-22C76DF37A69}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D85DC3E8-E91F-4A6D-AC69-33DA1E084E84}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DE79BE1C-45FC-4767-846E-BF7070A9C7CC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EF821B23-DF0B-486F-B4A8-C0A260DE072A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{F7F849C3-3F98-4746-AEC4-9D7A8DF91FA2}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12B16596-73B6-4E60-B731-1DD065A9719C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{21633FF3-FFA6-4B5A-A644-79F1B40B5CF4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{219956A6-FD79-47F8-9CAA-606E1A1F74FE}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{24495AFD-6729-4CB6-8AC0-8F93F1AF8D22}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2D6EC369-DC7D-46BD-BC15-F6EE466B4F42}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{311A449B-5B0D-42EB-8C00-E3BF7EE748E3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{35E55FB9-36E6-4490-9FFD-F439AB32133A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{419BC08C-FFEB-467B-BCF7-AFE096688474}" = protocol=58 | dir=in | [email protected],-28545 |
"{4D641D32-E4E1-4368-A292-2FA2423FB556}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{51DEA65B-4EC5-4C14-A8D4-A8CED804E415}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{5318A44A-45B4-47C4-8E7B-F8A0958690BD}" = protocol=1 | dir=in | [email protected],-28543 |
"{5CB9186D-84A6-4BF9-B200-8C1BFDD06A33}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5F0AB6C9-B9DE-4CC5-9B4C-A7DC48D7FFE9}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{60BCF629-75F5-4C16-8993-B3960CF64247}" = protocol=58 | dir=out | [email protected],-28546 |
"{64FEF9DA-61EA-4E1A-AC76-562B370ED3F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6B6B7D07-CF66-4A92-9365-3A0B0A31C757}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{77E024BD-D282-4161-BBC9-1CBEE0421D84}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{78B2F011-A669-4AD9-8962-73FD5B9F3805}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{830C7C30-9F73-4F88-A638-552462081821}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8C980FB8-3D57-471F-90EB-B0DB781C566D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8ED5E68A-1A5C-43AC-AC38-28DD02D1F779}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9CBF05E8-524A-4EF8-A0D4-63DCD81499D7}" = protocol=6 | dir=out | app=system |
"{A5834C28-A453-4BC7-8736-E4A5BA5A8BDF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD27BC6A-483B-4187-8518-A539CCB34273}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{B02CA1F1-1197-4EEA-A721-E3931718B9D1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B2C82247-B426-4712-9011-DE78E4E65DA3}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{B364DF6D-9D49-4C82-A75C-31A309A01417}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B9753F52-1D10-4B26-B68B-1518950A5CEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BA8DED4B-792F-479D-9B81-F0339B82B841}" = protocol=1 | dir=out | [email protected],-28544 |
"{C0590ADF-92EC-43D3-9E17-09DBE85F6C57}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C45BEDFD-43EE-4816-AB64-913288F2AEE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C7437710-D98A-40A4-AAAF-4BAA396DDD06}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CA3C9A2F-5628-4E8D-AF75-9BBF3283405F}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{CA80A3FD-4D19-4C29-90E8-2B0FD982A873}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CAE0E36C-B554-48B8-A7B7-B4A706E56A13}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc2.exe |
"{CF3C9A54-7E8E-4894-B8B5-E9F1B078E645}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D1349674-1E3A-46D9-9C03-45E4A832FA6D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D6FE0EBA-88A3-4C70-9983-045FA617FF33}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D8870BBB-93A4-41D6-A9D0-BB8C9E74A8E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DBAE23C2-038E-4460-8D41-C802062EA8B5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DBB5C249-736D-455A-A0EB-919E3935845A}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc2.exe |
"{DFC1E59C-99B8-4F08-8ABF-36A5F44168D8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E26DEC8B-19CA-4B9C-9E32-A67BEE2AF2C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EBB6F093-18FF-48B5-A240-C502ED49CF90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F8AA5696-CCA8-4ABD-B716-59772400CFE5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{FA054587-1C71-4B55-A027-A588BF06AAB6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FB33C55C-A4EE-4435-BB12-F14953BFCDCA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{40E6E2BC-936E-41D4-BCDD-547CE30DC067}C:\users\store\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\store\desktop\utorrent.exe |
"TCP Query User{516BA946-194B-4426-8C15-162393163BFA}C:\users\store\appdata\local\microsoft\windows\temporary internet files\content.ie5\xesviclr\utorrent.exe" = protocol=6 | dir=in | app=c:\users\store\appdata\local\microsoft\windows\temporary internet files\content.ie5\xesviclr\utorrent.exe |
"TCP Query User{643F8D79-EE7B-4541-AC0B-581729D3E3A3}C:\users\store\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\store\desktop\utorrent.exe |
"TCP Query User{B0CF33B2-CCD2-4F85-9828-2B36EEA784B9}C:\users\store\appdata\local\microsoft\windows\temporary internet files\content.ie5\xesviclr\utorrent (1).exe" = protocol=6 | dir=in | app=c:\users\store\appdata\local\microsoft\windows\temporary internet files\content.ie5\xesviclr\utorrent (1).exe |
"TCP Query User{D0E77FC9-FE94-4D3D-B290-A6C7F0741754}C:\users\store\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\store\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{E27061B0-8D48-4E29-9A9E-D35CFADFB36E}C:\users\store\appdata\local\microsoft\windows\temporary internet files\content.ie5\jvkrc64b\neverwinter_nw.1.20130416a.6.exe" = protocol=6 | dir=in | app=c:\users\store\appdata\local\microsoft\windows\temporary internet files\content.ie5\jvkrc64b\neverwinter_nw.1.20130416a.6.exe |
"UDP Query User{26E8474D-1C11-45D8-B975-44252592E7D2}C:\users\store\appdata\local\microsoft\windows\temporary internet files\content.ie5\xesviclr\utorrent (1).exe" = protocol=17 | dir=in | app=c:\users\store\appdata\local\microsoft\windows\temporary internet files\content.ie5\xesviclr\utorrent (1).exe |
"UDP Query User{32A9DE89-59D2-4483-AA2C-DD7CFA83C094}C:\users\store\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\store\desktop\utorrent.exe |
"UDP Query User{8B773A34-7171-41B8-85CF-AC491FFAD54A}C:\users\store\appdata\local\microsoft\windows\temporary internet files\content.ie5\jvkrc64b\neverwinter_nw.1.20130416a.6.exe" = protocol=17 | dir=in | app=c:\users\store\appdata\local\microsoft\windows\temporary internet files\content.ie5\jvkrc64b\neverwinter_nw.1.20130416a.6.exe |
"UDP Query User{D0AAD86D-CECB-481B-95B0-7B9A68C6EE91}C:\users\store\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\store\desktop\utorrent.exe |
"UDP Query User{DA256F54-D480-45AF-A118-390F96E005FE}C:\users\store\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\store\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{E723C972-8A87-4881-82A7-B3714CE57C25}C:\users\store\appdata\local\microsoft\windows\temporary internet files\content.ie5\xesviclr\utorrent.exe" = protocol=17 | dir=in | app=c:\users\store\appdata\local\microsoft\windows\temporary internet files\content.ie5\xesviclr\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{02E5BCCA-317C-418F-9E06-42526E050829}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel® PROSet/Wireless WiFi Software
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{698EAE05-09DE-47D0-9586-29E41A0934DD}" = Windows Live Family Safety
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8832CAA2-4934-4916-A8BF-A9A51C6B58B3}" = Windows Live Family Safety
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.15.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.15.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0
"{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
"{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{0283EDE1-D8A9-4F64-A035-5E35B4DD199A}_is1" = CLANNAD Full Voice 1.5
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{417E8AF0-DAED-4807-82CD-0E4232EFA559}" = Rusty Hearts PWE
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E052F74-10A7-42E7-84EB-01C172F5AB5D}" = SlimDrivers
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}" = The Sims™ 3 Into the Future
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.9) MUI
"{B0002707-4F7E-4745-88A7-852DA8A88635}" = ASUS Sonic Focus
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights Platinum Edition
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CED8E25B-122A-4E80-B612-7F99B93284B3}" = Arc
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB21639E-FE55-432C-BCA2-0C5249E3F79E}" = The Sims™ 3 Island Paradise
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = The Sims™ 3 University Life
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AmUStor" = Alcor Micro USB Card Reader
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"AsusScr_K3 Series_ENG" = AsusScr_K3 Series_ENG
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Origin" = Origin
"Raptr" = Raptr
"Steam App 50130" = Mafia II
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo!7 Messenger" = Yahoo!7 Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 22/05/2013 12:45:01 AM | Computer Name = Store-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3183

Error - 22/05/2013 12:45:01 AM | Computer Name = Store-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3183

Error - 22/05/2013 1:17:59 AM | Computer Name = Store-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 22/05/2013 1:17:59 AM | Computer Name = Store-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1685

Error - 22/05/2013 1:17:59 AM | Computer Name = Store-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1685

Error - 22/05/2013 1:18:01 AM | Computer Name = Store-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 22/05/2013 1:18:01 AM | Computer Name = Store-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3198

Error - 22/05/2013 1:18:01 AM | Computer Name = Store-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3198

Error - 24/05/2013 4:35:14 AM | Computer Name = Store-PC | Source = System Restore | ID = 8193
Description =

Error - 24/05/2013 6:33:28 AM | Computer Name = Store-PC | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 18/02/2014 7:26:34 AM | Computer Name = Mandys-PC | Source = Service Control Manager | ID = 7034
Description = The Trend Micro Solution Platform service terminated unexpectedly.
It has done this 1 time(s).

Error - 18/02/2014 4:40:32 PM | Computer Name = Mandys-PC | Source = BROWSER | ID = 8032
Description =

Error - 18/02/2014 5:30:18 PM | Computer Name = Mandys-PC | Source = Service Control Manager | ID = 7034
Description = The Trend Micro Solution Platform service terminated unexpectedly.
It has done this 2 time(s).

Error - 19/02/2014 12:34:46 AM | Computer Name = Mandys-PC | Source = Service Control Manager | ID = 7023
Description = The Google Update Service (gupdate) service terminated with the following
error: %%-2147467259

Error - 19/02/2014 12:35:12 AM | Computer Name = Mandys-PC | Source = DCOM | ID = 10010
Description =

Error - 19/02/2014 4:16:00 AM | Computer Name = Mandys-PC | Source = BROWSER | ID = 8032
Description =

Error - 19/02/2014 5:28:55 AM | Computer Name = Mandys-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SysMain service.

Error - 19/02/2014 5:29:06 AM | Computer Name = Mandys-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 19/02/2014 7:49:40 PM | Computer Name = Mandys-PC | Source = BROWSER | ID = 8032
Description =

Error - 20/02/2014 3:16:40 AM | Computer Name = Mandys-PC | Source = BROWSER | ID = 8032
Description =


< End of report >
  • 0

Advertisements

#2
Nutloaf
Posted 21 February 2014 - 07:43 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello GalaxyOne :welcome:

My name is Nutloaf, and I will be helping you with Malware Removal.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

Please read all instructions and fixes thoroughly.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode and access to the GeeksToGo website will be unavailable.
  • Any fixes provided by myself are for this log file only and cannot be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened if you still require assitance.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.

Finally before we start:

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders.


Let's get cracking.

I have given you some scans to complete, to give me a better look at what's going on. Any problems then please ask :)

Follow in the order given


1. OTL Custom Scan

  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Include 64bit Scans - If present.
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Purity Check
  • In the Extra Registry box select Use Safe List
  • Copy and paste the following into the Custom Scans\Fixes box without the word Quote.

    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C

  • Now Click Run Scan
  • OTL will now scan your computer and produce 2 log files. OTL.txt and Extras.txt.
  • Post both in your next reply

2. aswMBR

  • Using this link download aswMBR.exe to your desktop.
  • Right click aswMBR.exe and Run as Administrator select No for AVAST virus definitions.
  • Click the Scan button to start.
  • When the scan ends click Save Log and save it to your desktop
  • Post this log in your next reply

3. Run ADWcleaner

  • Using this link Download ADWcleaner and save to Desktop.
  • Right click ADWcleaner and Run as Administrator then select Scan
  • When the search is complete click Report. Please post this report in your next reply.


4. Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Things I want to see in your next post.

  • OTL.txt
  • aswMBR log
  • ADWcleaner log
  • checkup.txt

  • 0

#3
GalaxyOne
Posted 22 February 2014 - 03:19 AM

GalaxyOne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
here are the log files

OTL logfile created on: 22/02/2014 4:45:52 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Store\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.78 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 33.23% Memory free
7.56 Gb Paging File | 4.45 Gb Available in Paging File | 58.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 153.76 Gb Free Space | 55.02% Space Free | Partition Type: NTFS
Drive D: | 394.18 Gb Total Space | 248.07 Gb Free Space | 62.93% Space Free | Partition Type: NTFS
Drive E: | 6.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MANDYS-PC | User Name: Store | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Store\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe (Trend Micro Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll ()
MOD - C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\WLMailApiCore.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (Samsung UPD Service2) -- C:\Windows\SysNative\SUPDSvc2.exe (Samsung Electronics)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (c2cautoupdatesvc) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
SRV - (c2cpnrsvc) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
SRV - (ArcService) -- D:\ Arc\Arc\ArcService.exe (Perfect World Entertainment Inc)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.)
DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.)
DRV:64bit: - (TMEBC) -- C:\Windows\SysNative\drivers\TMEBC64.sys (Trend Micro Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (tmeevw) -- C:\Windows\SysNative\drivers\tmeevw.sys (Trend Micro Inc.)
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (tmnciesc) -- C:\Windows\SysNative\drivers\tmnciesc.sys (Trend Micro Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel® Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2118996616-65735215-385553664-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-2118996616-65735215-385553664-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com

IE - HKU\S-1-5-21-2118996616-65735215-385553664-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-2118996616-65735215-385553664-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-2118996616-65735215-385553664-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2118996616-65735215-385553664-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2118996616-65735215-385553664-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B22C7F6C6-8D67-4534-92B5-529A0EC09405%7D:6.8.0.1118
FF - prefs.js..extensions.enabledAddons: tmbepff%40trendmicro.com:8.0.0.1135
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll ()
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: D:\ Arc\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20002\8.0.1135\8.0.1135\FIREFOXEXTENSION [2014/02/19 17:36:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2014/02/18 09:39:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014/02/18 09:37:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\firefoxextension [2014/02/19 17:36:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/04/15 15:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Store\AppData\Roaming\mozilla\Extensions
[2013/11/07 16:50:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions
[2013/11/07 16:50:42 | 000,000,000 | ---D | M] ("hosts") -- C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com
[2013/11/07 16:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData
[2013/11/07 16:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins
[2013/11/07 16:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\userCode
[2014/02/15 17:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/15 17:47:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/19 17:36:43 | 000,000,000 | ---D | M] (Trend Micro BEP Firefox Extension) -- C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20002\8.0.1135\8.0.1135\FIREFOXEXTENSION
[2014/02/18 09:39:53 | 000,000,000 | ---D | M] (Trend Micro NSC Firefox Extension) -- C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20004\FXEXT\FIREFOXEXTENSION

O1 HOSTS File: ([2009/06/11 06:30:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ArcPluginIEBHO Class) - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - D:\ Arc\Arc\plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [WLM] C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2118996616-65735215-385553664-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2118996616-65735215-385553664-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Store\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2118996616-65735215-385553664-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55860A24-33FE-44D6-951E-603A25F624E8}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmtb - No CLSID value found
O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/18 17:20:17 | 000,465,216 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2013/09/11 08:06:44 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{ec082cc0-c677-11e1-9c0e-10bf4814c2dc}\Shell - "" = AutoRun
O33 - MountPoints2\{ec082cc0-c677-11e1-9c0e-10bf4814c2dc}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{f6c2918c-90dd-11e1-9841-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f6c2918c-90dd-11e1-9841-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2013/09/18 17:20:17 | 000,465,216 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/22 13:32:14 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Store\Desktop\aswmbr.exe
[2014/02/22 13:15:14 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Store\Desktop\tdsskiller.exe
[2014/02/22 13:14:58 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Store\Desktop\rkill.exe
[2014/02/22 13:14:43 | 000,563,461 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Store\Desktop\JRT.exe
[2014/02/20 21:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/02/20 21:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/02/20 20:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014/02/20 20:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2014/02/20 20:56:27 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2014/02/20 20:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2014/02/20 19:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/20 19:11:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/20 19:11:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/20 18:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/02/20 16:17:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Store\Desktop\OTL.exe
[2014/02/18 19:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/02/18 19:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/02/18 18:00:04 | 006,573,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/02/18 18:00:04 | 005,693,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/02/18 17:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2014/02/18 17:50:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2014/02/18 17:50:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2014/02/18 17:40:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2014/02/18 17:40:18 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2014/02/18 17:40:18 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2014/02/18 17:40:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2014/02/18 17:40:17 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2014/02/18 17:40:17 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2014/02/18 17:40:17 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2014/02/18 17:40:16 | 001,147,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2014/02/18 17:40:16 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2014/02/18 17:40:16 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2014/02/18 17:40:16 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2014/02/18 17:40:16 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2014/02/18 17:40:16 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2014/02/18 17:40:16 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2014/02/18 17:40:14 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdvidcrl.dll
[2014/02/18 17:40:14 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvidcrl.dll
[2014/02/18 09:45:01 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/18 09:43:39 | 000,000,000 | -H-D | C] -- C:\TMRescueDisk
[2014/02/18 09:40:51 | 000,000,000 | ---D | C] -- C:\Users\Store\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security
[2014/02/18 09:39:15 | 000,100,640 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmeevw.sys
[2014/02/18 09:39:13 | 000,303,392 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmnciesc.sys
[2014/02/18 09:39:13 | 000,105,744 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys
[2014/02/18 09:39:04 | 000,282,624 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2014/02/18 09:39:04 | 000,116,264 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys
[2014/02/18 09:39:04 | 000,085,424 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys
[2014/02/18 09:39:02 | 000,050,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\TMEBC64.sys
[2014/02/18 09:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2014/02/17 20:41:12 | 115,016,800 | ---- | C] (Trend Micro Inc.) -- C:\Users\Public\Desktop\TTi_MR_Download_64bit.exe
[2014/02/17 20:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro Installer
[2014/02/17 20:34:06 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014/02/17 20:34:05 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014/02/15 17:47:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/14 09:45:51 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/14 09:44:17 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/14 09:44:17 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/14 09:44:16 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/14 09:44:16 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/14 09:44:14 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/14 09:44:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/14 09:44:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/14 09:44:12 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/14 09:44:11 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/14 09:44:11 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/14 09:44:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/14 09:44:10 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/14 09:44:10 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/14 09:44:10 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/14 09:44:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/14 09:44:10 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/14 09:44:08 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/14 09:44:08 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/14 09:44:07 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/14 09:44:07 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/14 09:44:02 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/14 09:44:01 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/14 09:43:54 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/13 10:27:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/13 10:27:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/13 10:26:53 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/13 10:26:52 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/13 10:26:52 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/13 10:26:52 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/13 10:26:52 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/13 10:26:51 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/13 10:26:51 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/13 10:26:50 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/13 10:26:50 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/13 10:26:50 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/13 10:26:49 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/13 10:26:49 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/13 10:26:47 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/13 10:26:46 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/13 10:26:46 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/13 10:26:46 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/13 10:26:46 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/13 10:26:09 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/13 10:26:08 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/22 16:42:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/22 13:36:22 | 000,987,425 | ---- | M] () -- C:\Users\Store\Desktop\SecurityCheck.exe
[2014/02/22 13:32:27 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Store\Desktop\aswmbr.exe
[2014/02/22 13:14:07 | 000,678,960 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/22 13:14:07 | 000,130,686 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/22 13:14:06 | 000,798,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/22 12:01:18 | 004,413,952 | ---- | M] () -- C:\Users\Store\Desktop\RogueKillerX64.exe
[2014/02/22 11:52:32 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Store\Desktop\rkill.exe
[2014/02/22 11:46:12 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Store\Desktop\tdsskiller.exe
[2014/02/22 10:20:44 | 000,000,387 | ---- | M] () -- C:\Users\Store\AppData\Roaming\sp_data.sys
[2014/02/22 10:20:41 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/22 10:20:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/21 18:44:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/21 18:44:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/20 21:10:28 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/02/20 20:56:30 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2014/02/20 19:11:57 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/20 16:18:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Store\Desktop\OTL.exe
[2014/02/19 17:34:17 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\pbripoh.job
[2014/02/19 17:33:37 | 3045,109,760 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/18 19:06:10 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/02/18 18:03:08 | 000,783,050 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/18 17:51:39 | 000,001,766 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2014/02/18 17:51:33 | 000,002,124 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2014/02/18 09:41:45 | 000,001,439 | ---- | M] () -- C:\Users\Store\Desktop\Trend Micro Titanium Internet Security.lnk
[2014/02/18 09:35:18 | 000,000,059 | ---- | M] () -- C:\Windows\SysNative\SupportTool.exe.bat
[2014/02/18 09:35:15 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/02/18 09:30:10 | 000,000,036 | ---- | M] () -- C:\Users\Store\AppData\Local\housecall.guid.cache
[2014/02/17 20:48:09 | 115,016,800 | ---- | M] (Trend Micro Inc.) -- C:\Users\Public\Desktop\TTi_MR_Download_64bit.exe
[2014/02/06 21:00:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 20:37:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 20:36:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 20:26:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 20:22:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 20:19:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 20:18:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 20:18:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 20:02:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 19:47:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 19:41:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 19:31:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 19:30:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 19:27:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 19:22:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 19:20:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 19:19:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 19:17:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 19:16:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 18:55:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 18:39:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 18:10:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 18:04:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/02 11:56:46 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2014/01/29 23:02:42 | 000,017,058 | ---- | M] () -- C:\Windows\SysNative\iglhxs64.vp
[2014/01/29 23:02:38 | 000,009,728 | ---- | M] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2014/01/29 23:02:22 | 000,098,304 | ---- | M] () -- C:\Windows\SysNative\igdde64.dll
[2014/01/29 23:02:22 | 000,077,312 | ---- | M] () -- C:\Windows\SysWow64\igdde32.dll
[2014/01/29 23:02:14 | 000,223,664 | ---- | M] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2014/01/29 23:02:14 | 000,144,645 | ---- | M] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2014/01/29 23:02:14 | 000,126,300 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2014/01/29 23:02:14 | 000,124,650 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2014/01/29 23:02:12 | 000,210,106 | ---- | M] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2014/01/29 23:02:12 | 000,194,245 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2014/01/29 23:02:12 | 000,166,170 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2014/01/29 23:02:12 | 000,163,421 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2014/01/29 23:02:12 | 000,159,008 | ---- | M] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2014/01/29 23:02:12 | 000,149,682 | ---- | M] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2014/01/29 23:02:12 | 000,148,042 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2014/01/29 23:02:12 | 000,147,393 | ---- | M] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2014/01/29 23:02:12 | 000,147,288 | ---- | M] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2014/01/29 23:02:12 | 000,146,004 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2014/01/29 23:02:12 | 000,145,491 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2014/01/29 23:02:12 | 000,144,260 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2014/01/29 23:02:12 | 000,144,020 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2014/01/29 23:02:12 | 000,143,932 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2014/01/29 23:02:12 | 000,142,882 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2014/01/29 23:02:12 | 000,142,877 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2014/01/29 23:02:12 | 000,142,717 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2014/01/29 23:02:12 | 000,142,289 | ---- | M] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2014/01/29 23:02:12 | 000,142,008 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2014/01/29 23:02:12 | 000,141,838 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2014/01/29 23:02:12 | 000,141,049 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2014/01/29 23:02:12 | 000,137,889 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2014/01/29 23:02:12 | 000,137,784 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2014/01/29 23:02:12 | 000,137,141 | ---- | M] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/22 13:35:51 | 000,987,425 | ---- | C] () -- C:\Users\Store\Desktop\SecurityCheck.exe
[2014/02/22 13:15:09 | 004,413,952 | ---- | C] () -- C:\Users\Store\Desktop\RogueKillerX64.exe
[2014/02/22 13:14:23 | 000,666,633 | ---- | C] () -- C:\Users\Store\Desktop\adwcleaner.exe
[2014/02/20 21:10:28 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/02/20 20:56:30 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2014/02/20 19:11:57 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/18 19:06:10 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/02/18 19:06:03 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/02/18 09:40:50 | 000,001,439 | ---- | C] () -- C:\Users\Store\Desktop\Trend Micro Titanium Internet Security.lnk
[2014/02/18 09:35:18 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\SupportTool.exe.bat
[2014/02/18 09:30:10 | 000,000,036 | ---- | C] () -- C:\Users\Store\AppData\Local\housecall.guid.cache
[2014/01/29 23:02:42 | 000,017,058 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2014/01/29 23:02:38 | 000,009,728 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2014/01/29 23:02:22 | 000,098,304 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll
[2014/01/29 23:02:22 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/01/29 23:02:14 | 000,223,664 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2014/01/29 23:02:14 | 000,144,645 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2014/01/29 23:02:14 | 000,126,300 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2014/01/29 23:02:14 | 000,124,650 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2014/01/29 23:02:12 | 000,210,106 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2014/01/29 23:02:12 | 000,194,245 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2014/01/29 23:02:12 | 000,166,170 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2014/01/29 23:02:12 | 000,163,421 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2014/01/29 23:02:12 | 000,159,008 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2014/01/29 23:02:12 | 000,149,682 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2014/01/29 23:02:12 | 000,148,042 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2014/01/29 23:02:12 | 000,147,393 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2014/01/29 23:02:12 | 000,147,288 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2014/01/29 23:02:12 | 000,146,004 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2014/01/29 23:02:12 | 000,145,491 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2014/01/29 23:02:12 | 000,144,260 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2014/01/29 23:02:12 | 000,144,020 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2014/01/29 23:02:12 | 000,143,932 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2014/01/29 23:02:12 | 000,142,882 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2014/01/29 23:02:12 | 000,142,877 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2014/01/29 23:02:12 | 000,142,717 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2014/01/29 23:02:12 | 000,142,289 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2014/01/29 23:02:12 | 000,142,008 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2014/01/29 23:02:12 | 000,141,838 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2014/01/29 23:02:12 | 000,141,049 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2014/01/29 23:02:12 | 000,137,889 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2014/01/29 23:02:12 | 000,137,784 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2014/01/29 23:02:12 | 000,137,141 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2013/09/10 13:07:40 | 000,303,104 | RHS- | C] () -- C:\Windows\SysWow64\netbios2.dll
[2013/04/06 15:15:45 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2013/04/06 15:15:45 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/07/05 18:22:39 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/07/05 10:56:49 | 000,000,387 | ---- | C] () -- C:\Users\Store\AppData\Roaming\sp_data.sys
[2012/04/28 12:32:38 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe

========== ZeroAccess Check ==========

[2009/07/14 14:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 11:54:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 11:25:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:49:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/01/13 11:06:38 | 000,000,000 | ---D | M] -- C:\Users\Store\AppData\Roaming\Arc
[2012/07/05 11:00:41 | 000,000,000 | ---D | M] -- C:\Users\Store\AppData\Roaming\ASUS WebStorage
[2013/06/16 12:24:33 | 000,000,000 | ---D | M] -- C:\Users\Store\AppData\Roaming\Leadertech
[2012/08/04 19:30:19 | 000,000,000 | ---D | M] -- C:\Users\Store\AppData\Roaming\Origin
[2012/11/26 19:49:33 | 000,000,000 | ---D | M] -- C:\Users\Store\AppData\Roaming\Raptr
[2014/02/19 17:31:59 | 000,000,000 | ---D | M] -- C:\Users\Store\AppData\Roaming\SoftGrid Client
[2012/07/05 16:54:07 | 000,000,000 | ---D | M] -- C:\Users\Store\AppData\Roaming\The Creative Engine Limited
[2013/09/09 21:03:28 | 000,000,000 | ---D | M] -- C:\Users\Store\AppData\Roaming\TP
[2014/02/20 21:19:03 | 000,000,000 | ---D | M] -- C:\Users\Store\AppData\Roaming\uTorrent
[2014/01/17 13:42:07 | 000,000,000 | ---D | M] -- C:\Users\Store\AppData\Roaming\Windows Live Writer
[2013/09/09 21:12:28 | 000,000,000 | ---D | M] -- C:\Users\Store\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2012/02/18 16:19:52 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012/02/18 16:19:52 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012/02/18 16:19:52 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012/02/18 16:19:52 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 21:47:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/02/18 16:19:52 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012/02/18 16:19:52 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:54:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 10:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 10:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 11:09:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 11:09:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 21:47:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 21:47:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:55:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:55:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:55:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:55:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 008E-DBB0
Directory of C:\
14/07/2009 02:38 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14/07/2009 02:38 PM <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 02:38 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 02:38 PM <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 02:38 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 02:38 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 02:38 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14/07/2009 02:38 PM <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 02:38 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14/07/2009 02:38 PM <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 02:38 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 02:38 PM <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 02:38 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 02:38 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 02:38 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
14/07/2009 02:38 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 02:38 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009 02:38 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 02:38 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 02:38 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 02:38 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 02:38 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 02:38 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 02:38 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 02:38 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 02:38 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 02:38 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 02:38 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 02:38 PM <JUNCTION> My Music [C:\Users\Default\Music]
14/07/2009 02:38 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 02:38 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 02:38 PM <JUNCTION> My Music [C:\Users\Public\Music]
14/07/2009 02:38 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 02:38 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Store
05/07/2012 10:56 AM <JUNCTION> Application Data [C:\Users\Store\AppData\Roaming]
05/07/2012 10:56 AM <JUNCTION> Cookies [C:\Users\Store\AppData\Roaming\Microsoft\Windows\Cookies]
05/07/2012 10:56 AM <JUNCTION> Local Settings [C:\Users\Store\AppData\Local]
05/07/2012 10:56 AM <JUNCTION> My Documents [C:\Users\Store\Documents]
05/07/2012 10:56 AM <JUNCTION> NetHood [C:\Users\Store\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/07/2012 10:56 AM <JUNCTION> PrintHood [C:\Users\Store\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/07/2012 10:56 AM <JUNCTION> Recent [C:\Users\Store\AppData\Roaming\Microsoft\Windows\Recent]
05/07/2012 10:56 AM <JUNCTION> SendTo [C:\Users\Store\AppData\Roaming\Microsoft\Windows\SendTo]
05/07/2012 10:56 AM <JUNCTION> Start Menu [C:\Users\Store\AppData\Roaming\Microsoft\Windows\Start Menu]
05/07/2012 10:56 AM <JUNCTION> Templates [C:\Users\Store\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Store\AppData\Local
05/07/2012 10:56 AM <JUNCTION> Application Data [C:\Users\Store\AppData\Local]
05/07/2012 10:56 AM <JUNCTION> History [C:\Users\Store\AppData\Local\Microsoft\Windows\History]
05/07/2012 10:56 AM <JUNCTION> Temporary Internet Files [C:\Users\Store\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Store\Documents
05/07/2012 10:56 AM <JUNCTION> My Music [C:\Users\Store\Music]
05/07/2012 10:56 AM <JUNCTION> My Pictures [C:\Users\Store\Pictures]
05/07/2012 10:56 AM <JUNCTION> My Videos [C:\Users\Store\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser
28/04/2012 12:22 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
28/04/2012 12:22 PM <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
28/04/2012 12:22 PM <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
28/04/2012 12:22 PM <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
28/04/2012 12:22 PM <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
28/04/2012 12:22 PM <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
28/04/2012 12:22 PM <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
28/04/2012 12:22 PM <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
28/04/2012 12:22 PM <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
28/04/2012 12:22 PM <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\AppData\Local
28/04/2012 12:22 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]
28/04/2012 12:22 PM <JUNCTION> History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
28/04/2012 12:22 PM <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\Documents
28/04/2012 12:22 PM <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
28/04/2012 12:22 PM <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
28/04/2012 12:22 PM <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
66 Dir(s) 165,094,412,288 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >


OTL Extras logfile created on: 22/02/2014 4:45:52 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Store\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.78 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 33.23% Memory free
7.56 Gb Paging File | 4.45 Gb Available in Paging File | 58.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 153.76 Gb Free Space | 55.02% Space Free | Partition Type: NTFS
Drive D: | 394.18 Gb Total Space | 248.07 Gb Free Space | 62.93% Space Free | Partition Type: NTFS
Drive E: | 6.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MANDYS-PC | User Name: Store | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0171E37C-0F42-4FF4-9922-60384B050F10}" = lport=138 | protocol=17 | dir=in | app=system |
"{16A9D8D7-DA75-4697-A5CE-BC1159BFF6C8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{228E79A3-24A0-4E56-9EB1-98FCA699FB7B}" = rport=137 | protocol=17 | dir=out | app=system |
"{34549BC1-E589-43FF-B4F4-F381EADE38C5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3521459A-36CC-409F-841A-87627887BAC7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3702CCD1-6B24-47C3-B746-E9B7B12D39F8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{38AEA07F-F69F-479F-8652-F21739D7FB55}" = lport=137 | protocol=17 | dir=in | app=system |
"{397CDEA3-8136-4F76-9704-529AEF61DE2F}" = rport=445 | protocol=6 | dir=out | app=system |
"{3B2D66B0-98ED-498C-B3DF-DC9571856885}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{57198884-C281-40F5-8B7D-8AB5DD16FCFE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{59A8A8A2-DC01-4428-9D13-160A70B4D548}" = lport=139 | protocol=6 | dir=in | app=system |
"{5A91AC63-3975-4121-8662-306E9525B30E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{68B02A83-8076-4176-89BF-2F6A63A78F03}" = rport=139 | protocol=6 | dir=out | app=system |
"{6C14473F-BC66-4E4D-9C49-24C19E3A0EBE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9C93E15C-F2CC-4E3E-B798-6104A957EAA3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A0DFCEEF-F40F-45B7-AA4E-366D74BEF05B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A8FC5816-B1DE-4473-840F-6B4568DB9C99}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B84847E6-0B23-4D6E-9A65-54E4BCEE7E73}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B84E874B-C140-43CF-BC0C-48EA9D508569}" = lport=445 | protocol=6 | dir=in | app=system |
"{B97B0542-2B10-4888-A94C-398AAEBB1DD9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C9E055AA-56D3-4CE3-AC1E-22C76DF37A69}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D85DC3E8-E91F-4A6D-AC69-33DA1E084E84}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DE79BE1C-45FC-4767-846E-BF7070A9C7CC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EF821B23-DF0B-486F-B4A8-C0A260DE072A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{F7F849C3-3F98-4746-AEC4-9D7A8DF91FA2}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12B16596-73B6-4E60-B731-1DD065A9719C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{21633FF3-FFA6-4B5A-A644-79F1B40B5CF4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{219956A6-FD79-47F8-9CAA-606E1A1F74FE}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{24495AFD-6729-4CB6-8AC0-8F93F1AF8D22}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2D6EC369-DC7D-46BD-BC15-F6EE466B4F42}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{311A449B-5B0D-42EB-8C00-E3BF7EE748E3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{35E55FB9-36E6-4490-9FFD-F439AB32133A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{419BC08C-FFEB-467B-BCF7-AFE096688474}" = protocol=58 | dir=in | [email protected],-28545 |
"{4D641D32-E4E1-4368-A292-2FA2423FB556}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{51DEA65B-4EC5-4C14-A8D4-A8CED804E415}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{5318A44A-45B4-47C4-8E7B-F8A0958690BD}" = protocol=1 | dir=in | [email protected],-28543 |
"{5CB9186D-84A6-4BF9-B200-8C1BFDD06A33}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5F0AB6C9-B9DE-4CC5-9B4C-A7DC48D7FFE9}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{60BCF629-75F5-4C16-8993-B3960CF64247}" = protocol=58 | dir=out | [email protected],-28546 |
"{64FEF9DA-61EA-4E1A-AC76-562B370ED3F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6B6B7D07-CF66-4A92-9365-3A0B0A31C757}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{77E024BD-D282-4161-BBC9-1CBEE0421D84}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{78B2F011-A669-4AD9-8962-73FD5B9F3805}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{830C7C30-9F73-4F88-A638-552462081821}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8C980FB8-3D57-471F-90EB-B0DB781C566D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8ED5E68A-1A5C-43AC-AC38-28DD02D1F779}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9CBF05E8-524A-4EF8-A0D4-63DCD81499D7}" = protocol=6 | dir=out | app=system |
"{A5834C28-A453-4BC7-8736-E4A5BA5A8BDF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD27BC6A-483B-4187-8518-A539CCB34273}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{B02CA1F1-1197-4EEA-A721-E3931718B9D1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B2C82247-B426-4712-9011-DE78E4E65DA3}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{B364DF6D-9D49-4C82-A75C-31A309A01417}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B9753F52-1D10-4B26-B68B-1518950A5CEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BA8DED4B-792F-479D-9B81-F0339B82B841}" = protocol=1 | dir=out | [email protected],-28544 |
"{C0590ADF-92EC-43D3-9E17-09DBE85F6C57}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C45BEDFD-43EE-4816-AB64-913288F2AEE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C7437710-D98A-40A4-AAAF-4BAA396DDD06}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CA3C9A2F-5628-4E8D-AF75-9BBF3283405F}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{CA80A3FD-4D19-4C29-90E8-2B0FD982A873}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CAE0E36C-B554-48B8-A7B7-B4A706E56A13}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc2.exe |
"{CF3C9A54-7E8E-4894-B8B5-E9F1B078E645}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D1349674-1E3A-46D9-9C03-45E4A832FA6D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D6FE0EBA-88A3-4C70-9983-045FA617FF33}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D8870BBB-93A4-41D6-A9D0-BB8C9E74A8E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DBAE23C2-038E-4460-8D41-C802062EA8B5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DBB5C249-736D-455A-A0EB-919E3935845A}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc2.exe |
"{DFC1E59C-99B8-4F08-8ABF-36A5F44168D8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E26DEC8B-19CA-4B9C-9E32-A67BEE2AF2C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EBB6F093-18FF-48B5-A240-C502ED49CF90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F8AA5696-CCA8-4ABD-B716-59772400CFE5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{FA054587-1C71-4B55-A027-A588BF06AAB6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FB33C55C-A4EE-4435-BB12-F14953BFCDCA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{40E6E2BC-936E-41D4-BCDD-547CE30DC067}C:\users\store\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\store\desktop\utorrent.exe |
"TCP Query User{643F8D79-EE7B-4541-AC0B-581729D3E3A3}C:\users\store\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\store\desktop\utorrent.exe |
"TCP Query User{D0E77FC9-FE94-4D3D-B290-A6C7F0741754}C:\users\store\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\store\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{32A9DE89-59D2-4483-AA2C-DD7CFA83C094}C:\users\store\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\store\desktop\utorrent.exe |
"UDP Query User{D0AAD86D-CECB-481B-95B0-7B9A68C6EE91}C:\users\store\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\store\desktop\utorrent.exe |
"UDP Query User{DA256F54-D480-45AF-A118-390F96E005FE}C:\users\store\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\store\appdata\roaming\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{02E5BCCA-317C-418F-9E06-42526E050829}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel® PROSet/Wireless WiFi Software
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{698EAE05-09DE-47D0-9586-29E41A0934DD}" = Windows Live Family Safety
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8832CAA2-4934-4916-A8BF-A9A51C6B58B3}" = Windows Live Family Safety
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.15.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.15.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0
"{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
"{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"CCleaner" = CCleaner
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{0283EDE1-D8A9-4F64-A035-5E35B4DD199A}_is1" = CLANNAD Full Voice 1.5
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{417E8AF0-DAED-4807-82CD-0E4232EFA559}" = Rusty Hearts PWE
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E052F74-10A7-42E7-84EB-01C172F5AB5D}" = SlimDrivers
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}" = The Sims™ 3 Into the Future
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.9) MUI
"{B0002707-4F7E-4745-88A7-852DA8A88635}" = ASUS Sonic Focus
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights Platinum Edition
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CED8E25B-122A-4E80-B612-7F99B93284B3}" = Arc
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB21639E-FE55-432C-BCA2-0C5249E3F79E}" = The Sims™ 3 Island Paradise
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = The Sims™ 3 University Life
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AmUStor" = Alcor Micro USB Card Reader
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"AsusScr_K3 Series_ENG" = AsusScr_K3 Series_ENG
"ESET Online Scanner" = ESET Online Scanner v3
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Origin" = Origin
"Raptr" = Raptr
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Steam App 50130" = Mafia II
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo!7 Messenger" = Yahoo!7 Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2118996616-65735215-385553664-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 22/05/2013 12:45:01 AM | Computer Name = Store-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3183

Error - 22/05/2013 12:45:01 AM | Computer Name = Store-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3183

Error - 22/05/2013 1:17:59 AM | Computer Name = Store-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 22/05/2013 1:17:59 AM | Computer Name = Store-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1685

Error - 22/05/2013 1:17:59 AM | Computer Name = Store-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1685

Error - 22/05/2013 1:18:01 AM | Computer Name = Store-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 22/05/2013 1:18:01 AM | Computer Name = Store-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3198

Error - 22/05/2013 1:18:01 AM | Computer Name = Store-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3198

Error - 24/05/2013 4:35:14 AM | Computer Name = Store-PC | Source = System Restore | ID = 8193
Description =

Error - 24/05/2013 6:33:28 AM | Computer Name = Store-PC | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 21/02/2014 4:24:18 AM | Computer Name = Mandys-PC | Source = BROWSER | ID = 8032
Description =

Error - 21/02/2014 9:56:48 PM | Computer Name = Mandys-PC | Source = BROWSER | ID = 8032
Description =

Error - 21/02/2014 11:37:05 PM | Computer Name = Mandys-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 21/02/2014 11:37:05 PM | Computer Name = Mandys-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 21/02/2014 11:37:06 PM | Computer Name = Mandys-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 22/02/2014 12:33:30 AM | Computer Name = Mandys-PC | Source = DCOM | ID = 10005
Description =

Error - 22/02/2014 12:33:30 AM | Computer Name = Mandys-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Google
Update Service (gupdate) service to connect.

Error - 22/02/2014 12:33:30 AM | Computer Name = Mandys-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 22/02/2014 1:04:18 AM | Computer Name = Mandys-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Google
Update Service (gupdate) service to connect.

Error - 22/02/2014 1:04:18 AM | Computer Name = Mandys-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053


< End of report >


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-22 17:23:21
-----------------------------
17:23:21.506 OS Version: Windows x64 6.1.7601 Service Pack 1
17:23:21.506 Number of processors: 4 586 0x2A07
17:23:21.506 ComputerName: MANDYS-PC UserName: Store
17:23:26.495 Initialize success
17:23:51.327 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:23:51.327 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
17:23:51.530 Disk 0 MBR read successfully
17:23:51.530 Disk 0 MBR scan
17:23:51.545 Disk 0 Windows 7 default MBR code
17:23:51.545 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
17:23:51.561 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 286161 MB offset 52430848
17:23:51.592 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 403641 MB offset 638488576
17:23:51.764 Disk 0 scanning C:\Windows\system32\drivers
17:24:04.455 Service scanning
17:25:05.316 Modules scanning
17:25:05.332 Disk 0 trace - called modules:
17:25:05.332
17:25:05.347 Scan finished successfully
17:25:39.899 Disk 0 MBR has been saved successfully to "C:\Users\Store\Desktop\MBR.dat"
17:25:40.055 The log file has been saved successfully to "C:\Users\Store\Desktop\aswMBR.txt"


Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.1
Java 7 Update 51
Adobe Flash Player 11.7.700.169
Adobe Reader 10.1.9 Adobe Reader out of Date!
Mozilla Firefox (27.0.1)
Google Chrome 15.0.874.120
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro Titanium plugin TMAS\TMAS_WLM\TMAS_WLMMon.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
Trend Micro AMSP coreFrameworkHost.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#4
Nutloaf
Posted 22 February 2014 - 06:11 AM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there, thanks for those logs, but I also need the ADWcleaner log This can be found in the following location:

C:\ADWcleaner\AdwCleaner[R0].txt

Many thanks :)
  • 0

#5
GalaxyOne
Posted 22 February 2014 - 04:16 PM

GalaxyOne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Ah,sorry about. Here you go...

# AdwCleaner v3.019 - Report created 22/02/2014 at 17:29:07
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Store - MANDYS-PC
# Running from : C:\Users\Store\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendj
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Store\AppData\Roaming\Mozilla\Firefox\Profiles\8dxptge0.default\prefs.js ]

Line Found : user_pref("extensions.crossrider.bic", "1420d87a8d8578893f656cab81f17847");

*************************

AdwCleaner[R0].txt - [2152 octets] - [22/02/2014 17:29:07]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2212 octets] ##########
  • 0

#6
Nutloaf
Posted 22 February 2014 - 04:23 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Thanks for the logs. I will get my next post together, which will need clearance, and then we are on our way.

I notice from the logs that you have run a few tools, namely TDSSkiller and RogueKiller. Did you use these yourself? Are there any logs for these?
  • 0

#7
GalaxyOne
Posted 22 February 2014 - 04:53 PM

GalaxyOne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Just so you know, I have not cleaned or deleted anything at this stage.


08:10:33.0488 9400 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:10:35.0489 9400 ============================================================
08:10:35.0489 9400 Current date / time: 2014/02/23 08:10:35.0489
08:10:35.0489 9400 SystemInfo:
08:10:35.0489 9400
08:10:35.0489 9400 OS Version: 6.1.7601 ServicePack: 1.0
08:10:35.0489 9400 Product type: Workstation
08:10:35.0489 9400 ComputerName: MANDYS-PC
08:10:35.0489 9400 UserName: Store
08:10:35.0489 9400 Windows directory: C:\Windows
08:10:35.0489 9400 System windows directory: C:\Windows
08:10:35.0489 9400 Running under WOW64
08:10:35.0489 9400 Processor architecture: Intel x64
08:10:35.0489 9400 Number of processors: 4
08:10:35.0489 9400 Page size: 0x1000
08:10:35.0489 9400 Boot type: Normal boot
08:10:35.0489 9400 ============================================================
08:10:38.0269 9400 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:10:38.0279 9400 ============================================================
08:10:38.0279 9400 \Device\Harddisk0\DR0:
08:10:38.0279 9400 MBR partitions:
08:10:38.0279 9400 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x22EE8800
08:10:38.0279 9400 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x260E9000, BlocksNum 0x3145C800
08:10:38.0279 9400 ============================================================
08:10:38.0309 9400 C: <-> \Device\Harddisk0\DR0\Partition1
08:10:38.0399 9400 D: <-> \Device\Harddisk0\DR0\Partition2
08:10:38.0399 9400 ============================================================
08:10:38.0399 9400 Initialize success
08:10:38.0399 9400 ============================================================
08:10:46.0473 3624 ============================================================
08:10:46.0473 3624 Scan started
08:10:46.0473 3624 Mode: Manual; TDLFS;
08:10:46.0473 3624 ============================================================
08:10:48.0053 3624 ================ Scan system memory ========================
08:10:48.0053 3624 System memory - ok
08:10:48.0053 3624 ================ Scan services =============================
08:10:48.0293 3624 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:10:48.0343 3624 1394ohci - ok
08:10:48.0373 3624 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:10:48.0443 3624 ACPI - ok
08:10:48.0463 3624 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:10:48.0493 3624 AcpiPmi - ok
08:10:48.0573 3624 [ B362181ED3771DC03B4141927C80F801 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:10:48.0633 3624 AdobeARMservice - ok
08:10:48.0703 3624 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:10:48.0763 3624 adp94xx - ok
08:10:48.0793 3624 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:10:48.0853 3624 adpahci - ok
08:10:48.0883 3624 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:10:48.0933 3624 adpu320 - ok
08:10:48.0953 3624 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:10:48.0963 3624 AeLookupSvc - ok
08:10:49.0013 3624 [ 69FD46FAC0D9C4A8ECD522AC6A7481F5 ] AFBAgent C:\Windows\system32\FBAgent.exe
08:10:49.0083 3624 AFBAgent - ok
08:10:49.0113 3624 [ 79059559E89D06E8B80CE2944BE20228 ] AFD C:\Windows\system32\drivers\afd.sys
08:10:49.0123 3624 AFD - ok
08:10:49.0173 3624 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
08:10:49.0260 3624 AgereSoftModem - ok
08:10:49.0291 3624 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:10:49.0336 3624 agp440 - ok
08:10:49.0380 3624 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:10:49.0428 3624 ALG - ok
08:10:49.0460 3624 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:10:49.0503 3624 aliide - ok
08:10:49.0523 3624 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
08:10:49.0573 3624 amdide - ok
08:10:49.0593 3624 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:10:49.0643 3624 AmdK8 - ok
08:10:49.0673 3624 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
08:10:49.0723 3624 AmdPPM - ok
08:10:49.0753 3624 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:10:49.0793 3624 amdsata - ok
08:10:49.0814 3624 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
08:10:49.0874 3624 amdsbs - ok
08:10:49.0904 3624 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:10:49.0954 3624 amdxata - ok
08:10:49.0984 3624 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
08:10:50.0044 3624 AMPPAL - ok
08:10:50.0054 3624 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
08:10:50.0064 3624 AMPPALP - ok
08:10:50.0154 3624 [ 576134E43169810B560F0BB6FDEE13F5 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
08:10:50.0264 3624 AMPPALR3 - ok
08:10:50.0354 3624 [ E1D8F96772F6BBE990B435580CA9C33B ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
08:10:50.0354 3624 Amsp - ok
08:10:50.0394 3624 [ 92A848F962DA91C631147D566414BB7E ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
08:10:50.0434 3624 AmUStor - ok
08:10:50.0464 3624 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
08:10:50.0524 3624 AppID - ok
08:10:50.0554 3624 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:10:50.0594 3624 AppIDSvc - ok
08:10:50.0654 3624 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
08:10:50.0714 3624 Appinfo - ok
08:10:50.0814 3624 [ 30E3850F303EAE5C364782EA78579CC9 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:10:50.0854 3624 Apple Mobile Device - ok
08:10:50.0884 3624 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
08:10:50.0924 3624 arc - ok
08:10:50.0954 3624 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:10:51.0004 3624 arcsas - ok
08:10:51.0094 3624 [ E208D0E0128B44387822DC6E9A95BF69 ] ArcService D:\ Arc\Arc\ArcService.exe
08:10:51.0154 3624 ArcService - ok
08:10:51.0214 3624 [ A3626C6D3F2DC95497F3F61842D7FD89 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
08:10:51.0274 3624 ASLDRService - ok
08:10:51.0284 3624 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
08:10:51.0334 3624 ASMMAP64 - ok
08:10:51.0354 3624 [ 8569AF4C73747671194EA9EBB2F2D6CF ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
08:10:51.0404 3624 asmthub3 - ok
08:10:51.0424 3624 [ 073716FBFFAC7057CD5FF00A1B558331 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
08:10:51.0484 3624 asmtxhci - ok
08:10:51.0574 3624 [ 9A262EDD17F8473B91B333D6B031A901 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:10:51.0634 3624 aspnet_state - ok
08:10:51.0684 3624 [ EDF4B8A072414E43CC3F85F68F4960E7 ] ASUS InstantOn C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
08:10:51.0754 3624 ASUS InstantOn - ok
08:10:51.0784 3624 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:10:51.0834 3624 AsyncMac - ok
08:10:51.0874 3624 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
08:10:51.0914 3624 atapi - ok
08:10:51.0954 3624 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
08:10:52.0044 3624 athr - ok
08:10:52.0064 3624 [ DBC598E47E7A382E60E2A4745D41FEF9 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
08:10:52.0144 3624 ATKGFNEXSrv - ok
08:10:52.0144 3624 [ 41CEAFFCF3550785E59E3EC9BEE8D97A ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
08:10:52.0184 3624 ATKWMIACPIIO - ok
08:10:52.0224 3624 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:10:52.0284 3624 AudioEndpointBuilder - ok
08:10:52.0304 3624 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:10:52.0314 3624 AudioSrv - ok
08:10:52.0344 3624 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:10:52.0404 3624 AxInstSV - ok
08:10:52.0444 3624 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
08:10:52.0524 3624 b06bdrv - ok
08:10:52.0554 3624 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:10:52.0614 3624 b57nd60a - ok
08:10:52.0674 3624 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:10:52.0714 3624 BDESVC - ok
08:10:52.0734 3624 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:10:52.0764 3624 Beep - ok
08:10:52.0814 3624 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
08:10:52.0884 3624 BFE - ok
08:10:52.0934 3624 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
08:10:53.0004 3624 BITS - ok
08:10:53.0044 3624 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:10:53.0094 3624 blbdrive - ok
08:10:53.0124 3624 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:10:53.0204 3624 Bonjour Service - ok
08:10:53.0224 3624 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:10:53.0274 3624 bowser - ok
08:10:53.0304 3624 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
08:10:53.0344 3624 BrFiltLo - ok
08:10:53.0354 3624 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
08:10:53.0404 3624 BrFiltUp - ok
08:10:53.0444 3624 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
08:10:53.0484 3624 Browser - ok
08:10:53.0524 3624 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:10:53.0574 3624 Brserid - ok
08:10:53.0604 3624 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:10:53.0654 3624 BrSerWdm - ok
08:10:53.0664 3624 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:10:53.0704 3624 BrUsbMdm - ok
08:10:53.0724 3624 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:10:53.0754 3624 BrUsbSer - ok
08:10:53.0804 3624 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
08:10:53.0854 3624 BthEnum - ok
08:10:53.0884 3624 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:10:53.0934 3624 BTHMODEM - ok
08:10:53.0954 3624 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
08:10:54.0004 3624 BthPan - ok
08:10:54.0044 3624 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
08:10:54.0114 3624 BTHPORT - ok
08:10:54.0154 3624 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:10:54.0194 3624 bthserv - ok
08:10:54.0214 3624 [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
08:10:54.0284 3624 BTHSSecurityMgr - ok
08:10:54.0304 3624 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
08:10:54.0344 3624 BTHUSB - ok
08:10:54.0444 3624 [ 9E530C6F0EEE34CCEAC8104838AB68C7 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
08:10:54.0554 3624 c2cautoupdatesvc - ok
08:10:54.0624 3624 [ 96B14B79C71CE4A7783184CC8B5DBCE8 ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
08:10:54.0794 3624 c2cpnrsvc - ok
08:10:54.0825 3624 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:10:54.0875 3624 cdfs - ok
08:10:54.0905 3624 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:10:54.0965 3624 cdrom - ok
08:10:54.0985 3624 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
08:10:55.0035 3624 CertPropSvc - ok
08:10:55.0065 3624 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
08:10:55.0105 3624 circlass - ok
08:10:55.0155 3624 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:10:55.0155 3624 CLFS - ok
08:10:55.0225 3624 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:10:55.0275 3624 clr_optimization_v2.0.50727_32 - ok
08:10:55.0315 3624 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:10:55.0385 3624 clr_optimization_v2.0.50727_64 - ok
08:10:55.0485 3624 [ E87213F37A13E2B54391E40934F071D0 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:10:55.0625 3624 clr_optimization_v4.0.30319_32 - ok
08:10:55.0665 3624 [ 4AEDAB50F83580D0B4D6CF78191F92AA ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:10:55.0745 3624 clr_optimization_v4.0.30319_64 - ok
08:10:55.0775 3624 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:10:55.0805 3624 CmBatt - ok
08:10:55.0825 3624 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:10:55.0865 3624 cmdide - ok
08:10:55.0915 3624 [ EBF28856F69CF094A902F884CF989706 ] CNG C:\Windows\system32\Drivers\cng.sys
08:10:55.0985 3624 CNG - ok
08:10:56.0025 3624 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
08:10:56.0065 3624 Compbatt - ok
08:10:56.0095 3624 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
08:10:56.0135 3624 CompositeBus - ok
08:10:56.0145 3624 COMSysApp - ok
08:10:56.0255 3624 [ 08F934092E0429BADF88E9F91DB0F61E ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
08:10:56.0345 3624 cphs - ok
08:10:56.0415 3624 cpuz135 - ok
08:10:56.0445 3624 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:10:56.0485 3624 crcdisk - ok
08:10:56.0545 3624 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:10:56.0615 3624 CryptSvc - ok
08:10:56.0785 3624 [ FD557A50A65E44041CD2FCEF4BEB04DB ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
08:10:56.0805 3624 cvhsvc - ok
08:10:56.0835 3624 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:10:56.0845 3624 DcomLaunch - ok
08:10:56.0885 3624 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:10:56.0945 3624 defragsvc - ok
08:10:56.0965 3624 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:10:57.0015 3624 DfsC - ok
08:10:57.0055 3624 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
08:10:57.0105 3624 Dhcp - ok
08:10:57.0145 3624 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:10:57.0145 3624 discache - ok
08:10:57.0175 3624 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
08:10:57.0215 3624 Disk - ok
08:10:57.0256 3624 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:10:57.0256 3624 Dnscache - ok
08:10:57.0286 3624 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:10:57.0346 3624 dot3svc - ok
08:10:57.0366 3624 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
08:10:57.0376 3624 DPS - ok
08:10:57.0396 3624 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:10:57.0426 3624 drmkaud - ok
08:10:57.0466 3624 [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:10:57.0556 3624 DXGKrnl - ok
08:10:57.0586 3624 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:10:57.0636 3624 EapHost - ok
08:10:57.0726 3624 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
08:10:57.0997 3624 ebdrv - ok
08:10:58.0037 3624 [ 4D71227301DD8D09097B9E4CC6527E5A ] EFS C:\Windows\System32\lsass.exe
08:10:58.0087 3624 EFS - ok
08:10:58.0137 3624 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:10:58.0207 3624 ehRecvr - ok
08:10:58.0217 3624 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:10:58.0267 3624 ehSched - ok
08:10:58.0317 3624 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:10:58.0377 3624 elxstor - ok
08:10:58.0387 3624 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:10:58.0437 3624 ErrDev - ok
08:10:58.0477 3624 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:10:58.0487 3624 EventSystem - ok
08:10:58.0617 3624 [ E3A96D5AE6E5C7B5472011BA77353368 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
08:10:58.0737 3624 EvtEng - ok
08:10:58.0777 3624 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:10:58.0837 3624 exfat - ok
08:10:58.0867 3624 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:10:58.0937 3624 fastfat - ok
08:10:58.0977 3624 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
08:10:59.0047 3624 Fax - ok
08:10:59.0077 3624 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
08:10:59.0127 3624 fdc - ok
08:10:59.0177 3624 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:10:59.0227 3624 fdPHost - ok
08:10:59.0237 3624 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:10:59.0277 3624 FDResPub - ok
08:10:59.0307 3624 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:10:59.0357 3624 FileInfo - ok
08:10:59.0377 3624 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:10:59.0417 3624 Filetrace - ok
08:10:59.0457 3624 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
08:10:59.0497 3624 flpydisk - ok
08:10:59.0537 3624 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:10:59.0597 3624 FltMgr - ok
08:10:59.0697 3624 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
08:10:59.0777 3624 FontCache - ok
08:10:59.0857 3624 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:10:59.0907 3624 FontCache3.0.0.0 - ok
08:10:59.0917 3624 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:10:59.0967 3624 FsDepends - ok
08:11:00.0017 3624 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
08:11:00.0087 3624 fssfltr - ok
08:11:00.0177 3624 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
08:11:00.0197 3624 fsssvc - ok
08:11:00.0227 3624 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:11:00.0267 3624 Fs_Rec - ok
08:11:00.0307 3624 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:11:00.0317 3624 fvevol - ok
08:11:00.0347 3624 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:11:00.0397 3624 gagp30kx - ok
08:11:00.0427 3624 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:11:00.0467 3624 GEARAspiWDM - ok
08:11:00.0517 3624 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
08:11:00.0587 3624 gpsvc - ok
08:11:00.0647 3624 gupdate - ok
08:11:00.0657 3624 gupdatem - ok
08:11:00.0707 3624 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:11:00.0747 3624 hcw85cir - ok
08:11:00.0777 3624 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:11:00.0837 3624 HdAudAddService - ok
08:11:00.0877 3624 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:11:00.0917 3624 HDAudBus - ok
08:11:00.0947 3624 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
08:11:00.0987 3624 HidBatt - ok
08:11:01.0007 3624 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:11:01.0057 3624 HidBth - ok
08:11:01.0117 3624 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
08:11:01.0167 3624 HidIr - ok
08:11:01.0197 3624 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
08:11:01.0257 3624 hidserv - ok
08:11:01.0317 3624 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
08:11:01.0357 3624 HidUsb - ok
08:11:01.0397 3624 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:11:01.0437 3624 hkmsvc - ok
08:11:01.0467 3624 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:11:01.0517 3624 HomeGroupListener - ok
08:11:01.0557 3624 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:11:01.0607 3624 HomeGroupProvider - ok
08:11:01.0637 3624 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:11:01.0697 3624 HpSAMD - ok
08:11:01.0737 3624 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:11:01.0747 3624 HTTP - ok
08:11:01.0757 3624 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:11:01.0767 3624 hwpolicy - ok
08:11:01.0817 3624 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
08:11:01.0868 3624 i8042prt - ok
08:11:01.0918 3624 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
08:11:01.0928 3624 iaStor - ok
08:11:01.0958 3624 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:11:02.0028 3624 iaStorV - ok
08:11:02.0078 3624 [ 83FF82FE209E7997067B375DAD6CF23D ] ICCS C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
08:11:02.0158 3624 ICCS - ok
08:11:02.0218 3624 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:11:02.0328 3624 idsvc - ok
08:11:02.0338 3624 IEEtwCollectorService - ok
08:11:02.0528 3624 [ 8C44E6B688790E2AD3846C97661C54F1 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
08:11:03.0088 3624 igfx - ok
08:11:03.0108 3624 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:11:03.0148 3624 iirsp - ok
08:11:03.0218 3624 [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT C:\Windows\System32\ikeext.dll
08:11:03.0288 3624 IKEEXT - ok
08:11:03.0468 3624 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
08:11:03.0958 3624 IntcAzAudAddService - ok
08:11:04.0008 3624 [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
08:11:04.0068 3624 IntcDAud - ok
08:11:04.0098 3624 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
08:11:04.0138 3624 intelide - ok
08:11:04.0178 3624 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:11:04.0218 3624 intelppm - ok
08:11:04.0238 3624 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:11:04.0298 3624 IPBusEnum - ok
08:11:04.0308 3624 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:11:04.0358 3624 IpFilterDriver - ok
08:11:04.0398 3624 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:11:04.0468 3624 iphlpsvc - ok
08:11:04.0478 3624 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:11:04.0548 3624 IPMIDRV - ok
08:11:04.0568 3624 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:11:04.0628 3624 IPNAT - ok
08:11:04.0808 3624 [ 33B286326BD2B1A7748C43391058FB19 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:11:04.0878 3624 iPod Service - ok
08:11:04.0898 3624 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:11:04.0948 3624 IRENUM - ok
08:11:04.0958 3624 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:11:05.0008 3624 isapnp - ok
08:11:05.0028 3624 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:11:05.0088 3624 iScsiPrt - ok
08:11:05.0098 3624 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:11:05.0148 3624 kbdclass - ok
08:11:05.0168 3624 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
08:11:05.0218 3624 kbdhid - ok
08:11:05.0238 3624 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
08:11:05.0288 3624 kbfiltr - ok
08:11:05.0288 3624 [ 4D71227301DD8D09097B9E4CC6527E5A ] KeyIso C:\Windows\system32\lsass.exe
08:11:05.0298 3624 KeyIso - ok
08:11:05.0318 3624 [ 8F489706472F7E9A06BAAA198703FA64 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:11:05.0368 3624 KSecDD - ok
08:11:05.0388 3624 [ 868A2CAAB12EFC7A021682BCA0EEC54C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:11:05.0448 3624 KSecPkg - ok
08:11:05.0488 3624 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:11:05.0538 3624 ksthunk - ok
08:11:05.0558 3624 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:11:05.0618 3624 KtmRm - ok
08:11:05.0658 3624 [ FC010C7814DDAC17389A7D87EA2EBB39 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
08:11:05.0708 3624 L1C - ok
08:11:05.0758 3624 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
08:11:05.0818 3624 LanmanServer - ok
08:11:05.0848 3624 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:11:05.0888 3624 LanmanWorkstation - ok
08:11:05.0919 3624 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:11:05.0979 3624 lltdio - ok
08:11:06.0029 3624 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:11:06.0109 3624 lltdsvc - ok
08:11:06.0129 3624 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:11:06.0179 3624 lmhosts - ok
08:11:06.0219 3624 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
08:11:06.0309 3624 LMS - ok
08:11:06.0349 3624 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:11:06.0409 3624 LSI_FC - ok
08:11:06.0439 3624 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:11:06.0489 3624 LSI_SAS - ok
08:11:06.0509 3624 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
08:11:06.0559 3624 LSI_SAS2 - ok
08:11:06.0589 3624 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:11:06.0639 3624 LSI_SCSI - ok
08:11:06.0699 3624 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:11:06.0749 3624 luafv - ok
08:11:06.0789 3624 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
08:11:06.0829 3624 MBAMProtector - ok
08:11:06.0879 3624 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
08:11:06.0989 3624 MBAMScheduler - ok
08:11:07.0039 3624 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:11:07.0109 3624 MBAMService - ok
08:11:07.0139 3624 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:11:07.0179 3624 Mcx2Svc - ok
08:11:07.0199 3624 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
08:11:07.0239 3624 megasas - ok
08:11:07.0269 3624 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
08:11:07.0339 3624 MegaSR - ok
08:11:07.0359 3624 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
08:11:07.0409 3624 MEIx64 - ok
08:11:07.0449 3624 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:11:07.0459 3624 MMCSS - ok
08:11:07.0479 3624 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:11:07.0519 3624 Modem - ok
08:11:07.0549 3624 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:11:07.0579 3624 monitor - ok
08:11:07.0619 3624 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:11:07.0669 3624 mouclass - ok
08:11:07.0699 3624 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:11:07.0739 3624 mouhid - ok
08:11:07.0759 3624 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:11:07.0769 3624 mountmgr - ok
08:11:07.0849 3624 [ 338037EFA0E8E8699B2667D57B751574 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:11:07.0909 3624 MozillaMaintenance - ok
08:11:07.0949 3624 [ C6B88D62F20AC646C6BD5C032EC2FAF9 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
08:11:08.0029 3624 MpFilter - ok
08:11:08.0069 3624 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
08:11:08.0129 3624 mpio - ok
08:11:08.0139 3624 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:11:08.0189 3624 mpsdrv - ok
08:11:08.0229 3624 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:11:08.0239 3624 MpsSvc - ok
08:11:08.0269 3624 [ 1A4F75E63C9FB84B85DFFC6B63FD5404 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:11:08.0329 3624 MRxDAV - ok
08:11:08.0350 3624 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:11:08.0400 3624 mrxsmb - ok
08:11:08.0410 3624 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:11:08.0470 3624 mrxsmb10 - ok
08:11:08.0480 3624 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:11:08.0520 3624 mrxsmb20 - ok
08:11:08.0550 3624 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
08:11:08.0600 3624 msahci - ok
08:11:08.0630 3624 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:11:08.0700 3624 msdsm - ok
08:11:08.0730 3624 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:11:08.0790 3624 MSDTC - ok
08:11:08.0810 3624 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:11:08.0850 3624 Msfs - ok
08:11:08.0870 3624 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:11:08.0900 3624 mshidkmdf - ok
08:11:08.0920 3624 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:11:08.0950 3624 msisadrv - ok
08:11:08.0990 3624 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:11:09.0030 3624 MSiSCSI - ok
08:11:09.0040 3624 msiserver - ok
08:11:09.0070 3624 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:11:09.0110 3624 MSKSSRV - ok
08:11:09.0190 3624 [ 7675E15D1B2180745E4DA4D26AAD7385 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
08:11:09.0230 3624 MsMpSvc - ok
08:11:09.0250 3624 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:11:09.0270 3624 MSPCLOCK - ok
08:11:09.0300 3624 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:11:09.0330 3624 MSPQM - ok
08:11:09.0360 3624 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:11:09.0420 3624 MsRPC - ok
08:11:09.0440 3624 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
08:11:09.0480 3624 mssmbios - ok
08:11:09.0500 3624 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:11:09.0540 3624 MSTEE - ok
08:11:09.0560 3624 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
08:11:09.0600 3624 MTConfig - ok
08:11:09.0600 3624 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:11:09.0650 3624 Mup - ok
08:11:09.0680 3624 [ 8F57DB74BF5407A4CDA6C8B005DC8DD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
08:11:09.0740 3624 MyWiFiDHCPDNS - ok
08:11:09.0760 3624 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
08:11:09.0770 3624 napagent - ok
08:11:09.0810 3624 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:11:09.0880 3624 NativeWifiP - ok
08:11:09.0930 3624 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:11:09.0940 3624 NDIS - ok
08:11:09.0950 3624 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:11:10.0000 3624 NdisCap - ok
08:11:10.0030 3624 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:11:10.0070 3624 NdisTapi - ok
08:11:10.0100 3624 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:11:10.0160 3624 Ndisuio - ok
08:11:10.0180 3624 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:11:10.0230 3624 NdisWan - ok
08:11:10.0270 3624 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:11:10.0330 3624 NDProxy - ok
08:11:10.0350 3624 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:11:10.0410 3624 NetBIOS - ok
08:11:10.0450 3624 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:11:10.0450 3624 NetBT - ok
08:11:10.0470 3624 [ 4D71227301DD8D09097B9E4CC6527E5A ] Netlogon C:\Windows\system32\lsass.exe
08:11:10.0470 3624 Netlogon - ok
08:11:10.0510 3624 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:11:10.0580 3624 Netman - ok
08:11:10.0660 3624 [ 21318671BCAD3ACF16638F98D4D00973 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:11:10.0720 3624 NetMsmqActivator - ok
08:11:10.0750 3624 [ 21318671BCAD3ACF16638F98D4D00973 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:11:10.0750 3624 NetPipeActivator - ok
08:11:10.0780 3624 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:11:10.0780 3624 netprofm - ok
08:11:10.0820 3624 [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:11:10.0820 3624 NetTcpActivator - ok
08:11:10.0820 3624 [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:11:10.0830 3624 NetTcpPortSharing - ok
08:11:11.0040 3624 [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
08:11:11.0560 3624 NETwNs64 - ok
08:11:11.0590 3624 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:11:11.0650 3624 nfrd960 - ok
08:11:11.0680 3624 [ ACE8C64C57E4A711473C8BC10ADF692B ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:11:11.0730 3624 NisDrv - ok
08:11:11.0750 3624 [ 6247E8B31ED0A9D6BC5A26276E49BEB3 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
08:11:11.0810 3624 NisSrv - ok
08:11:11.0850 3624 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:11:11.0920 3624 NlaSvc - ok
08:11:11.0960 3624 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:11:12.0000 3624 Npfs - ok
08:11:12.0020 3624 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:11:12.0060 3624 nsi - ok
08:11:12.0080 3624 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:11:12.0080 3624 nsiproxy - ok
08:11:12.0140 3624 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:11:12.0250 3624 Ntfs - ok
08:11:12.0280 3624 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:11:12.0300 3624 Null - ok
08:11:12.0570 3624 [ E71E299FF15390E585BACF2C18F55078 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:11:13.0447 3624 nvlddmkm - ok
08:11:13.0482 3624 [ FCC3A3F875C8CF258F71BE2F2CAA2355 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
08:11:13.0522 3624 nvpciflt - ok
08:11:13.0542 3624 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:11:14.0232 3624 nvraid - ok
08:11:14.0262 3624 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:11:14.0322 3624 nvstor - ok
08:11:14.0382 3624 [ 415695F5A54E91E869EEBFEA261361A6 ] nvsvc C:\Windows\system32\nvvsvc.exe
08:11:14.0445 3624 nvsvc - ok
08:11:14.0515 3624 [ AA130938A27BB80A8B6438EF83232275 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
08:11:14.0732 3624 nvUpdatusService - ok
08:11:14.0752 3624 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:11:14.0812 3624 nv_agp - ok
08:11:14.0852 3624 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:11:14.0922 3624 ohci1394 - ok
08:11:14.0972 3624 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:11:14.0982 3624 ose - ok
08:11:15.0162 3624 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:11:16.0122 3624 osppsvc - ok
08:11:16.0162 3624 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:11:16.0212 3624 p2pimsvc - ok
08:11:16.0242 3624 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:11:16.0292 3624 p2psvc - ok
08:11:16.0312 3624 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
08:11:16.0372 3624 Parport - ok
08:11:16.0392 3624 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:11:16.0445 3624 partmgr - ok
08:11:16.0494 3624 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:11:16.0544 3624 PcaSvc - ok
08:11:16.0572 3624 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
08:11:16.0575 3624 pci - ok
08:11:16.0614 3624 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
08:11:16.0644 3624 pciide - ok
08:11:16.0698 3624 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:11:16.0758 3624 pcmcia - ok
08:11:16.0778 3624 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:11:16.0828 3624 pcw - ok
08:11:16.0888 3624 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:11:16.0958 3624 PEAUTH - ok
08:11:17.0048 3624 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:11:17.0108 3624 PerfHost - ok
08:11:17.0168 3624 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
08:11:17.0268 3624 pla - ok
08:11:17.0298 3624 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:11:17.0358 3624 PlugPlay - ok
08:11:17.0368 3624 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:11:17.0408 3624 PNRPAutoReg - ok
08:11:17.0428 3624 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:11:17.0428 3624 PNRPsvc - ok
08:11:17.0468 3624 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:11:17.0548 3624 PolicyAgent - ok
08:11:17.0578 3624 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
08:11:17.0638 3624 Power - ok
08:11:17.0678 3624 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:11:17.0728 3624 PptpMiniport - ok
08:11:17.0758 3624 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
08:11:17.0808 3624 Processor - ok
08:11:17.0828 3624 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
08:11:17.0878 3624 ProfSvc - ok
08:11:17.0908 3624 [ 4D71227301DD8D09097B9E4CC6527E5A ] ProtectedStorage C:\Windows\system32\lsass.exe
08:11:17.0908 3624 ProtectedStorage - ok
08:11:17.0938 3624 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:11:17.0938 3624 Psched - ok
08:11:18.0019 3624 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:11:18.0129 3624 ql2300 - ok
08:11:18.0139 3624 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:11:18.0199 3624 ql40xx - ok
08:11:18.0229 3624 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:11:18.0279 3624 QWAVE - ok
08:11:18.0299 3624 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:11:18.0339 3624 QWAVEdrv - ok
08:11:18.0369 3624 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:11:18.0399 3624 RasAcd - ok
08:11:18.0419 3624 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:11:18.0469 3624 RasAgileVpn - ok
08:11:18.0499 3624 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:11:18.0539 3624 RasAuto - ok
08:11:18.0569 3624 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:11:18.0619 3624 Rasl2tp - ok
08:11:18.0679 3624 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
08:11:18.0739 3624 RasMan - ok
08:11:18.0769 3624 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:11:18.0829 3624 RasPppoe - ok
08:11:18.0869 3624 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:11:18.0919 3624 RasSstp - ok
08:11:18.0939 3624 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:11:18.0999 3624 rdbss - ok
08:11:19.0029 3624 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
08:11:19.0069 3624 rdpbus - ok
08:11:19.0089 3624 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:11:19.0089 3624 RDPCDD - ok
08:11:19.0099 3624 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:11:19.0099 3624 RDPENCDD - ok
08:11:19.0119 3624 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:11:19.0119 3624 RDPREFMP - ok
08:11:19.0169 3624 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
08:11:19.0209 3624 RdpVideoMiniport - ok
08:11:19.0229 3624 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:11:19.0289 3624 RDPWD - ok
08:11:19.0329 3624 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:11:19.0389 3624 rdyboost - ok
08:11:19.0460 3624 [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
08:11:19.0540 3624 RegSrvc - ok
08:11:19.0570 3624 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:11:19.0610 3624 RemoteAccess - ok
08:11:19.0640 3624 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:11:19.0690 3624 RemoteRegistry - ok
08:11:19.0720 3624 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
08:11:19.0790 3624 RFCOMM - ok
08:11:19.0810 3624 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:11:19.0850 3624 RpcEptMapper - ok
08:11:19.0870 3624 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:11:19.0900 3624 RpcLocator - ok
08:11:19.0930 3624 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
08:11:19.0940 3624 RpcSs - ok
08:11:19.0970 3624 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:11:20.0020 3624 rspndr - ok
08:11:20.0040 3624 [ 4D71227301DD8D09097B9E4CC6527E5A ] SamSs C:\Windows\system32\lsass.exe
08:11:20.0040 3624 SamSs - ok
08:11:20.0070 3624 [ B136E29C89CD7234DEC1A4104E5D30CC ] Samsung UPD Service2 C:\Windows\System32\SUPDSvc2.exe
08:11:20.0130 3624 Samsung UPD Service2 - ok
08:11:20.0150 3624 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:11:20.0200 3624 sbp2port - ok
08:11:20.0220 3624 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:11:20.0270 3624 SCardSvr - ok
08:11:20.0290 3624 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:11:20.0330 3624 scfilter - ok
08:11:20.0370 3624 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
08:11:20.0440 3624 Schedule - ok
08:11:20.0470 3624 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:11:20.0470 3624 SCPolicySvc - ok
08:11:20.0490 3624 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:11:20.0540 3624 SDRSVC - ok
08:11:20.0570 3624 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:11:20.0610 3624 secdrv - ok
08:11:20.0650 3624 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
08:11:20.0680 3624 seclogon - ok
08:11:20.0710 3624 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
08:11:20.0720 3624 SENS - ok
08:11:20.0740 3624 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:11:20.0790 3624 SensrSvc - ok
08:11:20.0810 3624 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
08:11:20.0850 3624 Serenum - ok
08:11:20.0870 3624 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
08:11:20.0920 3624 Serial - ok
08:11:20.0950 3624 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:11:20.0990 3624 sermouse - ok
08:11:21.0020 3624 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
08:11:21.0060 3624 SessionEnv - ok
08:11:21.0080 3624 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:11:21.0120 3624 sffdisk - ok
08:11:21.0150 3624 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:11:21.0180 3624 sffp_mmc - ok
08:11:21.0190 3624 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:11:21.0220 3624 sffp_sd - ok
08:11:21.0250 3624 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:11:21.0290 3624 sfloppy - ok
08:11:21.0340 3624 [ 2046AA7491DE7EFA4D70E615D9BC9D09 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
08:11:21.0410 3624 Sftfs - ok
08:11:21.0480 3624 [ 77C5A741A7452812F278EF2C18478862 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
08:11:21.0490 3624 sftlist - ok
08:11:21.0530 3624 [ 0E0446BC4D51BE4263ACB7E33491191C ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
08:11:21.0590 3624 Sftplay - ok
08:11:21.0630 3624 [ C5FB982CD266E604ED3142102C26D62C ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
08:11:21.0680 3624 Sftredir - ok
08:11:21.0710 3624 [ 2575511AF67AA1FA068CCC4918E2C2A3 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
08:11:21.0740 3624 Sftvol - ok
08:11:21.0780 3624 [ 39B1D0A636A400304565D4521FAD6D77 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
08:11:21.0780 3624 sftvsa - ok
08:11:21.0820 3624 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:11:21.0880 3624 SharedAccess - ok
08:11:21.0900 3624 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:11:21.0980 3624 ShellHWDetection - ok
08:11:22.0000 3624 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
08:11:22.0060 3624 SiSGbeLH - ok
08:11:22.0090 3624 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
08:11:22.0140 3624 SiSRaid2 - ok
08:11:22.0160 3624 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:11:22.0210 3624 SiSRaid4 - ok
08:11:22.0290 3624 [ 50D9949020E02B847CD48F1243FCB895 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
08:11:22.0907 3624 SkypeUpdate - ok
08:11:22.0947 3624 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:11:23.0007 3624 Smb - ok
08:11:23.0037 3624 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:11:23.0067 3624 SNMPTRAP - ok
08:11:23.0077 3624 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:11:23.0117 3624 spldr - ok
08:11:23.0157 3624 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
08:11:23.0217 3624 Spooler - ok
08:11:23.0317 3624 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
08:11:23.0637 3624 sppsvc - ok
08:11:23.0667 3624 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:11:23.0717 3624 sppuinotify - ok
08:11:23.0727 3624 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
08:11:23.0797 3624 srv - ok
08:11:23.0817 3624 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:11:23.0887 3624 srv2 - ok
08:11:23.0907 3624 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:11:23.0967 3624 srvnet - ok
08:11:23.0997 3624 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:11:24.0048 3624 SSDPSRV - ok
08:11:24.0068 3624 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:11:24.0108 3624 SstpSvc - ok
08:11:24.0168 3624 [ BC76D75A372BC02831A6A6AEA66510F8 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
08:11:24.0248 3624 Steam Client Service - ok
08:11:24.0308 3624 [ A9D26626BEADF5A0641BF6B5095EF309 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
08:11:24.0398 3624 Stereo Service - ok
08:11:24.0418 3624 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
08:11:24.0468 3624 stexstor - ok
08:11:24.0508 3624 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
08:11:24.0578 3624 stisvc - ok
08:11:24.0618 3624 [ 0857B76E4F95E2B0CDFF575762158AB2 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
08:11:24.0648 3624 SWDUMon - ok
08:11:24.0688 3624 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
08:11:24.0718 3624 swenum - ok
08:11:24.0748 3624 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:11:24.0818 3624 swprv - ok
08:11:24.0898 3624 [ CC13EE4AF170ABB99F6449CBB62AB219 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
08:11:24.0998 3624 SynTP - ok
08:11:25.0058 3624 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
08:11:25.0198 3624 SysMain - ok
08:11:25.0228 3624 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:11:25.0288 3624 TabletInputService - ok
08:11:25.0318 3624 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:11:25.0368 3624 TapiSrv - ok
08:11:25.0398 3624 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:11:25.0458 3624 TBS - ok
08:11:25.0518 3624 [ 40AF23633D197905F03AB5628C558C51 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:11:25.0638 3624 Tcpip - ok
08:11:25.0698 3624 [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:11:25.0708 3624 TCPIP6 - ok
08:11:25.0748 3624 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:11:25.0828 3624 tcpipreg - ok
08:11:25.0888 3624 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:11:25.0948 3624 TDPIPE - ok
08:11:25.0978 3624 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:11:26.0068 3624 TDTCP - ok
08:11:26.0098 3624 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:11:26.0208 3624 tdx - ok
08:11:26.0218 3624 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
08:11:26.0298 3624 TermDD - ok
08:11:26.0338 3624 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
08:11:26.0448 3624 TermService - ok
08:11:26.0468 3624 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:11:26.0562 3624 Themes - ok
08:11:26.0592 3624 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:11:26.0598 3624 THREADORDER - ok
08:11:26.0654 3624 [ C2E4842327230ABF1D099C85B8843A65 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys
08:11:26.0740 3624 tmactmon - ok
08:11:26.0788 3624 [ 74AE819FDE325C80BD03C6D3EB781A30 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys
08:11:26.0888 3624 tmcomm - ok
08:11:26.0948 3624 [ 4068D01A407C5F3B9AD3DF523E6BCEF6 ] TMEBC C:\Windows\system32\DRIVERS\TMEBC64.sys
08:11:27.0018 3624 TMEBC - ok
08:11:27.0049 3624 [ 3A10F5BDF66013B13AAB032B549E934D ] tmeevw C:\Windows\system32\DRIVERS\tmeevw.sys
08:11:27.0139 3624 tmeevw - ok
08:11:27.0169 3624 [ F8B7C333CAB63140B617C91BE75A5AB2 ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys
08:11:27.0239 3624 tmevtmgr - ok
08:11:27.0279 3624 [ C91EB6CEC1A7FE02BB54760ABF79FBA6 ] tmnciesc C:\Windows\system32\DRIVERS\tmnciesc.sys
08:11:27.0389 3624 tmnciesc - ok
08:11:27.0439 3624 [ 48951FBFFFCAE52FADFCDFB76ED19749 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
08:11:27.0531 3624 tmtdi - ok
08:11:27.0571 3624 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
08:11:27.0649 3624 TPM - ok
08:11:27.0682 3624 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:11:27.0786 3624 TrkWks - ok
08:11:27.0840 3624 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:11:27.0940 3624 TrustedInstaller - ok
08:11:27.0980 3624 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:11:28.0060 3624 tssecsrv - ok
08:11:28.0090 3624 [ E9981ECE8D894CEF7038FD1D040EB426 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:11:28.0160 3624 TsUsbFlt - ok
08:11:28.0180 3624 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
08:11:28.0250 3624 TsUsbGD - ok
08:11:28.0300 3624 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:11:28.0400 3624 tunnel - ok
08:11:28.0440 3624 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
08:11:28.0480 3624 TurboB - ok
08:11:28.0537 3624 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
08:11:28.0615 3624 TurboBoost - ok
08:11:28.0651 3624 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:11:28.0714 3624 uagp35 - ok
08:11:28.0736 3624 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:11:28.0812 3624 udfs - ok
08:11:28.0852 3624 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:11:28.0932 3624 UI0Detect - ok
08:11:28.0962 3624 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:11:29.0042 3624 uliagpkx - ok
08:11:29.0082 3624 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:11:29.0152 3624 umbus - ok
08:11:29.0192 3624 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
08:11:29.0252 3624 UmPass - ok
08:11:29.0422 3624 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
08:11:29.0644 3624 UNS - ok
08:11:29.0682 3624 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:11:29.0784 3624 upnphost - ok
08:11:29.0836 3624 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
08:11:29.0926 3624 USBAAPL64 - ok
08:11:29.0956 3624 [ DCA68B0943D6FA415F0C56C92158A83A ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:11:30.0046 3624 usbccgp - ok
08:11:30.0076 3624 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:11:30.0166 3624 usbcir - ok
08:11:30.0196 3624 [ 18A85013A3E0F7E1755365D287443965 ] usbehci C:\Windows\system32\drivers\usbehci.sys
08:11:30.0276 3624 usbehci - ok
08:11:30.0326 3624 [ 8D1196CFBB223621F2C67D45710F25BA ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:11:30.0426 3624 usbhub - ok
08:11:30.0456 3624 [ 765A92D428A8DB88B960DA5A8D6089DC ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:11:30.0546 3624 usbohci - ok
08:11:30.0566 3624 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
08:11:30.0648 3624 usbprint - ok
08:11:30.0678 3624 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:11:30.0772 3624 USBSTOR - ok
08:11:30.0812 3624 [ DD253AFC3BC6CBA412342DE60C3647F3 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:11:30.0887 3624 usbuhci - ok
08:11:30.0937 3624 [ 1F775DA4CF1A3A1834207E975A72E9D7 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
08:11:31.0017 3624 usbvideo - ok
08:11:31.0057 3624 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:11:31.0137 3624 UxSms - ok
08:11:31.0157 3624 [ 4D71227301DD8D09097B9E4CC6527E5A ] VaultSvc C:\Windows\system32\lsass.exe
08:11:31.0167 3624 VaultSvc - ok
08:11:31.0217 3624 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:11:31.0287 3624 vdrvroot - ok
08:11:31.0347 3624 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
08:11:31.0477 3624 vds - ok
08:11:31.0507 3624 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:11:31.0598 3624 vga - ok
08:11:31.0616 3624 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:11:31.0680 3624 VgaSave - ok
08:11:31.0702 3624 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:11:31.0777 3624 vhdmp - ok
08:11:31.0828 3624 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:11:31.0881 3624 viaide - ok
08:11:31.0901 3624 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:11:31.0971 3624 volmgr - ok
08:11:32.0011 3624 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:11:32.0021 3624 volmgrx - ok
08:11:32.0051 3624 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:11:32.0131 3624 volsnap - ok
08:11:32.0171 3624 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:11:32.0241 3624 vsmraid - ok
08:11:32.0291 3624 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
08:11:32.0401 3624 VSS - ok
08:11:32.0411 3624 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:11:32.0491 3624 vwifibus - ok
08:11:32.0511 3624 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:11:32.0601 3624 vwififlt - ok
08:11:32.0625 3624 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
08:11:32.0693 3624 vwifimp - ok
08:11:32.0780 3624 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:11:32.0792 3624 W32Time - ok
08:11:32.0838 3624 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:11:32.0903 3624 WacomPen - ok
08:11:32.0933 3624 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:11:33.0013 3624 WANARP - ok
08:11:33.0023 3624 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:11:33.0033 3624 Wanarpv6 - ok
08:11:33.0103 3624 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:11:33.0253 3624 WatAdminSvc - ok
08:11:33.0323 3624 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
08:11:33.0473 3624 wbengine - ok
08:11:33.0503 3624 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:11:33.0613 3624 WbioSrvc - ok
08:11:33.0633 3624 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:11:33.0643 3624 wcncsvc - ok
08:11:33.0672 3624 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:11:34.0431 3624 WcsPlugInService - ok
08:11:34.0441 3624 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
08:11:34.0501 3624 Wd - ok
08:11:34.0551 3624 [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:11:34.0661 3624 Wdf01000 - ok
08:11:34.0695 3624 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:11:34.0695 3624 WdiServiceHost - ok
08:11:34.0705 3624 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:11:34.0715 3624 WdiSystemHost - ok
08:11:34.0765 3624 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D ] WebClient C:\Windows\System32\webclnt.dll
08:11:34.0855 3624 WebClient - ok
08:11:34.0885 3624 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:11:34.0985 3624 Wecsvc - ok
08:11:35.0005 3624 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:11:35.0085 3624 wercplsupport - ok
08:11:35.0125 3624 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:11:35.0125 3624 WerSvc - ok
08:11:35.0165 3624 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:11:35.0225 3624 WfpLwf - ok
08:11:35.0295 3624 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
08:11:35.0385 3624 WimFltr - ok
08:11:35.0415 3624 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:11:35.0485 3624 WIMMount - ok
08:11:35.0505 3624 WinDefend - ok
08:11:35.0535 3624 WinHttpAutoProxySvc - ok
08:11:35.0605 3624 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:11:35.0695 3624 Winmgmt - ok
08:11:35.0795 3624 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
08:11:36.0005 3624 WinRM - ok
08:11:36.0055 3624 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
08:11:36.0125 3624 WinUsb - ok
08:11:36.0175 3624 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:11:36.0195 3624 Wlansvc - ok
08:11:36.0275 3624 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:11:36.0355 3624 wlcrasvc - ok
08:11:36.0485 3624 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:11:36.0685 3624 wlidsvc - ok
08:11:36.0705 3624 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
08:11:36.0765 3624 WmiAcpi - ok
08:11:36.0795 3624 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:11:36.0965 3624 wmiApSrv - ok
08:11:37.0005 3624 WMPNetworkSvc - ok
08:11:37.0065 3624 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:11:37.0115 3624 WPCSvc - ok
08:11:37.0145 3624 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:11:37.0225 3624 WPDBusEnum - ok
08:11:37.0255 3624 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:11:37.0335 3624 ws2ifsl - ok
08:11:37.0375 3624 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
08:11:37.0465 3624 wscsvc - ok
08:11:37.0485 3624 WSearch - ok
08:11:37.0585 3624 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:11:37.0635 3624 wuauserv - ok
08:11:37.0675 3624 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:11:37.0745 3624 WudfPf - ok
08:11:37.0775 3624 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:11:37.0865 3624 WUDFRd - ok
08:11:37.0895 3624 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:11:37.0975 3624 wudfsvc - ok
08:11:38.0025 3624 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
08:11:38.0115 3624 WwanSvc - ok
08:11:38.0215 3624 X6va008 - ok
08:11:38.0245 3624 X6va009 - ok
08:11:38.0295 3624 X6va010 - ok
08:11:38.0315 3624 X6va011 - ok
08:11:38.0325 3624 X6va012 - ok
08:11:38.0335 3624 X6va015 - ok
08:11:38.0425 3624 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
08:11:38.0545 3624 YahooAUService - ok
08:11:38.0575 3624 ================ Scan global ===============================
08:11:38.0605 3624 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:11:38.0705 3624 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
08:11:38.0846 3624 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
08:11:38.0895 3624 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:11:38.0997 3624 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:11:39.0006 3624 [Global] - ok
08:11:39.0007 3624 ================ Scan MBR ==================================
08:11:39.0024 3624 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:11:39.0449 3624 \Device\Harddisk0\DR0 - ok
08:11:39.0449 3624 ================ Scan VBR ==================================
08:11:39.0469 3624 [ 6529203816F6377A41EB33FC3D756331 ] \Device\Harddisk0\DR0\Partition1
08:11:39.0479 3624 \Device\Harddisk0\DR0\Partition1 - ok
08:11:39.0499 3624 [ C1AFA7F17EE6B36D15BC1B9C8211CCBC ] \Device\Harddisk0\DR0\Partition2
08:11:39.0509 3624 \Device\Harddisk0\DR0\Partition2 - ok
08:11:39.0509 3624 ============================================================
08:11:39.0509 3624 Scan finished
08:11:39.0509 3624 ============================================================
08:11:39.0529 7348 Detected object count: 0
08:11:39.0529 7348 Actual detected object count: 0


RogueKiller V8.8.8 _x64_ [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Store [Admin rights]
Mode : Scan -- Date : 02/23/2014 08:20:40
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 132408b2b25a3db063cd1ae8cd1c941b
[BSP] 6038da5abdb86a32e945c2c6aa172f56 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 286161 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 638488576 | Size: 403641 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_02232014_082040.txt >>
  • 0

#8
Nutloaf
Posted 23 February 2014 - 03:12 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello there :)

Not as bad as I thought. We will address a few things in this post. Firefox has some infected entries and you have 2 antivirus installed.

Have you paid for Trend Micro? I have asked in this post to remove MSE.


First a warning :)


P2P WARNING
The following programs are installed on your machine:
  • uTorrent
Cease all P2P programs and downloads until declared clean. Although the programs themselves are legal, many of the torrent files infringe copyright laws, contain spyware and viruses which can have a detromental effect on your system. We strongly advise that you uninstall all P2P programs.



Follow in the order given


1. Sidebar Fix

Quoted from Microsoft - "Microsoft is aware that some legitimate Gadgets running in Windows Sidebar could contain vulnerabilities. An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system."


2. OTL Fix

  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

    :COMMANDS
    [CREATERESTOREPOINT]

    :OTL
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll ()
    [2013/11/07 16:50:42 | 000,000,000 | ---D | M] ("hosts") -- C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com
    [2013/11/07 16:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData
    [2013/11/07 16:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins
    [2013/11/07 16:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\userCode
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-21-2118996616-65735215-385553664-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Store\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not found
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
    [2014/02/20 21:19:03 | 000,000,000 | ---D | M] -- C:\Users\Store\AppData\Roaming\uTorrent

    :REG
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval"=dword:00000001

    :FILES
    sc config wscsvc start= delayed-auto /c
    C:\Program Files (x86)\Pando Networks

    :COMMANDS
    [RESETHOSTS]
    [EMPTYTEMP]

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.


3. Run ADWcleaner

  • Right click ADWcleaner and Run as Administrator then select Scan
  • Once the scan is complete click Clean
  • A reboot will be asked for click O.K
  • On reboot a log will be produced, please post in your next reply.


4. Uninstall

  • Click Start then select Control Panel
  • In control panel click Uninstall a Program or Programs and Features and uninstall the following:
  • Microsoft Security Essentials
  • uTorrent - Optional but recommended.


5. Reset Windows Firewall

  • Click Start select Control Panel select System and Security then Windows Firewall
  • On the right hand panel Click Restore Defaults click Restore Defaults in the next window then Yes at the warning prompt.


Things I want to see in your next post.

  • OTL fix.txt
  • ADWcleaner results.
  • Security Center switched on now?

  • 0

#9
GalaxyOne
Posted 24 February 2014 - 02:09 AM

GalaxyOne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
When I go to Action Centre and try and start Windows Security Centre, a warning box pops up saying that it is unable to start. looks like im back to square one....hmmm


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :OTL> in the current context!
Error: Unable to interpret < FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll ()> in the current context!
Error: Unable to interpret < [2013/11/07 16:50:42 | 000,000,000 | ---D | M] ("hosts") -- C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com> in the current context!
Error: Unable to interpret < [2013/11/07 16:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData> in the current context!
Error: Unable to interpret < [2013/11/07 16:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins> in the current context!
Error: Unable to interpret < [2013/11/07 16:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\userCode> in the current context!
Error: Unable to interpret < O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.> in the current context!
Error: Unable to interpret < O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret < O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret < O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found> in the current context!
Error: Unable to interpret < O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!
Error: Unable to interpret < O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!
Error: Unable to interpret < O4 - HKU\S-1-5-21-2118996616-65735215-385553664-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!
Error: Unable to interpret < O4 - Startup: C:\Users\Store\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not found> in the current context!
Error: Unable to interpret < O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)> in the current context!
Error: Unable to interpret < [2014/02/20 21:19:03 | 000,000,000 | ---D | M] -- C:\Users\Store\AppData\Roaming\uTorrent> in the current context!
Error: Unable to interpret < :REG> in the current context!
Error: Unable to interpret < [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]> in the current context!
Error: Unable to interpret < "cval"=dword:00000001> in the current context!
Error: Unable to interpret < :FILES> in the current context!
Error: Unable to interpret < sc config wscsvc start= delayed-auto /c> in the current context!
Error: Unable to interpret < C:\Program Files (x86)\Pando Networks> in the current context!
Error: Unable to interpret < :COMMANDS> in the current context!
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Store
->Temp folder emptied: 4505382 bytes
->Temporary Internet Files folder emptied: 312880949 bytes
->Java cache emptied: 90130861 bytes
->FireFox cache emptied: 3865376 bytes
->Flash cache emptied: 19388451 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 201246 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
RecycleBin emptied: 8697000 bytes

Total Files Cleaned = 420.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02242014_164558

Files\Folders moved on Reboot...
C:\Users\Store\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
C:\Users\Store\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Store\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FWKIEJ86\337281-security-centre-failure[1].htm moved successfully.
C:\Users\Store\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Store\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Store\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
File\Folder C:\Windows\temp\D1D.tmp not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


# AdwCleaner v3.019 - Report created 24/02/2014 at 17:27:19
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Store - MANDYS-PC
# Running from : C:\Users\Store\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendj
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Store\AppData\Roaming\Mozilla\Firefox\Profiles\8dxptge0.default\prefs.js ]

Line Deleted : user_pref("extensions.crossrider.bic", "1420d87a8d8578893f656cab81f17847");

*************************

AdwCleaner[R0].txt - [2300 octets] - [22/02/2014 17:29:07]
AdwCleaner[R1].txt - [2360 octets] - [24/02/2014 17:25:59]
AdwCleaner[S0].txt - [2303 octets] - [24/02/2014 17:27:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2363 octets] ##########
  • 0

#10
Nutloaf
Posted 24 February 2014 - 06:13 AM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
The reason nothing has changed is that the OTL fix didn't go through properly. Really not sure how it happened as the start and finish worked but the important part didn't :wacko:

Try once more for me please. Copy and Paste only from :OTL down to [REBOOT] only :thumbsup:


OTL Fix

  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

    :OTL
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll ()
    [2013/11/07 16:50:42 | 000,000,000 | ---D | M] ("hosts") -- C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com
    [2013/11/07 16:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData
    [2013/11/07 16:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins
    [2013/11/07 16:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\userCode
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-21-2118996616-65735215-385553664-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Store\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not found
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
    [2014/02/20 21:19:03 | 000,000,000 | ---D | M] -- C:\Users\Store\AppData\Roaming\uTorrent
    :REG
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval"=dword:00000001
    :FILES
    sc config wscsvc start= delayed-auto /c
    C:\Program Files (x86)\Pando Networks
    :COMMANDS
    [REBOOT]

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.

  • 0

Advertisements

#11
GalaxyOne
Posted 25 February 2014 - 12:48 AM

GalaxyOne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
still no good on the security centre starting...
heres the log file

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll moved successfully.
C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\skin folder moved successfully.
C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\locale\en-US folder moved successfully.
C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\locale folder moved successfully.
C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\userCode folder moved successfully.
C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins folder moved successfully.
C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData folder moved successfully.
C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\defaults\preferences folder moved successfully.
C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\defaults folder moved successfully.
C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\core folder moved successfully.
C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\api folder moved successfully.
C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content folder moved successfully.
C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome folder moved successfully.
C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com folder moved successfully.
Folder C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\ not found.
Folder C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins\ not found.
Folder C:\Users\Store\AppData\Roaming\mozilla\Firefox\Profiles\8dxptge0.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\userCode\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IntelTBRunOnce not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2118996616-65735215-385553664-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Users\Store\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk scheduled to be moved on reboot.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
C:\Users\Store\AppData\Roaming\uTorrent\updates folder moved successfully.
C:\Users\Store\AppData\Roaming\uTorrent\trusted folder moved successfully.
C:\Users\Store\AppData\Roaming\uTorrent\share folder moved successfully.
C:\Users\Store\AppData\Roaming\uTorrent\ie folder moved successfully.
C:\Users\Store\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Store\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Store\AppData\Roaming\uTorrent folder moved successfully.
File move failed. C:\Windows\SysWow64\Security.dll scheduled to be moved on reboot.
File BOOT] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 02252014_161243

Files\Folders moved on Reboot...
File\Folder C:\Users\Store\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk not found!
File move failed. C:\Windows\SysWow64\Security.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#12
Nutloaf
Posted 25 February 2014 - 01:25 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there, the OTL fix is not being pasted into the box properly I'm afraid, some sections of the fix are missing from the report which means they never went through. The bit which hasn't been fixed is the Security Centre fix. This time I am only supplying that fix. ok :thumbsup:

You have to copy the following block as one, not copy and paste a section at a time :)


:REG
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=dword:00000001
:FILES
sc config wscsvc start= delayed-auto /c
C:\Program Files (x86)\Pando Networks
:COMMANDS
[REBOOT]



OTL Fix

  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

    :REG
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval"=dword:00000001
    :FILES
    sc config wscsvc start= delayed-auto /c
    C:\Program Files (x86)\Pando Networks
    :COMMANDS
    [REBOOT]

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.

  • 0

#13
GalaxyOne
Posted 26 February 2014 - 12:50 AM

GalaxyOne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
still no luck on starting Security Centre


========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"cval"|dword:00000001 /E : value set successfully!
========== FILES ==========
< sc config wscsvc start= delayed-auto /c >
[SC] ChangeServiceConfig SUCCESS
C:\Users\Store\Desktop\cmd.bat deleted successfully.
C:\Users\Store\Desktop\cmd.txt deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files (x86)\Pando Networks\Media Booster folder moved successfully.
C:\Program Files (x86)\Pando Networks folder moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 02262014_161445
  • 0

#14
Nutloaf
Posted 26 February 2014 - 05:42 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Apologies for the delay. I've had to attend a few interviews today, then my car packed in finally and had to get a replacement :wacko:

I think there may be some damage to some Windows services. I am looking into this tonight as there are a number of issues I would like to deal with in one fell swoop so to speak.

In the meantime, just to double check something. The end of the OTL fix was missing so the PC never rebooted after the fix completed. The Security Centre wouldn't have started until the PC restarted. To make doubly sure, have you restarted the PC and checked again?

Until I hear from you, I will assume that Security Centre is still an issue :thumbsup:
  • 0

#15
GalaxyOne
Posted 27 February 2014 - 03:48 AM

GalaxyOne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I re-ran the OTL with the fix again, just to be sure. Don't know why the end of the log file is cut off, but the PC does reboot as instructed, unfortunately the Security Centre issue is still there. Here is a copy of the latest log, just in case.

========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"cval"|dword:00000001 /E : value set successfully!
========== FILES ==========
< sc config wscsvc start= delayed-auto /c >
[SC] ChangeServiceConfig SUCCESS
C:\Users\Store\Desktop\cmd.bat deleted successfully.
C:\Users\Store\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files (x86)\Pando Networks not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 02272014_191044
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP